# Overview

Straal offers four ways of receiving online payments on your website or in your native app.

It doesn't matter which way you choose, your customers’ personal details will be protected with the highest quality security protocols.

Choose from the following:

  • your website, either using your own checkout with the help of Straal.js(opens new window) , or our checkout page
  • mobile apps, using the Android or iOS SDKs
  • point of sale (POS), using a terminal in your offline shop

In this section you will learn about:

  • implementing the Straal Checkout Page
  • building your own payment form
  • using the Straal API

# Checkout Page

The quickest and easiest method to launch your Straal agent is to use Straal’s ready-made Checkout Page. We guarantee outstanding customer experience for your customers regardless of the type of device they are using. Our forms can be used on a variety of devices – desktop computers, smartphones and tablets.

Read more about using checkout page in APIref: Checkout Page(opens new window) .

Using Straal checkout page

  1. Send request to create checkout object in Straal. For technical details, see APIref: Initialize checkout(opens new window) .

  2. Redirect the end user to the redirect_url obtained from checkout initialization response.

  3. After payment attempt you will receive notification - checkout_attempt_finished for card transactions, or pay_by_link_payment_succeeded or pay_by_link_payment_failed for Pay-By-Link payment. For one checkout there can be more than one payment attempt because Straal Checkout Page enables end user to retry failed payment attempt. After notifications about failed payment you can receive information about successful attempt. If you receive notification about payment failure after notification about success, you should ignore it. This may happen when there are connection problems. You should always treat notification about payment success as a final one.

Read more about Straal notifications: Notifications.

Read more about checkout_attempt_finished notification: APIref: checkout_attempt_finished(opens new window) .

Read more about pay_by_link_payment_succeeded notification: APIref: pay_by_link_payment_succeeded(opens new window) .

Read more about pay_by_link_payment_failed notification: APIref: pay_by_link_payment_failed(opens new window) .

# Your own payment form

If you value aesthetic consistency, and you'd like to design your payment form, Straal gives you full freedom and flexibility in this matter. This also gives you the possibility to maintain the purchasing process fully on your website.

We provide a safe way for your customers to provide their card details. They are encrypted and sent securely to the system using Straal.js, our helper library. Straal.js encrypts the Cardholder's data before sending it to us, so we take care of its security. Because the data isn't sent through your back end, you have to keep in mind fewer PCI-compliance requirements. Straal.js processes requests encrypted with CryptKeys.

CryptKeys are special objects that allow you to send encrypted data directly to our API endpoint. They have a one-time token inside at the same time. This can be useful in various scenarios, such as making a request from mobile or web applications where you can't expose the API Key.

Read more about using CryptKeys in APIref: CryptKeys(opens new window) .

For more information about Straal.js, our helper library, refer to API Reference: Straal.js(opens new window) .

Create your own checkout

  1. Your back end must send a request to Straal to have a CryptKey created for a specific permission.

  2. Pass the CryptKey to your front end.

  3. Install StraalJS via NPM and import sendEncrypted method from straaljs.

  4. When your customer fills in the form with their information, you need to prepare a payload consistent with the specific permission, and pass it to a relevant method of the Straal object. For example, after creating a CryptKey for v1.cards.create_with_customer, build a payload as for https://api.straal.com/v1/cards, and pass it to the method Straal.cards.createWithCustomer along with the CryptKey.

  5. You get a response on the front end. You can show a status notification to the customer on its basis.

  6. Your back end receives a confirmed answer as a notification. Only now you should consider the payment as successful, as the front end response is not 100% reliable.

# Managing payments via Straal API

We recommend that most of our clients choose the ready-made Straal Checkout Page. Although isn't as powerful as a full back-end-to-back-end integration, it's connected with less strict PCI security requirements.

Back-end-to-back-end integration

Achieving back-end-to-back-end integration and using the Straal API is the most flexible and powerful way of interacting with Straal. Using the Straal API is an option when you'd like to have your own checkout page – one that fits into your company's branding and UX.

It's possible if you're PCI Compliant, which means you can process payment data through your back end. This integration method is not often possible because of the high requirements of PCI-DSS compliance.

The minimum PCI requirement is completing a Self-Assessment Questionnaire type D. SAQ D is the strictest of the SAQs, and it's required when you aim to process card details. For more information, see Assessing the Security of Your Cardholder Data(opens new window) and the PCI Compliance section of this documentation. During the onboarding process Straal will inform you if filling out the SAQ form is required.

Straal.js integration

On the other hand, if you'd rather not process card data, and we recommend you don't, there are options to shift some responsibility over the data to Straal, as we're fully PCI Certified. In most cases, we recommend using the ready-made Straal Checkout Page or they build their own payment form using Straal.js(opens new window) , our helper library.

It comes with less strict PCI requirements, because card data doesn't pass through your back end. And in most cases, you're required to complete a PCI Type A-EP Questionnaire (SAQ A-EP), much less demanding than SAQ D.

To learn how to make the most of our RESTful API, consult our API Reference(opens new window) or various use cases in this documentation.

# Choose your method

Wondering which method you should choose? Below you'll find a comparison of the options.

Receiving payments method comparison

Straal Checkout Page Custom payment form Back-end-to-back-end integration
Quick and easy setup check
Additional security check check
Card processing outside your system check check
Full control over customer data check
Payment form hosted on your servers check check
Customizable branding and UX check check
Flexible integration check
Minimum PCI-DSS requirements (form to fill) SAQ A SAQ A-EP SAQ D

# Mobile SDKs

Are you developing a mobile app that your customers will love? We can make it easier!

Our Software Development Kits (SDKs) let you add Straal functionality to your own native Android and iOS applications to provide consistent payment experience across devices.

You can find our open-source SDKs on Github (Android(opens new window) , iOS(opens new window) ). Each repository's README has instructions on implementing Straal into your mobile app.

What you can do next:

Remember you can consult our comprehensive API Reference(opens new window) at any moment.

For help with payments vocabulary, head to our glossary.

You can reach us by e-mail. IT Support: [email protected], Support Team: [email protected].