Payment Pages
Reusable hosted payment pages · Customer-entered amounts · Card payments with optional 3D Secure
Summary
Payment Pages are reusable, shareable hosted checkout pages that allow merchants to accept payments without building a custom payment form. Unlike Payment Links (which are single-use with a fixed amount), Payment Pages can be used multiple times and the customer enters the payment amount at checkout.
Payment Pages support manual card entry with optional 3D Secure verification, configurable surcharge, and tax. Each payment creates a transaction record while the page remains active for future payments.
Payment Page Lifecycle
- Create — Merchant creates a payment page with a name, optional description, surcharge, tax, and 3D Secure settings.
- Share — The page is accessible via a public URL using the business slug and page slug:
/payment_pages/{business_slug}/{page_slug}/pay - Customer Registration — Before paying, the customer provides their name, email, and phone number to create or retrieve a customer record.
- Pay — Customer enters the desired amount, fills in card details, and submits. 3D Secure step-up is triggered if enabled.
- Result — On approval, a transaction is recorded. Both merchant and customer receive payment confirmation emails. The page remains active for future payments.
Payment Pages vs Payment Links
| Feature | Payment Page | Payment Link |
|---|---|---|
| Amount | Customer enters at checkout | Fixed by merchant at creation |
| Reusability | Unlimited — reusable | Single-use |
| Customer | Created / found at payment time | Required at link creation |
| URL Structure | /{business_slug}/{page_slug}/pay | /{payment_link_id}/pay |
| Status Tracking | No status — always active | CREATED → PAID / EXPIRED |
| Google Pay | Not supported | Supported |
| Invoice Linking | Not supported | Supported |
| Contract Linking | Not supported | Supported |
| Expiry | Never expires | Optional expiry |
Processing Flow
When 3D Secure is enabled on the page, the customer is redirected to their card issuer for authentication before the payment is processed.
Authentication
Merchant API (Private)
All merchant-facing endpoints require a valid Bearer token via the Authorization header and are scoped to a business:
Authorization: Bearer {access_token}
Content-Type: application/jsonBase URL pattern: /api/{business_id}/payment_pages
Customer API (Public)
Public endpoints do not require authentication. They are accessed by slug-based URLs:
GET /api/payment_pages/{business_slug}/{page_slug}/pay
POST /api/payment_pages/{business_slug}/{page_slug}/payCreate Payment Page
POST /api/{business}/payment_pages
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Page name — a URL slug is automatically derived from this |
description | string | No | Description displayed to the customer on the payment page |
surcharge | boolean | No | Apply surcharge to the transaction. Default: false |
threeDSecure | boolean | No | Enable 3D Secure verification. Default: true |
tax | number | No | Tax rate. Stored internally as integer (e.g. 25.00 → 2500). Default: 0 |
POST /api/{business}/payment_pages
Content-Type: application/json
Authorization: Bearer {token}
{
"name": "Donation Page",
"description": "Support our community initiative",
"surcharge": false,
"threeDSecure": true,
"tax": 0
}{
"ok": true,
"payment_page": {
"id": "uuid",
"name": "Donation Page",
"slug": "donation-page",
"description": "Support our community initiative",
"surcharge": false,
"three_d_secure": true,
"tax": 0,
"created_at": "2026-02-19T12:00:00.000000Z"
}
}List Payment Pages
GET /api/{business}/payment_pages
Returns a paginated list of all payment pages belonging to the business.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
fromDate | date | Filter pages created on or after this date |
toDate | date | Filter pages created on or before this date |
perPage | integer | Results per page (default: 10) |
{
"ok": true,
"payment_pages": {
"data": [ /* array of payment page objects */ ],
"current_page": 1,
"per_page": 10,
"total": 5
},
"business": { /* business object with configurations */ },
"filters": { "fromDate": null, "toDate": null }
}Get Page Details
GET /api/{business}/payment_pages/{payment_page}
Returns full details for a single payment page by its UUID.
Update Payment Page
PUT /api/{business}/payment_pages/{payment_page}
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | Updated page name |
slug | string | No | Updated URL slug (must be unique per business) |
description | string | No | Updated description |
surcharge | boolean | No | Enable/disable surcharge |
threeDSecure | boolean | No | Enable/disable 3D Secure |
tax | number | No | Updated tax rate |
{
"ok": true,
"payment_page": { /* updated payment page object */ }
}Delete Payment Page
DELETE /api/{business}/payment_pages/{payment_page}
Permanently deletes a payment page. This action cannot be undone. The public URL will no longer be accessible.
{
"ok": true,
"message": "Payment page deleted successfully"
}Payment Attempts
GET /api/{business}/payment_pages/{payment_page}/attempts
Returns a list of all payment attempts (successful and failed) made through this payment page. Requires ownership verification.
