Payment Gateway

Set up transactions with our Payment Gateway API.

The Maast Payment Gateway API is a method for processing payments with complete control over the checkout experience you provide. With the API, you are responsible for collecting and processing payment information on your servers. To reduce your PCI DSS scope, you can tokenize and store cardholder data in Maast's Customer Vault.

This page provides an overview of the Payment Gateway API and the features it supports. The API Quick Start guide gives instructions for the fastest possible setup of the Payment Gateway API for a sale transaction. The remaining guides show how to use the Payment Gateway API to perform a Sale, Tokenize, Void, or Refund transaction. See Payment Gateway in our API Reference for field definitions and details on all supported requests.


Features

Our Payment Gateway API has the following benefits:

  • Fully customized - Keep customers on your site for payments, where you can configure payment fields however you wish.
  • Flexible - Support a wide array of transactions, payment types, and currencies.
  • Secure - All cardholder data is collected and processed by Maast, a PCI DSS certified Level 1 compliant Service Provider.

The API supports several different requests. We offer API reference for all supported requests and detailed implementation guides for some.

We have guides for the following API functions:

See the Payment Gateway API reference for the following additional functions supported by the API:


The Payment Gateway API supports the following payment types:

  • E-commerce
  • Mail order
  • Telephone order
  • Card swipe
  • Recurring
  • Installment
  • Level II
  • Level III

It supports these forms of payment:

  • Visa
  • Mastercard
  • Discover
  • American Express
  • International Diners
  • JCB
  • Purchase cards
  • Business cards
  • Google Pay™
  • ACH

It supports the following currencies:


It supports these additional features:

  • Retry logic - See below for more information.
  • 3-D Secure Authentication - Use a third-party merchant plugin to get your Visa or Mastercard 3-D Secure values, and submit them with your transaction. See the 3-D Secure section of the Sale implementation guide for more information.

How it Works

This section provides an overview of the payment flow process with the Payment Gateway API for one-time payments and then for repeat transactions that use Customer Vault to store payment information.

One-Time Payments

For one-time payments, the Payment Gateway API payment flow is as follows:

  1. The customer selects to check out, sending payment information (the total sale amount and cardholder data) to the merchant server.
  2. The merchant server sends the payment information to the Maast server for authorization.
  3. Maast sends the payment information to the card brands for authorization, and it receives an approval or decline.
  4. Maast returns the response to the merchant server.
  5. The merchant server returns the response to the merchant's site.
  6. On approval, the merchant presents a receipt to the customer.

Repeat Payments with Customer Vault

For repeat-customer payments, the Payment Gateway API payment flow is as follows:

  1. The customer selects to check out, sending payment information (the total sale amount, cardholder data, and billing address) to the merchant server.
  2. The merchant server sends the following to the Maast server: the payment information and either a request for authorization or a request to perform a sale and tokenize.
  3. Maast sends the payment information to the card brands for authorization, and it receives an approval or decline.
  4. On approval, the following is stored in the Customer Vault: the customer ID, card ID, billing address, and any provided cardholder data.
  5. Maast returns the response to the merchant server, including the customer ID, card ID, and the first 6 and last 4 digits of the credit card number.
  6. On approval, the merchant presents a receipt to the customer.

Retry Logic

This API supports retry logic. Note:

  • Messages retry when the developer application does not receive a response from the Maast host.
  • When using retry, the developer application is responsible for properly handling the retry_attempt value.
  • The retry_attempt value is unique each 24-hour period. It is greater than zero and increases in an increment of 1 each time an attempt is made.