.

Nuvei Payment Middleware Digital Explorer menu

Integrator Quickstart Guide

Select a workflow part below to see the required steps, review process diagrams, and jump directly to the relevant operations in the API Explorer.

💡 Pro Tip: When using the live API Explorer, select a gateway from the dropdown to be taken through a guided, three step flow to generate your x-credentials token. This token will then be automatically saved in Explorer Settings allowing you to test operations and view code examples tailored to your use case. Simply click "add later" to continue prototyping without entering your profile.
Part 1:Settings Profile & Middleware Token

Your journey begins by exchanging gateway credentials for a middleware token. This token (x-credentials) authenticates all subsequent requests for that specific gateway.

  1. Call GET /api/gateway/list to find the exact system name for your gateway (e.g., "ncpv1").
  2. Fetch the settings template with GET /api/{gateway_name}/settings. This shows the exact fields required to build your settings profile in the next step.
  3. Submit your completed settings profile to POST /api/gateway/credentials and collect your middleware token from the response.
  4. Cache the returned x-credentials token and refresh every 20 minutes to keep alive if unused. If token is used at least once per 20 minutes, there is no expiration.
    • When using this site's API toolkit to send a credentails request, your token will be automatically saved as a variable for use in subsequent test calls across the API Explorer.
  5. It is also suggested that integrators fetch and cache paymentMethods for the active gateway using /api/paymentmethod. Refresh periodically or on invalidation - never hard-code values.
    • Note that paymentMethod is sent in all calls which setup a user interface for user payment to determine which interface to present.
flowchart TD subgraph User Actions A["**Get a list of supported gateways**
Capture your gateway's name."] B["**Get the settings template**
Gather the required values."] C["**Submit your completed settings profile**
Receive your token."] D(("Used For All
Operations")) end subgraph Middleware MW(PAYMENT MIDDLEWARE) end %% Define the main vertical workflow A --> B --> C --> D %% Define the request/response data flows A -- "/api/gateway/list" --> MW MW -- "gateway names list" --> A B -- "/api/{gateway}/settings" --> MW MW -- "{JSON} Settings Template" --> B C -- "/api/gateway/credentials" --> MW MW -- "Middleware x-credentials Token" --> C

This is the fundamental first step: exchange your gateway settings for a middleware token that you will use globally.

Part 2:CC Payment with Surcharge (InterPayments)

This workflow demonstrates a common credit card transaction that includes an automatically calculated surcharge via InterPayments.

  1. Obtain your x-credentials token (with InterPayments) for your gateway (NCP in this example), ensuring the InterPayments fields are included in your settings profile.
  2. (Optional) Pre-calculate the fee for customer disclosure using POST /api/surcharge/compute.
  3. Request a hosted UI for user payment account entry with /api/transaction/processtransaction
    1. set amount and subtotalAmount accordingly
    2. set surchargeAmount to null (calculated/added automatically)
    3. set paymentMethod to the desired value from your cached gateway paymentMethod values
    4. set customerID and other billing details to further customize the user experience.
  4. Use Reports - Inquire to retrieve the final transaction status and confirm the persisted surchargeAmount.
flowchart TD S([Start]) --> C{Pre-disclose fee?}; C -- Yes --> SC[POST Surcharge - Compute]; C -- No --> A[Process Payment]; SC --> A; A --> IQ[GET Reports - Inquire]; IQ --> E([End]);

To trigger surcharge calculation, send subtotalAmount and set surchargeAmount: null in your Authorization request.

Part 3:User-Added Card-On-File for Speedy Authorizations

This workflow enables end-users to save (tokenize) a payment method for later authorization

  1. Prompt user to enter payment method for vault storage using Account - Save.
    • Be sure to include the correct postal/ZIP code for accurate surcharge calculations.
  2. Authorize vaulted payment method at a later time Process - Transaction.
    • Use your gateway's "cc token" equivalent paymentMethod value to set paymentMethod in the request body.
    • Set transactionType to "capture"
  3. Confirm final status and amounts by calling Reports - Inquire.
flowchart TD S([Start]) --> SAVE[User CC Account Vaulted]; SAVE --> A[Authorize from Stored Account]; A --> IQ[GET Reports - Inquire]; IQ --> E([End]);

The postal/ZIP code stored on the profile impacts surcharge outcomes for token-based payments.

