Plexy
Pay API
Gate APIDashboard
Pay API
Gate APIDashboard
  1. Payments
  • Overview
  • Authorization
  • Webhooks
  • API Errors
  • Test Scenarios
  • Ecommerce Plugins
  • API
    • Payments
      • Overview
      • Payment Links
        • Create Payment Link
        • List Payment Links
        • Retrieve Payment Link by Order Reference
        • Cancel Payment Link
        • Retrieve Payment Link
        • Update Payment Link Expiration
        • Retrieve Payment Links Statistics
      • Reccurent Payments
        • Create Merchant-Initiated Payment
      • Direct Payments
        • Get Keys
        • Create Host-to-Host Payment
      • Transaction Management
        • Find Transaction's History by ID
        • Find Transaction by Payment Link ID
        • Find Transaction by ID
        • Find Transaction by Order reference
      • Payment Management
        • Cancel Payment
        • Capture Payment
        • Process Refund
      • Split Requests
        • Create
        • List
        • Update
        • Get By Id
        • Delete
      • Settlement Payment Order
        • Create
        • Get by id
        • List
    • Payouts
      • Retrieve Payout Transactions
      • Process Payout
      • Save Card for Payouts
    • Customers
      • Get Customer's Card Tokens
      • List Customers
      • Create Customer
      • Get Customer by ID
      • Get Customer's Transactions
    • Merchants
      • Payment Beneficiary
        • Create
        • Update
        • Gey By Id
        • List
        • Transfer from beneficiary balance to merchant balance
        • Create manual settlement for beneficiary
      • Retrieve Merchant's Details
    • Wallet
      • Authorize
      • Сapture
      • Refund
      • Cancel
    • Payment Methods
      • Google Pay™ Integration
  • Client SDK
    • Server flow
      • Session server flow
    • Web
      • Web Drop-in
      • Web iFrame
    • Flutter
      • Flutter Drop-in
  • Schemas
    • Schemas
      • response.TransactionList
      • entity.SplitRequest
      • entity.PaymentBeneficiary
      • request.CreatePaymentBeneficiary
      • entity.SettlementPaymentOrder
      • entity.PayoutRequest
      • entity.PayoutRequestRowData
      • entity.UserProfile Copy
      • entity.Store
      • request.AssignStoreToUser
      • request.RemoveStoreFromUser
      • entity.AccountExternalSystem
      • response.AssignStoreToUser
      • request.CreateStore
      • response.Store
      • response.UserList
      • request.WalletAuthorizeRequest
      • entity.ShortWalletTransaction
      • response.WalletAuthorizeResponse
      • request.WalletCapture
      • response.RemoveStoreFromUser
      • command.HandleThreeDResult
      • domain.Report
      • entity.CardSaveSessionCustomer
      • entity.Permission
      • entity.UserProfile
      • entity.UserRole
      • errors.Message
      • errors.Source
      • errors.Type
      • git_plexypay_com_ecom_back_api_internal_domain_view.Page-domain_Report
      • git_plexypay_com_ecom_back_api_internal_domain_view.Page-entity_UserProfile
      • git_plexypay_com_ecom_back_api_internal_platform_errors.Code
      • models.CSVApiRequest
      • models.CreateBussinessDetails
      • models.KeyResponse
      • models.OnboardingRequest
      • models.Transaction
      • paymentcore.Address
      • paymentcore.CustomerDetails
      • request.AuthorizePayment
      • request.BrowserDetails
      • request.CardData
      • request.ChangeUserRole
      • request.ContinueThreeDS
      • request.CreateCardSaveSession
      • request.CreateInviteSession
      • request.CreatePaymentLink
      • request.CreatePaymentLinkMetadata
      • request.HandlePayout
      • request.MerchantInitiatedPayment
      • request.PasswordRequest
      • request.Recurring
      • request.RefundPayment
      • request.SaveCard
      • request.SaveOneCustomer
      • request.TwoStepAuthorizePayment
      • request.UpdateMerchantSettingsRequest
      • request.UpdatePaymentLink
      • response.AcquirerResponseThreeDSecure
      • response.AuthorizeAndCapturePayment
      • response.AuthorizePayment
      • response.CancelPaymentResponse
      • response.CapturePaymentResponse
      • response.ContinueThreeDS
      • response.Currency
      • response.Customer
      • response.CustomerTransaction
      • response.CustomerTransactions
      • response.Customers
      • response.Error
      • response.Merchant
      • response.MerchantInitiatedPayment
      • response.MerchantSettings
      • response.PaymentLink
      • response.PaymentLinkInfo
      • response.PaymentLinkMetadata
      • response.PaymentLinksInfo
      • response.PaymentLinksStatistics
      • response.PaymentLinksStatisticsItem
      • response.Payout
      • response.Permission
      • response.RefundPaymentResponse
      • response.Report
      • response.SavedCard
      • response.Session
      • response.Settlement
      • response.SettlementTransaction
      • response.Store
      • response.Stores
      • response.Transaction
      • response.TransactionDetails
      • response.TransactionEvents
      • response.TransactionHistoryEvent
      • response.TransactionHistoryEventData
      • response.TransactionResponse
      • response.TransactionWebhookDetails
      • response.Transactions
      • response.UpdateMerchantSettingsResponse
      • response.UserProfile
      • value.PaymentMethod
    • receipt
    • Error
    • DecimalAmount
    • ProductType
    • ProductCategory
    • Product
    • Order
    • AgentBalance
    • AgentDeposit
    • TopupRequest
    • CreateOrderRequest
  1. Payments

