# How to enable payments on your website

You can create an API Key with permissions for the types of payments you require. An API Key identifies you in our system and serves as your password.

When you make a payment or create an object in Straal, you should send an API Key in the header of an HTTP request as Basic Auth password, with the user left empty. See the usage in the API Reference(opens new window) .

You'll also receive a Merchant ID (MID), which means that there will be an environment for processing your transactions set up in our system. Some Payment Gateways use an MID to identify the Merchant, but in Straal it's enough to use an API Key for this purpose.

# Test environment

We'll set up a test environment for your business. After it's done, you can begin testing various types of transactions. You can find test credit card numbers and IBANs in APIref: Testing resources(opens new window) .

You can play with the sandbox, using cURL and your favourite programming language. This is the time to test your integration with Straal. After you're done, we will create a production account for you.

# Enabling payments

To enable payments on your website, you need to make a connection between your website and Straal. You can choose one of three ways:

  • Straal Checkout Page. Your back end needs to (1) send a request to Straal to generate a checkout page for a given customer, and (2) redirect them to it. More details soon.

  • Back-end-to-back-end integration. It's possible if you're PCI Compliant, which means you can process payment data through your back end, and if you are able to generate [CryptKeys](/receiving-payments#choose-your method). This integration method is the most powerful, but it's not often possible because of the high requirements of PCI-DSS compliance. Read more in Managing payments via Straal API

  • Custom payment form on your website. You can design and code your own checkout using Straal.js(opens new window) for rapid integration, and by following PCI-DSS and online payments best practices. Read more about security or visit the PCI Security Standards Council website(opens new window) .

If you have a mobile app, or you're developing one, and you'd like to give your users the option to make safe payments, you can use the Mobile SDKs for Android and iOS. Read more about the various options in Receiving payments.

To start accepting payments with Straal, visit the Boarding page(opens new window) .

# API keys and notifications

There are a two things you need to have prepared before you start accepting payments with Straal. As these things require some technical knowledge we recommend sharing this information with your developers.

  1. Make sure you have access to Kompas: our analytics and account management dashboard. If not, please contact our support or your account manager.
  2. Make sure a test account was set up for you.
  3. Given points 1 and 2 are true you can login to Kompas and:
    1. Generate an API Key.
    2. Configure a notification endpoint.

# Generating an API key

An API key authorizes you in our API and allows you to interface with it. Keep it secure and do not expose it to any unauthorized personel or your customers, as it can lead to malicious behaviors. To generate an API key follow these steps:

  1. Go to Kompas and navigate to API keys.
  2. Click on the “Generate API key” button.
  3. Name your API key with a prefix that will help you easily identify it in the future. For example: mybusinesskey.
  4. Use the checkboxes to signal which API permissions this key should have. For the general purpose key we recommend keeping all boxes checked.
  5. Click on the "Generate key" button.
  6. We will display you the API key that you have just generated. Save it now in a safe place. For security reasons, there is no way to retrieve the key after closing the modal. You can only generate a new one.

# Configuring a notification endpoint

Straal notifications let you instantly know when something takes place in our system. There is a considerable advantage to using them – even if something goes wrong on your back end, you'll still know what happened to the payment. For example, you'll be notified when we detect a charge attempt or when we bill a subscription. When notifications are useful:

  • Operations done on mobile apps or using an online checkout – when your back end doesn't receive the transaction status from the front end.
  • When you want to know if an operation has been rejected.
  • SEPA payments, which can take up to 5 days. With notifications enabled, you'll be notified when a payment succeeds or fails.

To configure an endpoint follow these steps:

  1. Go to Kompas and navigate to Notification endpoints.
  2. Click on “Create”.
  3. A modal window will pop up. Enter the URL to which we will send the notifications. Make sure the URL is secured via an SSL certificate (starts with https://).
  4. Optionally, if you want to protect the endpoint from unauthorized use, you can secure it with HTTP basic authorization. Enter the username and password that Straal will use when sending the notifications to your server. We highly recommend protecting the endpoint.
  5. Click on “Create”.

Read more about specific notifications in APIref: Notifications(opens new window) .