Part 4:Alternative Payment Methods via Hosted IFrame

Alternative Payment Method (APM) availability varies by gateway and a host of other factors. Please call api/gateway/paymentMethods to confirm values and availability for all paymentMethods.

  1. Launch the hosted UI via POST ProcessTransaction, specifying the APM required in the request body and present the URL or HTML response to the user in an iFrame to complete payment.
  2. The user completes the payment flow within the hosted UI.
  3. Call GET Reports - Inquire to get the final, persisted transaction status and details from the middleware.
flowchart TD S([Start]) --> PROC["POST ProcessTransaction (SEPA)"]; PROC --> UI["User completes flow in IFrame"]; UI --> IQ["GET Reports - Inquire"]; IQ --> E([End]);

The SEPA flow remains in the same popup/iframe. Some other APMs may open a second window.

Part 5:Post-Transaction Void/Refund & Reporting

After a transaction is complete, you may need to reverse it. The correct action depends on whether the transaction has been settled.

  1. If the transaction has not yet settled, reverse it using the appropriate Void endpoint (e.g., PayaConnect Void or NCP Void).
  2. If the transaction has already settled, you must issue a Refund (e.g., PayaConnect Refund or NCP Refund).
  3. In either case, use the Inquire endpoint (e.g., PayaConnect Inquire or NCP Inquire) to confirm the final status and amounts.
flowchart TD S([Start]) --> Q{Settled?}; Q -- No --> V[POST Void]; Q -- Yes --> R[POST Refund]; V --> IQ[GET Reports - Inquire]; R --> IQ; IQ --> E([End]);
Part 6:Understanding API Responses & Error Handling

The middleware uses a two-layer response system. Your code should first check for middleware-level errors before parsing the gateway's response.

Layer 1: Middleware Validation Errors

These errors occur if your request fails initial validation before it can be sent to the gateway.

  • 401 Unauthorized: Your x-credentials token is missing or invalid.
    Action: Ensure you are sending a valid token in the x-credentials header. Generate a new one if necessary.
  • 422 Unprocessable Entity: Your request is valid JSON, but a required field is missing or a value has the wrong format. The response body will detail the specific error.
    Action: Correct the field(s) named in the error message and retry the request.
  • 400 Bad Request: Your request body is not well-formed JSON.
    Action: Check your JSON for syntax errors like missing commas, quotes, or brackets.

Layer 2: Gateway Responses

If your request passes middleware validation, it is sent to the gateway. The middleware passes the gateway's response back to you transparently.

  • 200 OK: The gateway successfully processed the request.
    Action: Parse the response body for the gateway's specific success payload, which includes the transactionID and final status.
  • 402 Payment Required: The gateway rejected the transaction. The response body will contain the gateway's specific error message (e.g., "Declined," "Invalid Card Number").
    Action: Parse the gateway's error message and handle it appropriately (e.g., display a message to the user).
flowchart LR subgraph Middleware Req[Request with token] --> V{Validation}; end subgraph Gateway GW[Send to Gateway] end V -- Invalid --> L1[4xx Layer-1 Errors]; V -- Valid --> GW; GW -- Success --> OK[200 Gateway Success]; GW -- Failure --> ERR[402 Gateway Error];
Part 7: Integration Certification – What to Expect

Certifying your Nuvei Payment Middleware integration ensures your ISV solution can securely and reliably execute all required transaction operations, in full compliance with Nuvei guidelines. Before production enablement, each essential transaction type included in your integration must be tested and certified.

Required Transaction Types for Certification

  • Tokenization: Test transactions where sensitive card data is replaced with secure tokens for storage and future use, enhancing security and compliance.
  • Authorization: Validate that a customer’s payment method is active and has sufficient funds or credit. This step reserves the amount but does not transfer funds.
  • Capture: Complete the payment by transferring reserved funds after authorization. Some gateways combine authorization and capture; others allow them separately.
  • Sale (Auth + Capture): Combines authorization and capture in a single step, typically used for instant delivery of goods or services.
  • Refund: Return funds to the customer after a completed sale. Test both full and partial refunds to ensure flexibility.
  • Void: Cancel a previously authorized payment before capture—useful if an order is canceled before fulfillment.
  • Reversal: Similar to a void, but may apply after settlement depending on the payment network. Important for dispute resolution and error correction.
  • Declined Transaction: Simulate scenarios where payments are declined due to insufficient funds, expired cards, or incorrect data.
  • Interpayments Surcharge Testing:
    • Credit Card transactions with expected surcharge
    • Debit Card transactions (no surcharge expected)
flowchart TD CERT[Start Certification] CERT --> TOK[Tokenization] CERT --> AUTH[Authorization] AUTH --> CAP[Capture] CERT --> SALE[Sale] CERT --> REF[Refund] CERT --> VOID[Void] CERT --> REV[Reversal] CERT --> DECL[Declined Transaction] CERT --> SUR[Interpayments Surcharge Testing] SUR --> CC[Credit Card] SUR --> DC[Debit Card] CC --> END[Ready for Production] DC --> END TOK --> END CAP --> END SALE --> END REF --> END VOID --> END REV --> END DECL --> END

