Are you looking for test card numbers?

Would you like to contact support?

Classic-integration icon

Payment request

Hosted Payment Pages are no longer available
This page is for the classic Hosted Payment Pages (HPP) integration, which has reached end-of-life. We are no longer processing transactions though HPP. If you have any questions, contact our Support Team.

This table lists the fields to be passed in an HPP payment request.



A comma-separated list of the allowed payment methods to filter the payment method options that would normally be available through the skinned HPP.

Only the listed payment methods are shown, if available; all other payment methods are ignored.

Spaces are not allowed.

If you do not include this optional parameter, the corresponding value in the merchantSignature computation is an empty string.




A comma-separated list of the not allowed payment methods to filter the payment method options that would normally be available through the skinned HPP.

The listed payment methods are not made available on the HPP.

Spaces are not allowed.

If you do not include this optional parameter, the corresponding value in the merchantSignature computation is an empty string.



Defines the specific payment method used to process the payment.

This field is required in a payment request call to skipD details.shtml to skip the payment method selection.

The brandCode values are case sensitive. For information on available brandCode values, refer to Payment methods overview .
captureDelayHoursInt-x-The delay between the authorisation and scheduled auto capture, specified in hours.


By default, the payment methods offered to a shopper are filtered based on the country the shopper's IP address is mapped to. In this way, shoppers are not offered payment methods that are not available in the country they are carrying out the transaction from. This IP-to-country mapping is not 100% accurate, so if you have already established the country of the shopper, you can set it explicitly in the countryCode parameter.

The country value format needs to adhere to the ISO 3166-1 alpha-2 standard. An invalid country code results in a transaction/request rejection. You can look up country codes on the ISO website.

This field may be required in a payment request call to Hosted Payment Pages API to perform a directory lookup.


The three-character ISO currency code.



Defines the specific issuer ID used to process the payment.

This field is required for iDEAL payments.


The merchant account identifier you want to process the (transaction) request with.

merchantReferenceString-white_check_mark-A reference to uniquely identify the payment. This reference is used in all communication with you about the payment status. We recommend using a unique value per payment; however, it is not a requirement. If you need to provide multiple references for a transaction, you can enter them in this field. Separate each reference value with a hyphen character ("-"). This field has a length restriction: you can enter max. 80 characters.


This field value is appended as-is to the return URL when the shopper completes, or abandons, the payment process and is redirected to your webshop.

Typically, this field is used to hold and transmit a session ID.

Maximum allowed character length: 128 characters.

If by including merchantReturnData in a request causes it to exceed the allowed maximum size, the payment can fail.


The signature in Base64 encoded format. It is generated by concatenating the values of payment session fields, and by computing the HMAC using the shared secret, as configured in the skin.
For more information, refer to HMAC signature calculation.



Metadata consists of entries, each of which includes of key and value.

Limitations: Error "177", "Metadata size exceeds limit"


An integer value that adds up to the normal fraud score.

The value can be either a positive or negative integer.



An HTML fragment containing the order details to display to the shopper on the payment review page, just before the shopper proceeds to the final order confirmation.

Data is compressed and encoded in the session to prevent data corruption, for example in case the locale is set to non-Latin character sets.

  • Compression: GZIP
  • Encoding: Base64



The payable amount that can be charged for the transaction, in minor units.

The transaction amount needs to be represented in minor units according to the Currency codes table. Some currencies do not have decimal points, such as JPY, and some have 3 decimal points, such as BHD.
For example, 10 GBP is submitted as 1000, whereas 10 JPY is submitted as 10.



Defines the result URL, i.e. the default result landing page shoppers are redirected to when they complete a payment on the HPP.

We recommend setting a fixed resultURL in the skin configuration.

However, sometimes it may be preferable to set the result URL on a per-payment basis: to override the resultURL value specified in the skin configuration, you need to set the result URL for the payment session with the resURL parameter.



The payment deadline; the payment needs to occur within the specified time value.

This is especially useful for tickets and reservations, where you want to hold items for sale for a short, limited period of time.

  • Format: ISO 8601;  YYYY-MM-DDThh:mm:ssTZD
  • Example: 2017-07-17T13:42:40+01:00

The date within which the ordered goods or services need to be shipped or provided to the shopper.

This field is also used to set the expiration date of an offline payment like boletos and 7 eleven.

  • Format: ISO 8601;  YYYY-MM-DDThh:mm:ssTZD
  • Example: 2017-07-17T13:42:40+01:00



The shopper's email address.

We recommend providing this information, as it is used in velocity fraud checks.

Depending on your integration this field may be mandatory for you.

locale = language code + country code

It specifies the language to use during the transaction.

For example: en_GB sets the locale preferences to British English.

When it is not necessary to include the country-specific part, use only the language code.

For example: it instead of it_IT to set the locale preferences to Italian.

If not specified, the locale preference is set to en_GB   by default.


A unique identifier for the shopper, for example, a customer ID.

We recommend providing this information, as it is used in velocity fraud checks. It is also the key in recurring payments.

This field is mandatory in recurring payments.


Set this field in your payment request if you want to include a variable shopper statement.

You can include placeholders for the references. For example:

  • ${reference} for the merchant reference
  • ${pspReference} for the PSP reference.


  • Not all acquirers support dynamic shopper statements.
  • Maximum allowed character length: 135 characters. For Visa/Mastercard: 25/22 respectively.
  • Allowed characters: a-zA-Z0-9.,-?|
  • If you set the shopperStatement field, it is included in the HMAC calculation.
  • Not all payment methods support shopper statements.


A unique code to identify the skin you want to apply to the HPP in use to process the transaction.


  • You can skin your hosted payment page to make it consistent with your brand look and feel.
  • You can create multiple skins in your merchant account to provide tailored branding experiences to your shoppers.