Direct Payments

What is this?
A direct (host-to-host) card charge where the Merchant collects card data in its own UI, encrypts it with a key from PlexyPay, and creates a payment via POST /v1/payments/direct. 3-D Secure may be required by the Bank/ACS.

Actors#

User — payer in the merchant’s UI
Merchant — frontend + backend that collects and encrypts card data
PlexyPay — payment API/orchestrator (routes, 3-DS handling, webhooks)
Bank / ACS — issuer/acquirer side (authorization & 3-D Secure)

When to use#

You need a fully API-only flow (no hosted checkout UI).
You control the entire user experience and PCI scope.
You can handle 3-D Secure redirects/challenges.

Security & Prerequisites#

Encryption key: obtain via GET /v1/keys; encrypt card data client-side.
PCI DSS: Host-to-Host requires merchant-side PCI DSS compliance.
Idempotency: send an Idempotency-Key header for every charge attempt.
Webhooks: expose an HTTPS endpoint to receive asynchronous status updates.
DANGER
Do not send raw PAN/CVV to your backend unless you are PCI DSS certified. Encrypt card data on the client, and send only encrypted fields to your server/API.
Direct Payment Integration Flow

Client-side encryption (JavaScript example)#

Use this script to encrypt card fields with PlexyPay public key from GET https://api.plexypay.com/v1/keys, and then send encrypted values in your POST /v1/payments/direct request payload.
Node.js script (ready to run)
How to run
Output (example)
INFO
Encryption details (from the script):
RSA public key fetched from /v1/keys
Field-by-field encryption
Padding: RSA_PKCS1_PADDING (PKCS#1 v1.5)

Next steps#

1
1) Generate encrypted card fields
Use the JS snippet above on the client (or in your PCI-compliant environment).
2
2) Create payment
Call POST /v1/payments/direct with encrypted fields, amount, currency, and your order reference.
3
3) Handle 3‑D Secure (if required)
If API returns a challenge/redirect URL, present it to the user and complete the flow.
4
4) Confirm final status via webhooks
Always rely on webhooks for final state (success/failure), and treat client responses as intermediate.
Modified at 2026-01-29 08:21:13
Previous
Create Merchant-Initiated Payment
Next
Get Keys
Built with