Skip to main content

Welcome

xpanse provides a simple way to consume payment providers through one API.

Overview

There are a few key components to the platform:

  • Client SDK - used to securely collect payment details
  • API - backend system to process payments. In most cases, you can use one of the Server SDKs to provide a friendly interface over the top of our REST API. The full reference for the API is here. The API is a REST based HTTP API.
  • Sandbox Dashboard - Dashboard for managing your xpanse account, viewing transactions and managing customers

Authentication

Authentication with the API is through the Secret Key (for server side API calls) or the Public Key (for client side API calls). Your Secret Key should always be protected. You can get the keys through the Sandbox Dashboard.

To use the keys:

  • In the Server SDKs, pass the Secret Key when initialising
  • In the Client SDK, pass the Public Key when initialising
  • Using the API, pass the Secret Key as the http header: x-secretkey

Getting started

The most basic flow is:

  • Convert payment details to a token using the Client SDK.
  • Use the token to take a payment
Client SDK

Almost all uses of xpanse start with the Client SDK to securely convert payment details to a payment token. This is the best way to securely send the payment details directly from the user's browser to xpanse. The Client SDK will automatically append the payment token as a hidden input to the payment form. When the form is submitted to you server, it can be used for server side calls

Client SDK

Once the payment token has been added to the form, the payment form is submitted. The token can then be used to accept a payment on your server, by calling the xpanse API.

We have some more detailed guides, with examples of different server side calls:

Authentication

Authentication to xpanse is by a providing a secret key in an HTTP header.

You can get the secret key from the accounts page, which needs to be provided in the header x-secretkey. If you are using one of the Server SDKs, the secret key is set through a configuration method.

When you're using the Client SDK you will need to use a provider token for each provider you are connecting to.

Switching to production

When you're ready to change into production, you'll need to make the following changes:

  • switch your API calls to the production URL: https://api.xpanse.one
  • make sure you use your production public key (prefix: publive) and secret key (prefix: seclive)
  • switch the environment from "SANDBOX" to "PRODUCTION" in the Server SDKs
  • switch the environment from "sandbox" to "production" in the Client SDK

Fraud configuration

By implementing Fraud, you add an extra layer of protection to your payment process, ensuring secure and verify transactions.

Configure Fraud Check for your transactions by following these steps:

  1. Enabling Fraud: Activate the Fraud check for all transactions or specific subsets based on your preferences.

  2. Routing Visibility Data: For a granular approach, configure Fraud for specific transaction subsets using routing visibility data. This feature allows you to set up conditions based on currency and transaction amount ranges.

For detailed instructions and visual aids, refer to our Fraud Configuration Documentation.