Straal offers four ways of receiving online payments on your website or in your native app.
It doesn't matter which way you choose, your customers’ personal details will be protected with the highest quality security protocols.
Choose from the following:
- your website, either using your own checkout with the help of Straal.js, or our checkout page
- mobile apps, using the Android or iOS SDKs
- point of sale (POS), using a terminal in your offline shop
In this section you will learn about:
- implementing the Straal Checkout Page
- building your own payment form
- using the Straal API
The quickest and easiest method to launch your Straal agent is to use Straal’s ready-made Checkout Page. We guarantee outstanding customer experience for your customers regardless of the type of device they are using. Our forms can be used on a variety of devices – desktop computers, smartphones and tablets.
Read more about using checkout page in APIref: Checkout Page.
Using Straal checkout page
Send request to create
checkoutobject in Straal. For technical details, see APIref: Initialize checkout.
Redirect the end user to the
redirect_urlobtained from checkout initialization response.
After payment attempt you will receive notification -
checkout_attempt_finishedfor card transactions, or
pay_by_link_payment_failedfor Pay-By-Link payment. For one checkout there can be more that one payment attempt because Straal Checkout Page enables end user to retry failed payment attempt. After notifications about failed payment you can receive information about successful attempt. If you receive notification about payment failure after notification about success, you should ignore it. This may happen when there are connection problems. You should always treat notification about payment success as a final one.
Read more about Straal notifications: Notifications.
Read more about
checkout_attempt_finished notification: APIref: checkoutattemptfinished.
Read more about
pay_by_link_payment_succeeded notification: APIref: pay_by_link_payment_succeeded.
Read more about
pay_by_link_payment_failed notification: APIref: pay_by_link_payment_failed.
Your own payment form
If you value aesthetic consistency, and you'd like to design your payment form, Straal gives you full freedom and flexibility in this matter. This also gives you the possibility to maintain the purchasing process fully on your website.
We provide a safe way for your customers to provide their card details. They are encrypted and sent securely to the system using Straal.js, our helper library. Straal.js encrypts the Cardholder's data before sending it to us, so we take care of its security. Because the data isn't sent through your back end, you have to keep in mind fewer PCI-compliance requirements. Straal.js processes requests encrypted with CryptKeys.
CryptKeys are special objects that allow you to send encrypted data directly to our API endpoint. They have a one-time token inside at the same time. This can be useful in various scenarios, such as making a request from mobile or web applications where you can't expose the API Key.
Read more about using CryptKeys in APIref: CryptKeys.
For more information about Straal.js, our helper library, refer to API Reference: Straal.js.
Create your own checkout
Your back end must send a request to Straal to have a CryptKey created for a specific permission.
Pass the CryptKey to your front end.
StraalJSvia NPM and import sendEncrypted method from
When your customer fills in the form with their information, you need to prepare a payload consistent with the specific permission, and pass it to a relevant method of the
Straalobject. For example, after creating a CryptKey for
v1.cards.create_with_customer, build a payload as for
https://api.straal.com/v1/cards, and pass it to the method
Straal.cards.createWithCustomeralong with the CryptKey.
You get a response on the front end. You can show a status notification to the customer on its basis.
Your back end receives a confirmed answer as a notification. Only now you should consider the payment as successful, as the front end response is not 100% reliable.
Managing payments via Straal API
We recommend that most of our clients choose the ready-made Straal Checkout Page. Although isn't as powerful as a full back-end-to-back-end integration, it's connected with less strict PCI security requirements.
Achieving back-end-to-back-end integration and using the Straal API is the most flexible and powerful way of interacting with Straal. Using the Straal API is an option when you'd like to have your own checkout page – one that fits into your company's branding and UX.
It's possible if you're PCI Compliant, which means you can process payment data through your back end. This integration method is not often possible because of the high requirements of PCI-DSS compliance.
The minimum PCI requirement is completing a Self-Assessment Questionnaire type D. SAQ D is the strictest of the SAQs, and it's required when you aim to process card details. For more information, see Assessing the Security of Your Cardholder Data and the PCI Compliance section of this documentation. During the onboarding process Straal will inform you if filling out the SAQ form is required.
On the other hand, if you'd rather not process card data, and we recommend you don't, there are options to shift some responsibility over the data to Straal, as we're fully PCI Certified. In most cases, we recommend using the ready-made Straal Checkout Page or they build their own payment form using Straal.js, our helper library.
It comes with less strict PCI requirements, because card data doesn't pass through your back end. And in most cases, you're required to complete a PCI Type A-EP Questionnaire (SAQ A-EP), much less demanding than SAQ D.
To learn how to make the most of our RESTful API, consult our API Reference or various use cases in this documentation.
Choose your method
Wondering which method you should choose? Below you'll find a comparison of the options.
Receiving payments method comparison
|Straal Checkout Page||Custom payment form||Back-end-to-back-end integration|
|Quick and easy setup|
|Card processing outside your system|
|Full control over customer data|
|Payment form hosted on your servers|
|Customizable branding and UX|
|Minimum PCI-DSS requirements (form to fill)||SAQ A||SAQ A-EP||SAQ D|
Are you developing a mobile app that your customers will love? We can make it easier!
Our Software Development Kits (SDKs) let you add Straal functionality to your own native Android and iOS applications to provide consistent payment experience across devices.
What you can do next:
Remember you can consult our comprehensive API Reference at any moment.
For help with payments vocabulary, head to our glossary.