Note: Each transaction type relevant to your integration must be successfully tested and certified before production deployment.

Part 8: Sandbox Transaction Testing and Test Cards by GatewayNEW

Sandbox Testing & Gateway Alignment

While the Payment Middleware consolidates and simplifies many functions across gateways, transaction testing in sandbox environments requires alignment with each gateway’s testing practices and test values. This section centralizes the essential test data and scenarios that integrators need across gateways.

PayaConnect Gateway

Use the trigger amounts below based on the outcome you'd like to test; use AVS and CVV trigger values to force ACS response as needed.

Test Card Numbers
BrandPANCVVExp
Visa4111111111111111999Any future date
Mastercard5454545454545454999Any future date
Amex60110009901394241234Any future date
Discover6011000991300009999Any future date
Outcome Testing Trigger Amounts
Sale AmountOutcome/Response
$29.66APPROVED
$5.001500 DENY
$6.161616 INSUFFICIENT_FUNDS
$6.221622 CARD_EXPIRED
$6.301630 REJECTED_BATCH (first close fails; second succeeds)
$8.xxDelayed response; cents = seconds (e.g., $8.05 ⇒ ~5s)
AVS/CVV Test Trigger Values
ValueTypeOutcome
Street: 5800 NW 39th AVE; ZIP: 32606AVS streetAVS — PASS
Street: 2831 NW 41st St STE J; ZIP: 32615AVS streetAVS — DENY
999 (V/MC/Disc)CVV DataCVV match
123 (V/MC/Disc)CVV DataN – not auto declined
Test ACH Accounts
Account TypeBank RoutingAccount NumResponse
checking072000326700953657Success

Note: ACH approvals do not behave like card authorizations. Settlement with the banks typically completes in 1–4 business days. The account above can be used to test a successful payment at the point of entry.

gateway docs

NCP (v1) Gateway

Use the test card data below for each brand (Visa, Mastercard, Amex, Discover). Expiry: any future date; CVV: any valid value (e.g., 123; Amex 1234).

Test Card Numbers
BrandPANCVVExp
Visa4111111111111111123Any future date
Mastercard5454545454545454123Any future date
Discover378282246310005123Any future date
Amex60110009901394241234Any future date
3DS / Flow Trigger Values
ConditionPANHow to trigger in INT
3DS “Force Challenge”4000000000001109amount > 150
3DS “Challenge Flow” (frictionless)4000000000001091cardHolderName = CL‑BRW1

Note: Nuvei’s INT environment maintains the authoritative test‑card database.

gateway docs

Till Payments Gateway

Note: Use the Simulator connector for card outcomes and SEPA Direct Debit testing.

Test Card Numbers
BrandPANCVVExp
Visa (success)4111111111111111123Any future date
Visa (decline)4242424242424242
Mastercard5555555555554444123Any future date
Discover6011111111111117123Any future date
3DS / Special Triggers
TriggerHow
SCA soft‑declineSend amount 65.00 (any currency)
3DS scenariosUse listed 3DS test numbers (frictionless/challenge) when enabled
SEPA Outcome IBAN Triggers
IBAN last 4Outcome
1111Success
2222Pending
2003Declined
2006Insufficient funds

gateway docs

PayaCore Gateway

Use the test card data below for each brand (Visa, Mastercard, Amex, Discover). Expiry: any future date; CVV: any valid value (e.g., 123; Amex 1234).

