Introduction
Accept simple and secure payments in your app or website with Judopay’s SDKs. Quickly capture your customer’s card details for immediate payments or save them securely for future payments.
Then, you will receive access to your Judopay dashboard and the sandbox environment.
There is a due diligence process to complete before you go live, so please speak to a member of the team before doing any development work.
To follow the steps to quickly integrate and produce a test card payment using Judopay’s Web SDK, see Start Integrating with Judopay.
You can have:
- One judoId
- Multiple judoIds
A judoId can be allocated for a route or location basis. Multiple judoIds can also be created to take into account a more granular set of transaction reporting, for example to separate online transactions, the location where transactions took place, or the most used payment method.
All judoId's can have different configurations enabled.
You will receive your API credentials when setting up your account with Judopay. These credentials control the permissions enabled on your sandbox and live token and secret pair(s).
Each Token and Secret pair will have specific permissions configured. For more information, see Token and Secret App Permissions.
The following illustration provides a helpful overview on the permissions that need to be set up, in order for each step in the payment flow to be able to take place:
Depending on the payment methods, currencies and card schemes you want to accept, you can configure these specifically, (for example Visa, Mastercard, Apple Pay, Card, PayPal), or set to accept All.
Check your judoIds and tokens are configured and enabled as appropriate.
If you want to include AMEX, contact Customer Support to set this up. AMEX is not automatically added and requires a separate configuration.
- Payment Methods
- Transaction Medium (ECOM/MOTO)
- Currencies
- Card Schemes
- Transaction Types
- Block Payments from a Specific Region
Interact with our Transaction API Reference in the following ways:
- Select your integration version
- See the authentication methods available
- How to create a /paymentsession
- Authenticate all requests or a specific request
- Manually test a request
- View example success and error responses
For more information, see How to use our Transaction API Reference Documentation.
In online and mobile payments, security is a number one concern. Authentication and verification of the identity of the cardholder is important for preventing fraudulent transactions and refunds.
Each request to Judopay’s Transaction API requires authentication.
Depending on how you integrate with Judopay, the following methods are recommended to authenticate requests:
- /paymentsession
- /paymentsession, or
- TokenSecretAuth
- The token and secret pair
For more information, see Authentication Methods.
Prior to Testing - Prerequisites
Make sure you have the following set up prior to testing:
- You are using sandbox tokens in the sandbox environment.
- You are using test cards in the sandbox environment.
- Your judoIds and tokens are configured and enabled as appropriate.
You need your sandbox account so you can process test transactions while developing your app.
The purpose of the sandbox environment is to allow you to test and replicate various use cases, payment flows and scenarios that your app should support.
Use the Test Cards and data to test your integration is working correctly. This will give you confidence that all is working as expected when your integration goes live.
For more information see, Testing your Direct (API) Integration.
For more information see, Testing Web Payments - Card Payments.
For more information see, Testing your Mobile SDK Integration.
For more information see, Testing Web SDK - Card Payments.
For more information see, Testing Digital Wallet Payments - via API.
For more information see, Testing Digital Wallet Payments - via Web SDK.
For more information see, Testing your Wallet Payment Integration.
Familiarise yourself with the key terms we use, to help you with your integration:
The judoId is a unique ID supplied by Judopay, which you add to the request body of each transaction request.
- String of numbers
- Maximum length 9 characters
- Format: 100100100
- Do not include spaces or dashes
You will receive your API credentials when setting up your account with Judopay. These credentials control the permissions enabled on your sandbox and live token and secret pair(s).
Each Token and Secret pair will have specific permissions configured. For more information, see Token and Secret App Permissions.
3D Secure 2.0 aims to improve the security and consumer experience, including helping merchants achieve Strong Customer Authentication (SCA) compliance under PSD2.
The Payment Services Directive (PSD2), has introduced a new regulatory requirement: Strong Customer Authentication (SCA). The aim of the SCA is to add an increased layer of security for card not present transactions, when making mobile and online payments.
