¶ IngoPay iFrame
¶ Overview
Dynamic plugin component embeds seamlessly in your UX to securely capture, verify and tokenize payment account credentials.
The overall flow is four steps:
- Post an IngoPay - Session Management API request to initialize a plugin session.
- Utilize the plugin to tokenize a card or non-card based account data.
- Retain the
customer_account_tokenreceived via webhook for future use in funding events to the same customer using the same account.- Post an IngoPay - Gateway Process API request to initiate a funding event to the customer's account.
IngoPay iFrame Flow Chart (Happy Path Model)
¶ API Authentication
The IngoPay API utilizes HMAC Authentication. HMAC Authentication is a mechanism for calculating a message authentication code using a hash function in combination with a shared secret key between the two parties involved in sending and receiving the data (Front-end client and Back-end HTTP service). The main use for HMAC is to verify the integrity, authenticity, and identity of the message sender.
¶ The following is required to authenticate to any of the IngoPay API methods.
Valid participant ID provided by Ingo Payments
Valid Secret provided by Ingo Payments
An HMAC signature must be generated and sent in the Authorization header; the data in the Authorization header will contain the username, signing algorithm, headers, and the signature
- A comprehensive packet of information on creating your HMAC authentication will be provided with the credentials listed above.
¶ Request Management Policy
Ingo Payments is steadfast in ensuring the reliability and security of our platform for the benefit of our partners and their customers. As part of our network management, we implement rate limits to mitigate any detected risks to our service's stability.
We advise our clients to limit their actions to, at most five simultaneous requests per second to prevent system overload. This recommendation is in place to help maintain seamless service performance and to avoid activating our rate-limiting measures.
However, we understand that certain business operations may require a higher throughput rate. If your integration necessitates a greater volume of requests, or if you encounter any constraints due to our rate limiting, we encourage you to reach out directly to Ingo Payment's Partner Technical Support. Our team is ready to assist in evaluating your needs and exploring options to support your higher request volumes while continuing to protect the platform's integrity for all users.
¶ Abstracts
| Abstract | Summary |
|---|---|
| Provide customer information used to establish a branded & secure PCI-compliant plug in session. | |
| Mount a secure PCI-compliant plugin to capture account data in your own UX over web and mobile platforms. Includes recipient risk screening and account verification. | |
| Receive timely detailed information regarding plugin session activities. Obtain a customer account token for future use in funding events. Only subscribe to events of interest for your program. | |
| Tell us what account to pay & how much to pay utilizing a secure PCI-Compliant account token received via webhook. |
¶ Permitted Character Set