Test Card Numbers
BrandPANCVVExp
Visa4111111111111111123Any future date
Mastercard5454545454545454123Any future date
Discover6011000991300009123Any future date
Amex3714496353984311234Any future date

gateway docs

Authorize.Net Gateway

Use the test card data below for each brand (Visa, Mastercard, Amex, Discover). Expiry: any future date; CVV: any valid value (e.g., 123; Amex 1234). Keep the sandbox account in Live Mode for realistic behavior.

Test Card Numbers
BrandPANCVVExp
Visa4111111111111111123Any future date
Mastercard5424000000000015123Any future date
Discover6011000000000012123Any future date
Amex3700000000000021234Any future date
Test Card Trigger Values
TypeValueEffect
Card — approvedany amountApproved
Card — declinezipCode = 46282General decline (Response Code 2)
ACH — approvedamount < $100ACH (eCheck.Net) approved
ACH — declinedamount > $100ACH (eCheck.Net) declined

gateway docs

CardConnect Gateway

All testing values including test card numbers are provided in the CardConnect welcome kit/email for your sandbox merchant profile.

Steps to complete testing
  • Use the sandbox credentials and the PANs/ACH details supplied in your welcome kit (varies by simulator profile).
  • Validate flows through the middleware API using the provided test data.

gateway docs

Part 9: Validating Transaction Throughput to Your GatewayNEW

Why It Matters

Validating that all transactions and related operations sent via Payment Middleware are received, recorded, and (when applicable) settled by your payment gateway protects against mapping errors, field mismatches, or lost webhooks and ensures that what your application sends is exactly what your gateway processes. Remember, the Payment Middleware is designed to centralize, streamline, and enhance your connection to the destination gateway and only knows which response was recieved for your request.

Transaction-Based Activities to Validate
  • /payment — use when your flow posts a single-step Sale (Auth+Capture) or a two-step Authorization that may capture later. Confirm the gateway shows a corresponding sale/auth record.
  • /transaction — use for operational actions like capture, void, and refund, and for certain APM or hosted flows. Confirm the gateway shows the correct follow-on entry tied to the original authorization/sale.
  • Reporting / Inquiry — if your integration calls an inquiry endpoint (e.g., Reports – Inquire), confirm the values returned by middleware match what the gateway’s reporting/VT shows for the same transaction.

Tip: For multi-step flows, validate in this order: Authorization → Capture (or Sale only) → Void/Refund (as applicable) → Settlement/Funding (batch).

What to Validate Within Those Calls
Field / Aspect What to Check
Transaction Type Auth, Capture, Sale, Void, Refund (and APM equivalents) match your intended call (/payment vs. /transaction) and gateway record.
Amounts Base amount, currency, and any surcharge, tax, or tip amounts equal the values displayed in the gateway. For Auth→Capture, ensure captured amount equals or is ≤ authorized amount per your flow.
Status & Codes Approved/Declined/Voided/Refunded states, plus gateway authCode, transactionId/reference, and (if present) AVS/CVV and 3DS results.
Custom Data Your external identifiers (e.g., orderId, invoiceNumber, customerID, metadata) are persisted and searchable in the gateway UI/reports.
Payment Method Masked PAN (last 4), brand, wallet/APM labels, token indicators, and card-present vs. card-not-present flags appear as expected.
Batch / Settlement For captured sales, verify the transaction moved to an open/closed batch as expected and appears on funding/deposit reports.
Descriptor / MID            Correct MID, location, and (if applicable) soft descriptor values are associated to the transaction.
Timestamps Time zone and ordering (Auth before Capture, Refund after Sale, etc.) are consistent between middleware responses and the gateway.

Validate in Your Gateway’s Reporting / Virtual Terminal (VT)
  1. Open your gateway’s reporting or VT tool and filter by the transaction timestamp window used in testing.
  2. Search by a reliable key (amount, last 4, reference/transaction ID, order/invoice number, or customer ID).
  3. Open the gateway detail view and compare each item in “What to Validate” against your middleware request/response records.
  4. For two‑step flows, confirm the relationship: Auth → Capture (or Sale only) and any subsequent Void/Refund entries are properly linked.
  5. Confirm settlement (batch close, deposit/funding line) when applicable.

If any value doesn’t match: re-check your request body (types, formatting, currency), confirm the correct headers/token were used, and re‑run a controlled test with a unique external reference to isolate the entry in reports.

Explorer Settings

© 2025 Nuvei Corp. All Rights Reserved
Privacy notice | Terms of use