Guides > Payment Gateway

Payment Gateway


The Qualpay Payment Gateway provides you with complete control over your checkout experience. You can process either one-time payments or payments from repeat customers. Integrate directly with either the Payment Gateway API or via an SDK. You will be responsible for collecting and processing payment information on your servers. To reduce your PCI DSS (Payment Card Industry Data Security Standard) scope, tokenize and store cardholder data in Qualpay Customer Vault.

Qualpay is a PCI DSS (Payment Card Industry Data Security Standard) certified Level 1 compliant Service Provider.


Supported Transaction Types

Verify is used to send cardholder data to the issuing bank for validation

Authorization is used to send cardholder data to the issuing bank for approval. An approved transaction will continue to be open until it expires or a capture message is received. Authorizations are automatically voided if they are not captured within 28 days, although most issuing banks will release the hold after 24 hours in retail environments or 7 days in card not present environments.

Capture is used to capture a previously authorized transaction using the payment gateway identifier returned by the authorization message. A capture may be completed for any amount up to the authorized amount.

Sale is used to perform the function of an authorization and a capture in a single message. This message is used when either goods or services are provided at time of payment

Void is used to cancel a previously authorized transaction. Authorizations can be voided at any time. Captured transactions can be voided up until the batch is closed. The batch close time is configurable and by default is 9 PM Pacific Standard Time

Credit is used to issue a non-referenced credit or payment to a cardholder. The credit message is enabled during the first 30 days of production activity after which is disabled to prevent fraudulent use

Refund is used to issue a partial or full refund of a previously captured transaction using the payment gateway identifier. Multiple refunds are allowed per captured transaction provided that the sum of all refunds does not exceed the original captured transaction amount

Force is used to force a declined transaction into the system. This would occur when the online authorization was declined and the merchant received an authorization from a voice or automated response (ARU) system. The required fields are the same as a sale or authorization message with the following exceptions: the cardholder expiration date (exp_date) is not required, and the 6-character authorization code received from the issuer (auth_code) is required.

Tokenization is used to securely store cardholder data on the Qualpay platform and is supported on all transaction types. Alternatively by sending a Customer ID, you can store cardholder data as well as an array of data in Qualpay Customer Vault.

Batch Close will cause the open batch of transactions to be immediately closed. This message is normally used by POS devices that wish to control the timing of the batch close rather than relying on the daily automatic batch close.

Card Types

Visa, MasterCard, Discover, American Express, International Diners and JCB as well as purchase and business cards.

Currency Types

All currencies supported by MasterCard and Visa. Transactions will appear on the cardholder statement in their currency and you will be funded in USD. Daily exchange rates are applied by the card brands.

Payment Types

E-commerce, mail order, telephone order, card swipe, recurring, installment, Level II and III as well as 3D Secure.

Retry Logic

Support for retrying messages when the developer application does not receive a response from the Qualpay host. When using retry, the developer application is responsible for properly handling the retry_attempt value, which will be unique within a 24 hour period and greater than zero, incrementing by 1, each time an attempt is made.


Sensitive cardholder data will travel from your customer's device touching your servers and onto Qualpay. Qualpay is a PCI DSS (Payment Card Industry Data Security Standard) certified Level 1 compliant Service Provider.

3-D Secure Support

Use a third-party Merchant Plug-in to obtain the Visa and MasterCard 3-D Secure values, then submit the values with your payment gateway transaction for 3-D Secure Authentication.


Sign up for an account to access the Qualpay Sandbox environment and retrieve your sandbox test keys in the Administration section. Integrate directly with the Payment Gateway API or take advantage of one of our SDKs.


Start testing now at

Go Live

Contact your sales representative or apply now for your production account.

Alternatively, sign up for our Partner Program, so you and your customers can take advantage of Qualpay's integrated payments and boarding process, designed to support all the different ways you onboard your customer.

Once you have received approval for your production account, log into Qualpay Manager and retrieve your production keys from the Administration section.

Start transacting at

Have a question? Click the chat button in the bottom right or email us at