API Overview 


Online Checkout API – myPOS Online Integrated Payment Checkout (IPC) protocol helps you integrate a convenient payment gateway into your online store or web app and start accepting online payments from all major credit and debit cards.

 

Shopping Cart Plug-ins – myPOS offers you ready solutions for the most popular e-commerce platforms.

     

 

Test your integration


Test your integration before you start accepting live payments:

  • Use our test card numbers to make test payments.
  • Test all the payment methods that you would like to offer. Review details on each test payment in the Customer Area.
  • Test the following scenarios:
    • Error in the POST request – missing or invalid data;
    • Send а wrong signature to myPOS Web Checkout;
    • Check myPOS Web Checkout message signature for authenticity;
    • The Customer terminates the process on the myPOS Checkout payment page;
    • Customer pays successfully;
    • Customer pays successfully, however the merchant’s website does not return HTTP OK to myPOS Web Checkout.

 

Security


3d Secure – If the client's card is 3D Secure, then the client is redirected to the issuing bank's 3D Secure portal for authentication. It is not possible to opt-out for 3D Secure, it is mandatory.


Authentication – For the signing process, both myPOS Checkout API and the merchant generate public/private key pairs and exchange the public certificate. Key pairs are generated using the RSA algorithm. The certificates must be PEM-encoded PKCS7 file. Each of the parties is using the private key to sign the message and the opposite side authenticate the sender with a corresponding public certificate.

For more information on security check here.

 

PCI DSS considerations – Please note that certain myPOS APIs allow you to handle sensitive card data. However in order to operate with it you must be PCI DSS certified. For more information visit: https://www.pcisecuritystandards.org/ 

 

They do have very strict policy regarding the Sensitive Authentication Data (SAD) storage. The Card Schemes (MasterCard Worldwide, Visa Inc., American Express, Discover Financial Services and JCB International) have never permitted the storage of sensitive data (track data and/or CVV2). It is prohibited under “Requirement 3” of the Payment Card Industry Data Security Standard (PCI DSS). Merchants failing to comply to the regulations are exposed to fines by the Card Schemes.