An API, or application program interface, is the set of protocols and tools that let different types of software interface with each other. Developers use APIs to avoid reinventing the wheel every time they want to offer a new feature. Facebook’s API allows users to log onto other sites using their Facebook login credentials, for example. Mailchimp offers a popular API for email list management. And as you may have guessed, PayJunction also offers an API for payment processing.
In this guide, we’ll cover how a payment API helps businesses, and what features product managers and independent software vendors should look for.
How a Credit Card Processing API Works
A payment API acts a lot like a plugin adaptation for a business’ existing software. Integrating additional features into a system that employees are already familiar with enhances the functionality of the software system. Consider a summer camp, for example. The software program that stores camper and counselor registration information may serve the camp even better if it integrates with Google Maps API (for easier directions) and a payment API (so campers can easily pay their deposit or pre-order a T-shirt).
Using an API for credit and debit card processing saves businesses time from the beginning because developers don’t need to build out all the code and go through the process of PCI certification. Our API is one of the only cloud-based options in the payment space, which means that no cardholder data is stored or processed on the business’ local drive. The REST API communicates with just about any native or SaaS software, so customers can still process credit cards without leaving the business’ interface, but the business doesn’t need to take on the burden of completing audits and maintaining up-to-date certification standards.
Product managers work to create the best product in their vertical. Often, that translates to finding an API partner that provides a seamless, intuitive customer experience and prioritizes the features that clients value. Security is essential (no one wants to be the next company that gets hacked and jeopardizes cardholder data), so product managers assess how an API provider handles compliance and updates.
Finally, a payment API should make business operations simpler. Before signing on with a partner API to recommend for clients, make sure the provider offers the full package of services you need. Otherwise, you’ll have to start the search all over again to screen providers for missing services. Consolidate providers by working with a company that offers Merchant Account Provider and Payment Gateway services.
Limit Liability With Cloud Storage and EMV API
Payment technology evolves rapidly. It doesn’t make sense for independent software vendors to pour months of development work into an API partner that can’t provide up-to-date tech solutions and supportive customer service. Finding an API that limits liability for your clients reflects well on your business, too.
Keeping data in the cloud offers multiple benefits. It increases security, improves customer experience and limits the business’ liability. Merchant Account Providers that use middleware put businesses smack dab within PCI scope. Middleware stores and processes credit card data on a local system, so the business may be more vulnerable to fraud and face annual or quarterly audits. Middleware also tends to slow transaction speeds, which can irritate customers. With cloud-based terminal control, the business’ computer and software never touch the credit card data, protecting the business from this liability.
The other major liability consideration for a payment processor API is EMV compatibility. Credit cards outfitted with a smart chip are substantially more secure than the old, magnetic-strip model. The chip generates a new code for each transaction instead of reusing the same information, so it’s much harder for a malicious hacker to access usable information. EMV payment cards are now the gold standard. If businesses don't use EMV-friendly payment terminals, they may be held accountable for fraudulent transactions and be issued bank-initiated chargebacks.
An API that offers both of these features can have a big impact on customer experience. You combine minimum liability with faster transaction processing speeds (without middleware, the information doesn’t need to hit as many points along the way). Focusing on integrating with the best API partner now is much easier than asking your clients to switch their entire payment system down the line. This won't happen overnight, but the effort you put in now can generate a higher return on your time and investment.
One question to ask when screening prospective API providers regards responsibility for software updates. Does the provider maintain an in-house team that is accountable for updates and compliance? Or does the company outsource this kind of continued development work to a third party? Evaluate the provider’s willingness and ability to take ownership for their role in keeping their services compliant with current standards.
API Benefits Your Clients Want
Many software companies strive to be the best at what they do. Offering an API is a win-win scenario: The software company gets to offer a competitive, sought-after feature and other companies don’t have to waste time and resources replicating work. If you’re a product manager or an independent software vendor, you may use a checklist to evaluate payment APIs that looks something like this:
- Security: Keeping financial data secure is a top priority for businesses. Any payment API partner worth considering should be able to demonstrate what they do to be PCI DSS compliant. Ask whether the company uses point-to-point encryption (P2PE) or tokenization. P2PE decodes the data on either end of the transaction. Tokenization swaps cardholder data entirely with a randomly generated, non-mathematical token. The result is that P2PE limits your PCI scope, but a strong tokenization system can eliminate it.
