Creates a hosted session for a credit card purchase. Returns a sessionUrl that the merchant redirects the cardholder to. Payment details are entered on a PayFacto-hosted form β the merchant system never handles raw card data. On completion, PayFacto redirects the cardholder back to the merchant with the transaction result appended to the ReturnUrl as query parameters.
API Key
Generate your API key from the Payments Manager: Administrator Client β API Key β Add New Key. Pass it as auth-api-key in every request.
Company & Merchant Numbers
Your CompanyNumber (5-digit) and MerchantNumber (8-digit) are issued by PayFacto during onboarding. Both are required on every Create Purchase Session request.
Environment Base URL
Test: https://test.api.payfacto.cloud/v1 | Production: Provided by the PayFacto Integration team upon certification.
Request Format β Base64-Encoded Payload
Requests use HTTP POST with an application/x-www-form-urlencoded body. Assemble all parameters as a cleartext query string, Base64-encode it, then send: auth-api-key={key}&payload={base64}. This endpoint does not require card data or terminal numbers.
Hosted Payment Form β PCI Scope Reduction
Card details are entered by the cardholder on a PayFacto-hosted secure form. The merchant system never handles raw card data (PAN, expiry, or CVV), significantly reducing PCI DSS scope. To create a hosted session for card registration only (no immediate charge), use /v1/recur/CreateSession instead.
Hosted Payment Flow
After calling this endpoint, redirect the cardholder to the returned sessionUrl. When payment is completed, PayFacto redirects to your ReturnUrl with the transaction result appended as query parameters. If the cardholder cancels, they are redirected to your CancelUrl. The sessionUrl is single-use and time-limited.
All parameters are passed inside the Base64-encoded payload form field. Raw body format: auth-api-key=<key>&payload=<base64>. This endpoint does not require card data or terminal numbers.
Required fields
Optional fields
The example below uses the test endpoint and a sandbox API key. Replace credentials and base URL before going live. After a successful response, redirect the cardholder to the sessionUrl to complete payment.
Always returned
Conditionally returned
Transaction result delivery via redirect. The payment outcome is not returned in this API response. After the cardholder completes the hosted form, PayFacto redirects their browser to your ReturnUrl with the following query parameters appended:
The following codes apply to the session creation result returned in the API response. The returnCode delivered via the redirect to ReturnUrl reflects the cardholder's payment outcome and follows the same standard codes (00 = approved, 05 = declined). For the complete catalogue see the Return Code Index.