Introduction to the Purse Payment API
What Do We Provide
Using a large variety of features, Purse acts as an orchestrator between merchants and the payment ecosystem.
It gives you a powerful payment management solution designed to simplify the integration of multiple payment methods into a single, unified system :
| Feature | Description |
|---|
| Unified API | One integration for multiple payment providers |
| Secure Vault | PCI-compliant card data storage |
| Advanced Routing | Optimize transaction success rates |
| Customizable Checkout System | User-friendly checkout experience |
| Real-Time Monitoring | Full visibility on payment flows |
Each component is designed to simplify your integration while providing a secure and flexible payment solution.
Through this documentation, we will guide you on how to use Purse's API and its features to its full potential and allow you to enhance your payment process.
The Key Players in a Payment Transaction
A standard online transaction, typically with a credit card, involves four main parties:
1️⃣ The Card Holder – The individual making the payment
2️⃣ The Retailer (Merchant) – The business offering a product or service
3️⃣ The Acquirer (Merchant’s Bank) – Processes payments and routes through card networks
4️⃣ The Issuing Bank (Customer’s Bank) – Issues the card and validates the transaction
How a Payment Transaction Works
A typical online payment follows this flow:
1️⃣ Customer enters payment information
2️⃣ The request is sent to a PSP or alternative method (wallet, BNPL, etc.)
3️⃣ PSP (if applicable) sends the transaction to the acquirer
4️⃣ Acquirer contacts the issuing bank
5️⃣ The bank checks and approves (or declines) the transaction
6️⃣ If approved, funds are transferred and the merchant is notified
- Purse API simplifies this processn acting as a gateway, by handling the connection between the merchant and the payment ecosystem.
Security Standards & Compliance
PCI-DSS Compliance
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards created to protect cardholder data.
It applies to any organization that processes, stores or transmits credit card information.
The goal of PCI-DSS is to minimize credit card fraud and increase the security of payment card transactions.
The PCI-DSS is a demanding standard with approximately 470 requirements across 12 key areas, all geared towards achieving six core objectives:
- Build and Maintain a Secure Network and Systems : This focuses on establishing and maintaining a secure IT infrastructure to protect cardholder data
- Protect Account Data : This objective centers on safeguarding stored cardholder data and ensuring its confidentiality
- Maintain a Vulnerability Management Program : This involves proactively identifying and addressing security vulnerabilities to prevent exploitation
- Implement Strong Access Control Measures : This aims to restrict access to cardholder data to authorized personnel only, based on their job responsibilities
- Regularly Monitor and Test Networks : This objective emphasizes the need for continuous monitoring and regular testing of security controls to ensure their effectiveness
- Maintain an Information Security Policy : This involves establishing and enforcing comprehensive security policies and procedures across the organization
Purse’s SaaS solution is certified PCI-DSS Level 1, ensuring the highest level of compliance.
Merchants can thus certify themselves via an SAQ-A form, except for merchants who implement their own payment form or
who are required by their acquiring bank to obtain certification via a QSA auditor
3D Secure Authentication
3D Secure (3DS) adds an extra layer of fraud protection by requiring the cardholder to verify their identity during checkout.
- Purse supports external 3DS, allowing the authentication flow to remain independent of PSPs.