DEVELOPER

Back to Developer Blog

technicalseries

Embedded Payment APIs: Technical Overview

By Alex Sorbala and Laura Olson | September 15th, 2024

Application Programming Interfaces (APIs) that facilitate payment transactions are designed to meet the regulations set by leaders in the financial industry, as well as the business requirements of the FinTech sector. However, at a fundamental level, these software development tools operate just like any other APIs. Payment APIs can enable communication between a business’s checkout environment and a payment gateway or processor. Software companies can use payment Software Development Kits (SDKs) to develop applications and add revenue streams for a specific platform or to serve industry verticals such as automotive or insurance technology (also referred to as insurtech). The unique payment needs of each merchant or Independent Software Vendor (ISV) will determine which set of tools is best.

What is a payment API?

Payment APIs are the backbone of all payment products, as they’re used to send requests to financial resources to accomplish a variety of goals. Users can develop software applications to make sales, get transaction reports, set up recurring billing, and much more. Because the data that payment APIs transmit is often highly sensitive, they generally enforce stringent authentication processes. For example, when requesting any transfer of funds, payment APIs must be authenticated to a Merchant ID (MID). To obtain a MID, businesses must submit financial and business information to the payment provider, who underwrites the account and provides a MID if the application is approved.

After successful authentication, users can easily make requests from an online application to payment resources. As long as the data that’s required for each API call is passed in the request, developers can integrate payment APIs into most web-connected payment environments, in whatever way makes the most sense for the business.

What are the benefits of embedded payments?

Embedded payment solutions that are facilitated using a payment API offer a variety of benefits, including the following.
  • Increased Sales: Online purchases can be made from any location at any time, meaning sales aren’t limited to business hours and your customer base instantly expands across the country (or beyond).
  • Improved Record-Keeping: Since digital payments are automatically recorded, record-keeping is built into your online payments software making it easy to review sales reports.
  • Advanced Customer Data: Embedded payments allow businesses to automatically collect transaction data that can be used to improve the customer experience and generate targeted promotions in the future, increasing repeat business.
  • Automated Invoices: With products like North’s Invoicing API, businesses can set up a branded portal where customers can pay invoices. Merchants can even schedule invoices to be sent at a later date so merchants can “set it and forget it.”
  • Various Payment Methods: Offering different types of payment options, such as subscriptions to products and services, is a great way to increase customer loyalty. These autopay products work by saving a secure, tokenized version of the customer's card data on file. The buyer agrees for a specified amount of money to be withdrawn from their bank account on a fixed day of each week or month for a predetermined length of time (or indefinitely until they cancel the subscription). Schedule recurring payments can increase repeat business, and your bottom line.

API Integration Overview

Payment APIs handle the transmission of transaction data from a business to a payment gateway or directly to an integrated payment processor (learn more about the benefits of direct integration here). In order to integrate with a full-featured payment API (as opposed to a hosted checkout page, shopping cart plugin, payment gateway API, etc.) businesses must build an application to collect customer data and initiate the API request calls that transmit that data to the next stop on the transaction request path.

The application collects the raw credit card and customer data during the checkout experience, encrypts it, and sends it in an API request to the payment processor. Businesses that integrate directly with a payment API may need to make changes to their server environment and security infrastructure to properly handle this sensitive data and meet Payment Card Industry (PCI) requirements. To learn more about PCI requirements, review the latest PCI Data Security Standards (DSS) or read an overview of what PCI compliance means.

Get in Touch

Talk to us about integrating a payment API to your business.

Collecting In-Person Payment Data

For businesses that need to accept payments in person, such as contractor services, and want to connect directly to a payment API, they must either develop a native app that runs on a physical credit card terminal, or build a Point of Sale system that integrates payment data collection into the software and POS hardware. To complete the payments process, the application must work with the firmware to accept the raw data that’s read via the hardware, including standard transaction data, as well as additional fields that are unique to the physical acceptance method, such as the following.
  • EMV Data: The request data from the EMV kernel.
  • Track Data: The information held on the credit or debit card’s computer chip or magnetic strip.
  • Card Entry Method: The method by which the card data was read, for example, Swiped Track 1 or 2, Contactless EMV or non-EMV, Bar Code, and more.
Example Request:

    {
      "trackData": "4111111111=491210100000000000?",
      "amount": 10,
      "transaction": 123,
      "batchID": 12345,
      "emvData": "820258008407A000000031010950580000080009A",
      "cardEntryMethod": "G",
      "industryType": "P"
    }
  

Collecting Online Payment Data

Businesses that need to accept ecommerce payments via a web browser must develop an application that collects transaction data from customers with a form on the website. When customers enter their card information and submit the form using an online payment API, the business is responsible for securely handling that data. This includes securing the form itself, the transmission of the data to the server, and the data storage on the business’s server(s). For businesses that don’t want to handle sensitive payment data, ecommerce checkout integrations like North’s iFrame JavaScript SDK place most of the responsibility for credit card security on the payment service provider, who hosts the sensitive form fields separately on their own servers. Because ecommerce requests do not have the benefit of accessing the data about the card and cardholder that’s stored on a physical card, these additional fields of data must be included in API requests where the acceptance method is ecommerce.
  • Account: The card number to be acted on during the request.
  • CVV2: Card Verification Value.
  • Customer ZIP code or complete address.
Example request:

    {
      "account": "4111111111",
      "expirationDate": "2512",
      "amount": 177.99,
      "address": {
        "address": "123 Street",
        "zipCode": "12345",
        "firstName": "Sarah",
        "lastName": "Smith"
      },
      "cvv2": "123",
      "batchID": 12345,
      "transaction": 123,
      "cardEntryMethod": "E",
      "industryType": "E"
    }
  

Handling the Transaction Request

After collecting the data required for the transaction request, the application must securely encrypt all data in accordance with PCI requirements. It must also format the data so that the API can accept it, then it must initiate the transaction request and listen for the response. Once the response is received, the app must again follow PCI requirements for securely handling the response data and destroying sensitive data when it’s no longer in use.

Choosing a Payment API

It is typically more complex to integrate directly with a full-featured API as opposed to using a pre-built solution that collects transaction data and handles the API requests. However, direct integrations give businesses the most control to customize the user experience and develop software that perfectly meets a business’s needs.

For many businesses, the best solution is one that enables payment acceptance and embedded finance across many channels, in which case a dual integration with a payment terminal and a web form is a great fit. One example of this is North’s Custom Pay API, which can handle requests from a physical payment device or can complete the checkout process from a web-based application. The best payment partners will be able to offer businesses a variety of options that work together seamlessly in one payment ecosystem.

How To Get Started

North Developer provides thorough documentation and code samples to support developers and business decision-makers throughout the entire integration process. Contact us to learn more about how payment APIs work and how you can connect your system to the North ecosystem.


Start your free Developer account and try it now.


©2025 North is a registered DBA of NorthAB, LLC. All rights reserved. North is a registered ISO of BMO Harris Bank N.A., Chicago, IL, Citizens Bank N.A., Providence, RI, The Bancorp Bank, Philadelphia, PA, FFB Bank, Fresno, CA, Wells Fargo Bank, N.A., Concord, CA, and PNC Bank, N.A.