Web Services

Secure Trading Web Services is for merchants who want to use their own secure servers, but wish to use Secure Trading’s payment network as part of their own ecommerce application. The Web Services interface allows merchants to submit a request to Secure Trading using a client program, providing a username and password for authentication. Unlike STAPI, no client needs to be installed on your own server to use Web Services.

Using Secure Trading Web Services you can:

  • Automate refunds and authorisation reversals, and control the settlement schedule for each transaction.
  • Have development capability and write applications that can process payments.
  • Integrate a payment solution into back-office or legacy systems.

For more information please contact our support team on 01248 672050.

I am looking at additional payment methods. What do you support?

We support many Additional Payment Methods (APMs) such as ApplePay, PayPal, AliPay, Sofort and PaySafe.  A comprehensive list of supported APM’s is available from our website

What additional fraud services do you offer?

We integrate with ACI ReD Shield which anticipates and responds to changing patterns of fraud ensuring Secure Trading’s merchants remain protected in all environments. You can find documents for Payment Pages, XML, and JSON on our website. Please contact your account manager for further details regarding this additional service.

How do I setup PayPal with SecureTrading?

Please refer to the Enabling PayPal document.

I’ve sent you my PayPal Username, but how do I setup PayPal itself?

If you are using Payment Pages, it’s automatically done for you.  If using Webservices or STAPI however you will need to check the relevant XML instructions. For the JSON integration, please refer to the online documentation.

Can I re-authorise transactions in STPP?

There is a fully integrated Re-Auth button that is available at the bottom of every transaction you have processed in MyST, allowing you to re-attempt another payment against that card.



Please note:  re-authorisations will not include the Security Code. You may be charged extra fees from your acquiring bank, please check with them before re-authorising!

Are refunds, authorisations, settlements and fraud/risk checks supported?

Yes, these features are fully supported.

How long does it take to receive the platform credentials?

These will be sent out by the support team once they’ve been set up after your contract has been signed with your account manager.  Account Credentials are usually supplied within a 48-hour period.

Do I have to request to go live?

Yes, you must send an email to [email protected] requesting for your account to be switched into live mode.

Please note:  this is only possible after you have received the email informing you that your merchant number has been successfully tested!

What is 3-D Secure?

3-D Secure is an additional layer of security that authenticates a customer during a transaction. It also affords you more protection against potential chargebacks.

What is the liability shift for 3-D Secure?

Provided you are utilising the 3-D Secure system, you will be covered for the majority of fraudulent transactions that are processed and the liability for payment will shift back to the card issuer.

Secure Trading believes the liability shift to be as follows:

Brand Enrolled Status Liability
Visa U Merchant*
Visa N Card Issuer**
Visa Y Y Card Issuer**
Visa Y N Merchant***
Visa Y A Card Issuer**
Visa Y U Merchant*
MasterCard U Merchant*
MasterCard N Card Issuer**
MasterCard Y Y Card Issuer**
MasterCard Y N Merchant***
MasterCard Y A Card Issuer**
MasterCard Y U Merchant*

Y= Yes
A= an attempt on something did not work with the communication
N= No
U= Unknown

* Important note: If the brand is Visa and enrolled or status is returned as a “U” (Unknown), it means that the merchant is not covered by the 3-D Secure scheme. In this case the merchant is still liable for any fraudulent transactions.
** Important note: There are some cases where the liability is not covered by the card issuer; for example some commercial cards under both brands. For more information please contact your acquirer.
*** Important note: In this case it is strongly recommended that the transaction does not proceed. This means the password entered did not match.

This is a high level overview of the liability shift. Please bear in mind we facilitate the process; we do not create or enforce the rules. If you are unsure of any transaction status that you may see, we would recommend that you contact your acquirer.

Are commercial cards covered by 3-D Secure?

The majority of Visa / Mastercard branded cards are covered by 3-D Secure, which does include some Commercial Cards. More information can be provided by your acquiring bank.

How do I activate 3-D Secure on my account?

If you are using Payment Pages, 3-D Secure will be enabled automatically by ourselves. If you are using an API system and require 3-D Secure, you have to include the relevant XML for performing 3-D Secure requests or if you are using the JSON integration, please refer to the Online 3-D Secure documentation.

Is 3-D Secure mandatory?

In most cases 3-D Secure is not mandatory, but is highly recommended.  It is however compulsory when processing Maestro cards. Some acquiring banks require that you use 3-D Secure. Please check with your acquiring bank before making any decisions on this.

I get “Invalid Site Reference for Alias” when sending a Web Services request. What is the issue?

It is likely that the Site Reference quoted in your XML is not linked to your Web Services username, or the value you are passing for ALIAS in the XML is invalid (it must be the Web Services username).

I get “401 Authorization Required” when sending a Web Services request. What is the issue?

The most likely cause of this would be incorrect credentials in your Web Services header, or you are using a username that is not setup as the Web Services role.

How do I set up email confirmations of an order?

This is done within MyST. Please refer to the Rule Manager documentation for more information.

Can I accept multiple currencies on my site?

Yes, but this depends entirely on your acquirer.  Please speak to support for more information.

I am seeing AUTH CODE: TEST when processing payments.

You are currently processing on a test account; you will need to ensure you request for your main account to be switched live and that your code is pointing to the correct site reference.

EG:  mycompany67890 instead of test_mycompany67891

I’m getting the following error “No account found” what might cause this?

You are trying to process a card type / currency / account type (ECOM / MOTO etc) that your account isn’t setup to process.

Which shopping carts can I use with Secure Trading?

We support many shopping carts such as Magento, PrestaShop, WooCommerce and OpenCart. A list of supported shopping carts is available from our website.

Why is no money being paid into my bank account? I put my website “Live” a week ago.

If your account is live, and your transactions are settling as expected, please speak to your acquiring bank.  If you are unsure of this, please call Support and we’ll point you in the right direction.  You would need to speak to your acquiring bank to find out where they are paying the money into.