- Speed: Software companies move fast. Part of the reason APIs are so popular is because they save so much redundant work in development. If you find an API partner company with the right integration capabilities, you can be up and running in a sprint cycle or two. PayJunction’s RESTful API is open access, so anyone can ask for the code, try out a Smart Terminal for developer testing and check out videos on how other companies integrated their software.
- Convenience: Integrating a payment API streamlines payment processing, which benefits the customer service experience. Employees will also find it more convenient to work with a system that incorporates multiple functions that they need day to day. A doctor’s office or veterinary clinic, for example, can incorporate patient records, physician schedules, an appointment calendar, and payment processing into a connected software solution.
- Advanced payment features: You could recommend a bare-bones software solution to a client. Or, you could suggest a payment API with advanced features to streamline various customer transactions. Which do you think the client would prefer? One feature businesses appreciate is secure customer vaults, or accounts on file. This ability to store information lets businesses set up customer autopay or handle refunds with a few clicks. Remote signature capture is another attractive benefit that enables convenient, secure e-commerce and phone transactions that still protect the business against incorrect chargebacks.
- Secure digital storage: Eliminating the need for extensive paper storage is always worth a mention, especially in an era where secure, reliable digital storage solutions are common. Digital storage is often easier to organize and search than traditional filing. It’s certainly less cumbersome than maintaining physical repositories of the last three to seven years’ worth of receipts in case you need them for an audit.
- Customer support: As the saying goes, “Failing to plan is planning to fail.” Any developer has experienced the frustration of an unexpected glitch. Who can you call if the API encounters a problem? What proactive measures does the provider take to anticipate and prevent issues before they occur? An unreliable payment system will cost the client revenue, and can even erode their customer base if buyers are turned off by a glitchy shopping cart. An API partner’s reliability (or lack thereof) reflects on the company that recommended it, so product managers need to ensure that their pick is dependable.
Spot Unethical Warning Signs
Many business owners don’t understand much about how an API works. Even some developers may not probe too deeply into the nuts and bolts of an API. That’s part of why people use APIs in the first place — to benefit from another company’s developments, instead of reinventing the wheel. Unfortunately, some players in the payment space make their billing statements too complex to understand. This disguises practices that are unfair, or even unethical. And recommending an unethical provider won't better your relationship with your customers.
For warning signs of an unethical API partner, ask if they charge any of the following fees:
- PCI compliance fee: This is a penalty that does nothing to help the business become PCI compliant. (Wouldn’t a provider that was genuinely concerned about compliance provide support or resources?) It’s a pointless slap on the wrist because the provider isn’t shocked enough to terminate the contract.
- Self-assessment questionnaire fee: It’s one thing to offer a questionnaire that helps businesses determine ways to improve their PCI compliance or other smart practices. It’s quite another to charge a business for declining to complete what should be a voluntary questionnaire.
- Next-day funding fee: Any business, understandably, wants to access funds as soon as possible. Some providers treat next-day funding as an accelerated funding time worth paying for. The problem is, it doesn’t cost the provider anything to offer next-day funding versus a two- or three-day turnaround. It’s shady at best for a provider to essentially hold a business’ revenue hostage for an extra day just to create an artificial “accelerated” service.
- Tax reporting fee: This might look like “TIN/EIN Validation” on a billing statement, and it’s an unethical charge. The provider is legally required to report revenue to the IRS. There’s no ethical reason to squeeze a few extra dollars of profit due to a legal obligation.
This is by no means an exhaustive list, but it should give you an idea of the provider's integrity. Just because a fee is common in the industry doesn’t mean it’s a fair practice.
Be Cautious of Unsupported APIs
On your end, you should also be wary of integrations that are built by outsourced developers. These APIs might have been current at one point, but may not be maintained or supported by an in-house developer at the company you partner with. This means you won't have assistance when a bug arises or mandatory updates (like the TLS 1.1 update) are needed. Partnering with a payment API like this will amount to a waste of time, effort and more work down the road.
Working with the right payment API provider can give clients all the benefits of an integrated payment system, without the burden of PCI audits or worries over exposing cardholder data. Benefit from the expertise of a partner you can trust, and you can reap long-term rewards on the investment.
Do you have additional questions about payment APIs? Leave them in the comments section below and we'll get back to you!