{
"ok": true,
"attempts": [
{
"id": "uuid",
"amount": 50.00,
"status": "approved",
"customer": { "name": "John Doe", "email": "[email protected]" },
"created_at": "2026-02-19T14:30:00.000000Z"
}
]
}Create / Find Customer (Public)
POST /api/{business}/public/customers
Before paying through a payment page, the customer must be identified. If a customer with the given email already exists, their existing ID is returned.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Customer full name |
email | string | Yes | Customer email address |
phone | string | Yes | Customer phone number |
paymentPageId | string (UUID) | Yes | ID of the payment page |
{
"ok": true,
"customerId": "customer-uuid"
}View Payment Page (Public)
GET /api/payment_pages/{business_slug}/{page_slug}/pay
Loads the payment page details for customer display. No authentication required.
{
"ok": true,
"paymentPage": {
"name": "Donation Page",
"description": "Support our community initiative",
"surcharge": false,
"tax": 0
},
"logo": "https://s3.amazonaws.com/...",
"dddSecure": true,
"three_d_secure": true
}Pay via Payment Page (Public)
POST /api/payment_pages/{business_slug}/{page_slug}/pay
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
amount | number | Yes | Payment amount entered by the customer |
customerId | string | Yes | Customer UUID from the create/find step |
cardData.cardNumber | string | Yes | Full card number |
cardData.nameOnCard | string | Yes | Cardholder name |
cardData.month | string | Yes | Expiry month (01-12) |
cardData.year | integer | Yes | Expiry year |
cardData.cvv | string | Yes | Card verification value |
cardData.saveCard | boolean | No | Save card for future use |
cardData.address.postalCode | string | Conditional | Required if AVS is enabled |
cardData.address.line1 | string | Conditional | Required if AVS is enabled |
invoiceNumber | string | Conditional | Required if invoice number is enabled in config |
ddd | object | Conditional | 3D Secure authentication data (if 3DS is enabled) |
dddSessionID | string | Conditional | 3D Secure session ID (if 3DS is enabled) |
POST /api/payment_pages/my-business/donation-page/pay
Content-Type: application/json
{
"amount": 50.00,
"customerId": "customer-uuid",
"cardData": {
"cardNumber": "4111111111111111",
"nameOnCard": "John Doe",
"month": "12",
"year": 2028,
"cvv": "123",
"saveCard": false
}
}{
"ok": true,
"result": {
"code": "000",
"recordID": "txn-uuid",
"message": "Approved"
}
}3D Secure Flow
When 3D Secure is enabled on the payment page (and the business has 3DS configured), the payment process includes an additional authentication step.
Step 1 — Initialize 3DS Session
POST /api/ddd/init
{
"amount": 50.00,
"cardNumber": "4111111111111111",
"businessId": "business-uuid"
}{
"ok": true,
"threeDSecureId": "session-uuid",
"acsURL": "https://acs.issuer-bank.com/...",
"creq": "base64-encoded-challenge-request",
"transStatus": "C"
}Step 2 — Authenticate
POST /api/ddd/authenticate
{
"threeDSecureId": "session-uuid"
}{
"ok": true,
"transStatus": "Y",
"eci": "05",
"authenticationValue": "base64-cavv-value"
}Transaction Status Codes
| Status | Meaning | Action |
|---|---|---|
Y | Authenticated | Proceed with payment — include ddd and dddSessionID |
C | Challenge Required | Redirect customer to acsURL for challenge, then call authenticate |
N | Not Authenticated | Payment should not proceed |
R | Rejected | Payment should not proceed |
All Endpoints
Merchant Endpoints (Authenticated)
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/{business}/payment_pages | List all payment pages |
| POST | /api/{business}/payment_pages | Create a payment page |
| GET | /api/{business}/payment_pages/{id} | Get page details |
| PUT | /api/{business}/payment_pages/{id} | Update a payment page |
| DELETE | /api/{business}/payment_pages/{id} | Delete a payment page |
| GET | /api/{business}/payment_pages/{id}/attempts | List payment attempts |
Public Endpoints (No Authentication)
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/{business}/public/customers | Create or find customer |
| GET | /api/payment_pages/{slug}/{page}/pay | View payment page |
| POST | /api/payment_pages/{slug}/{page}/pay | Submit payment |
Card Data Fields
| Field | Type | Validation | Description |
|---|---|---|---|
cardNumber | string | Required | Full card number (no spaces or dashes) |
nameOnCard | string | Required | Cardholder name as it appears on the card |
month | string | Required, 01–12 | Two-digit expiry month |
year | integer | Required | Four-digit expiry year |
cvv | string | Required | 3 or 4-digit security code |
saveCard | boolean | Optional | Store card on file for future transactions |
Error Handling
| HTTP Code | Scenario | Response |
|---|---|---|
404 | Payment failed | { "ok": false, "message": "Payment failed. Please check your details." } |
422 | Validation error | { "ok": false, "errors": { "field": ["Error message"] } } |
404 | Page not found | { "ok": false, "message": "Payment page not found" } |
500 | Server error | { "ok": false, "message": "An error occurred" } |
Notifications
After a successful payment, RapidCents sends email notifications to both the customer and the merchant.
| Recipient | Notification | Content |
|---|---|---|
| Customer | Payment Page Paid | Payment confirmation with receipt details and PDF attachment |
| Merchant | Payment Page Paid | Notification of received payment with customer and amount details |
Merchant users can opt out of payment page notifications through their notification preferences. Emails are the only supported channel.