FAQs – Secure Trading API

Powering Commerce. Powering Payments.

Secure Trading API

The Secure Trading API is our service for merchants who want to use their own secure servers, but wish to use Secure Trading’s payment network as part of their own e-commerce application. It has all the capabilities of SecureTrading STPP Payment Pages, but in addition you can use our service in a more sophisticated way.

Using SecureTrading API you can:

  • Automate refunds and authorisation reversals, and control the settlement schedule for each transaction.
  • Have development capability and write applications that can process payments.
  • Integrate a payment solution into back-office or legacy systems.

For more information please contact our support team on 01248 672050

I am looking at additional payment methods. What do you support?
We support many Additional Payment Methods (APMs) such as ApplePay, PayPal, AliPay, Sofort and PaySafe.  A comprehensive list of supported APM’s is available from our website
What additional fraud services do you offer?
We integrate with ACI ReD Shield which anticipates and responds to changing patterns of fraud ensuring Secure Trading’s merchants remain protected in all environments. You can find documents for Payment PagesXML, and JSON on our website. Please contact your account manager for further details regarding this additional service.
How do I setup PayPal with SecureTrading?
Please refer to the Enabling PayPal document.
I’ve sent you my PayPal Username, but how do I setup PayPal itself?
If you are using Payment Pages, it’s automatically done for you.  If using Webservices or STAPI however you will need to check the relevant XML instructions. For the JSON integration, please refer to the online documentation.
Can I re-authorise transactions in STPP?
There is a fully integrated Re-Auth button that is available at the bottom of every transaction you have processed in MyST, allowing you to re-attempt another payment against that card. Please note: re-authorisations will not include the Security Code. You may be charged extra fees from your acquiring bank, please check with them before re-authorising!
Are refunds, authorisations, settlements and fraud/risk checks supported?
Yes, these features are fully supported.
How long does it take to receive the platform credentials?
These will be sent out by the support team once they’ve been set up after your contract has been signed with your account manager.  Account Credentials are usually supplied within a 48-hour period.
Do I have to request to go live?
Yes, you must send an email to [email protected] requesting for your account to be switched into live mode. Please note:  this is only possible after you have received the email informing you that your merchant number has been successfully tested!
What is 3-D Secure?
3-D Secure is an additional layer of security that authenticates a customer during a transaction. It also affords you more protection against potential chargebacks.
What is the liability shift for 3-D Secure?
Provided you are utilising the 3-D Secure system, you will be covered for the majority of fraudulent transactions that are processed and the liability for payment will shift back to the card issuer.

Secure Trading believes the liability shift to be as follows:

Brand Enrolled Status Liability
Visa U Merchant*
Visa N Card Issuer**
Visa Y Y Card Issuer**
Visa Y N Merchant***
Visa Y A Card Issuer**
Visa Y U Merchant*
MasterCard U Merchant*
MasterCard N Card Issuer**
MasterCard Y Y Card Issuer**
MasterCard Y N Merchant***
MasterCard Y A Card Issuer**
MasterCard Y U Merchant*

Y= Yes A= an attempt on something did not work with the communication N= No U= Unknown * Important note: If the brand is Visa and enrolled or status is returned as a “U” (Unknown), it means that the merchant is not covered by the 3-D Secure scheme. In this case the merchant is still liable for any fraudulent transactions. ** Important note: There are some cases where the liability is not covered by the card issuer; for example some commercial cards under both brands. For more information please contact your acquirer. *** Important note: In this case it is strongly recommended that the transaction does not proceed. This means the password entered did not match. This is a high level overview of the liability shift. Please bear in mind we facilitate the process; we do not create or enforce the rules. If you are unsure of any transaction status that you may see, we would recommend that you contact your acquirer.

Are commercial cards covered by 3-D Secure?
The majority of Visa / Mastercard branded cards are covered by 3-D Secure, which does include some Commercial Cards. More information can be provided by your acquiring bank.
How do I activate 3-D Secure on my account?
If you are using Payment Pages, 3-D Secure will be enabled automatically by ourselves. If you are using an API system and require 3-D Secure, you have to include the relevant XML for performing 3-D Secure requests or if you are using the JSON integration, please refer to the Online 3-D Secure documentation.
Is 3-D Secure mandatory?
In most cases 3-D Secure is not mandatory, but is highly recommended.  It is however compulsory when processing Maestro cards. Some acquiring banks require that you use 3-D Secure. Please check with your acquiring bank before making any decisions on this.
Error Message: Request aborted: Unable to send to gateway javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure.
This is usually caused by your STAPI client not running when you attempt to send the request through.
Error Message: XML: org.xml.sax.SAXParseException: Premature end of file.
The most likely cause of this error is when a carriage return does not exist at the very end of the XML file, or the XML file is truncated before the end.
Is it possible to run concurrent versions of Secure Trading API at the same time on the same server?
Provided you keep them separate on your server (and separate the versions of Java if relevant), then yes; this is possible.
How do I set up email confirmations of an order?
This is done within MyST. Please refer to the Rule Manager documentation for more information.
Can I accept multiple currencies on my site?
Yes, but this depends entirely on your acquirer. Please speak to support for more information.
I am seeing AUTH CODE: TEST when processing payments.
You are currently processing on a test account; you will need to ensure you request for your main account to be switched live and that your code is pointing to the correct site reference.
EG:  mycompany67890 instead of test_mycompany67891
I’m getting the following error “No account found” what might cause this?
You are trying to process a card type / currency / account type (ECOM / MOTO etc) that your account isn’t setup to process.
Why is no money being paid into my bank account? I put my website “Live” a week ago.
If your account is live, and your transactions are settling as expected, please speak to your acquiring bank.  If you are unsure of this, please call Support and we’ll point you in the right direction.  You would need to speak to your acquiring bank to find out where they are paying the money into.