In the 3D Secure 2 payment flow, the Issuer will make a decision on whether they have enough authentication data to proceed with the transaction, or if they require the cardholder to further authenticate the transaction with additional Strong Customer Authentication (SCA) checks.
To authenticate the transaction, merchants can verify the consumer's identity with the Issuer. To be compliant with SCA, 3D Secure 2 transactions have additional authentication and transaction information within the payment flow.
The deadline for PSD2 and SCA implementation for all the European Union countries members and UK merchants has now passed. 3D Secure 1 is no longer supported.
We have made it a simple implementation for you to upgrade to 3D Secure 2 within your payment flow, see Integrating 3D Secure 2 (EMV 3D Secure).
For more information on 3D Secure 2, see Introducing 3D Secure 2.
Merchant-Initiated-Transactions (MIT)s, for example:
- Subscription type payments
- Unscheduled transactions
- tips
- increase in taxi fares
For more information, see MITs.
MITs are also impacted by SCA. You need to tag your MIT / Recurring transactions correctly to ensure your transactions are not declined by your customers’ issuing bank.
Use the card token in the request body, instead of the card number. The card token is a randomly generated string linked to a card saved securely within the Judopay Card Vault.
You will not take on additional PCI scope, as the card token does not have any sensitive card information, so it can be stored in your database.
Alternative Payment Methods refers to a range of payment methods beyond the traditional ways of paying with cards and cash.
Currently Judopay accepts the following alternative payment methods:
- PayByLink
- iDEAL
- PayPal (BETA)
- Klarna (BETA)
For more information, see Alternative Payment Methods.
Integrate Apple Pay™ and Google Pay™ via Web and Mobile.
For more information, see Wallet Payments.
A minimal integration is all that is required to enable you to take a payment.
Generate hosted payment page links using Judopay’s Transaction API and redirect the consumer back to your own website, using configured redirect URLs.
This helps minimise your PCI scope by providing consumers with a secure way to pay online via their browser, optimised for any device.
For more information, see Web Payments.
Judopay’s SDKs enables merchants to easily integrate and customise a seamless consumer checkout experience, for Mobile, Web and Server integrations.
All of our SDKs come built-in with the following features:
- Secure Customer Authentication (SCA) compliance: 3D Secure.
- Fraud Prevention Tools
- Supports Alternative Payment Methods
- You will not take on additional PCI scope, as sensitive card information is submitted by consumers into fields hosted by Judopay, encrypted and transmitted on behalf of the merchant, meaning it does not touch the merchant’s server.
If you prefer to use your own UI for the consumer’s checkout journey, you can still easily integrate with Judopay using only a few lines of code to begin accepting payments.
For more information, see:
Access the Judopay Portal, to:
- Create your apps
- Configure your apps' permissions
- Access sandbox and live tokens and secrets
- Set up webhooks
- View transactions
- Process refunds
Create and configure your apps, access your tokens and secrets, view transactions, set up webhooks and process refunds, on the Judopay Portal.
When you sign in to the Judopay Portal, the side navigation has the following menu options:
Account Section:
Overview: Overview of Account | Recent Live Transactions | Account Balance | Previous Transfers
History: View Transactions in Sandbox and Live Environments | Search for Specific Transactions | View Filtered Transactions | Export Transactions to .csv
Payments Dashboard: View Payment Summary for Last 24 Hours | View Total Transaction Value (Gross) for Past 30 Days | View Total Transaction Count for Past 30 Days
Declines Dashboard: View Declined Transactions by Month | View Declined Transactions Summary for Last 30 Days | View Declines by Acquirer Response Codes
Pay By Link: View Existing PayByLink Payments | Create a new PayByLink Payment
Balance: Detailed Account Balance View | Past Transfer Activity
V-terminal: Virtual Terminal
Settings: Provides the Judo ID | Transaction Fees | Funding Delay | Additional Account Details and Options | Transfer Details | Set Transfer Frequency for the Designated Account.
Developers Section: Your Apps: Configure Your App |Access Tokens | Access Secrets Tools: Download our SDKs | Sandbox Test Card Details | API Transaction Logs
Help Section: Portal Guide: Guide to Navigate the Porta.l Contact: Complete the Form to Judopay Customer Support.
From the Judopay Portal:
From the side menu, select Your apps
The Your apps page appears. Click the Add app button.
The app configuration page appears. Enter the name for your app. For the purpose of this exercise, Documentation Testing App is entered.
To enable pre-configured permissions depending on the kind of app you are creating, select one of the following options: Native Mobile: Payments using our native mobile. Web Payments: Using our hosted re-direct Web Payments solution. Your Back Office: Using our Server SDKs, or build directly to our API.
Click Add app
Your new app will appear at the bottom of the list of apps. You can select the app to view and edit the configuration settings.
Each app has a unique configuration, meaning permissions or feature configurations (such as one-click payments) are not shared between all your apps. You have to configure each app separately.
To maximise your app’s security it is important to set permissions to allow your app to accept and process specific endpoints or payment types.
Each Token and Secret pair related to an app has its own unique permissions.
It is advised to enable the absolute minimum permissions required for your mobile app.
For example, if you only perform transactions from your backend; in your backend app enable the Make Payments permission.
The following app permissions are available:
- List All Transactions
- Make Payments
- Refund Payments
- Retrieve Web Payment
- Create Web Payment
- PreAuth Transactions
- Register Card Transactions
For Mobile apps, it is recommended not to make a transaction from the app, as the Token and Secret could become compromised.
Each Token and Secret pair will have specific permissions configured.
Double check these permissions before using the Token and Secret. Each app has a Token and Secret Pair for Sandbox and Live.
To edit the Sandbox Token and Secret app permissions in the Judopay Portal:
From the side menu, select Your apps Select the app you wish to edit. For the purpose of this exercise, Document Testing App is selected.
Select the environment to set permissions:
- Sandbox tokens
- Live tokens
For the purpose of this exercise, Sandbox tokens is selected
The token information is displayed. Native apps have the following default permissions:
- Make Payments
- PreAuth Transactions
Click Edit
The Permissions window appears. Select or deselect a permission. For the purpose of this exercise, List all Transactions is selected
Click Save Permissions
The added permission appears in the list. Test to validate the change has taken effect.
Each Token and Secret pair will have specific permissions configured.
Double check these permissions before using the Token and Secret. Each app has a Token and Secret Pair for Sandbox and Live.
For the purpose of this exercise, view the Sandbox Token and Secret in the Judopay Portal.
From the Judopay Portal:
To view the Sandbox Token and Secret:
From the side menu, select Your apps Select the app to view the Token and Secret credentials.
Select Sandbox tokens to see both the Token and Secret for the Sandbox Environment.
The Sandbox Token information is displayed. You can:
- View the Token | Secret | View and Edit Permissions | Disable the token | Add a new Sandbox token
A live Token and Secret will only be visible within the app once your account is activated.
Each Token and Secret pair will have specific permissions configured.
Double check these permissions before using the Token and Secret. Each app has a Token and Secret Pair for Sandbox and Live.
For the purpose of this exercise, view the Live Token and Secret in the Judopay Portal.
From the Judopay Portal:
To view the Live Token and Secret:
From the side menu, select Your apps Select the app to view the Token and Secret credentials.
Select Live tokens to see both the Token and Secret for the Sandbox Environment.
The Live Token information is displayed. A Live Token and Secret will only be visible within the app once your account is activated.To activate your account, see Introduction.
A live Token and Secret will only be visible within the app once your account is activated.
At the API Token / API Secret level, additional settings can be initiated:
- Enabling Webhooks
Contact customer support to set up the following features:
- Enabling WebPayments
- Enforcing AVS (Address Verification)
- Enforcing 3DS
- CV2 (Optional)