Skip to main content
Cresora Commerce
Integration Guides

API Direct Integration Guide

Full server-side card processing for maximum UI control. Requires SAQ D.

The API Direct integration lets your server handle the full payment flow without redirecting to a hosted page. You collect card data in your own UI and send it directly to the Cresora API.

PCI scope: SAQ D — card data passes through your server. Requires a full PCI assessment.

🔒SAQ D requirement

This integration requires completing a PCI DSS SAQ D self-assessment annually. If you want to reduce PCI scope, use the HPP integration (SAQ A) or tokenization (SAQ A-EP).

Flow overview

1. Customer enters card details in your UI
2. Your server receives the raw card data
3. Your server calls POST /v1/payments with the card details
4. Cresora processes the payment and returns the result
5. Cresora fires the payment.captured webhook

Create a payment with card data

curl
curl -X POST https://sandbox-api.cresoracommerce.com/api/v1/transactions/sale \
  -H "Authorization: Bearer csk_test_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: idem_$(uuidgen)" \
  -d '{
    "amount": "50.00",
    "currency": "USD",
    "payment_method": "card",
    "merchant_id": "mrch_xxxxxxxxxx",
    "capture_method": "automatic",
    "card": {
      "number": "4111111111111111",
      "exp_month": 12,
      "exp_year": 2028,
      "cvv": "123",
      "name": "Jane Smith"
    }
  }'
Python
import requests, uuid

requests.post(
    "https://sandbox-api.cresoracommerce.com/api/v1/transactions/sale",
    headers={
        "Authorization": "Bearer csk_test_xxxxxxxxxxxx",
        "Idempotency-Key": f"idem_{uuid.uuid4()}",
    },
    json={
        "amount": "50.00",
        "currency": "USD",
        "payment_method": "card",
        "merchant_id": "mrch_xxxxxxxxxx",
        "capture_method": "automatic",
        "card": {
            "number": "4111111111111111",
            "exp_month": 12,
            "exp_year": 2028,
            "cvv": "123",
        },
    },
)
Node.js
await fetch("https://sandbox-api.cresoracommerce.com/api/v1/transactions/sale", {
  method: "POST",
  headers: {
    Authorization: "Bearer csk_test_xxxxxxxxxxxx",
    "Content-Type": "application/json",
    "Idempotency-Key": "idem_" + crypto.randomUUID(),
  },
  body: JSON.stringify({
    amount: "50.00",
    currency: "USD",
    payment_method: "card",
    merchant_id: "mrch_xxxxxxxxxx",
    capture_method: "automatic",
    card: {
      number: "4111111111111111",
      exp_month: 12,
      exp_year: 2028,
      cvv: "123",
    },
  }),
});

Auth-only + manual capture

For scenarios where you want to authorize the card but capture later (e.g. hotel holds, marketplace settlements):

{ "capture_method": "manual" }

This returns status: "authorized". To capture:

POST https://sandbox-api.cresoracommerce.com/api/v1/payments/{id}/capture

You have 7 days from authorization to capture. After 7 days the authorization expires automatically.

Test cards

Use these in the sandbox — see Testing & Sandbox → for the full list.

PANResult
4111111111111111Approval
4000000000000002Soft decline
4000000000000069Hard decline

HPP Integration Guide

Integrate the Cresora Hosted Payment Page for the lowest PCI scope (SAQ A).

Recurring Billing Guide

Create and manage subscription plans and recurring payment schedules.

On this page

Flow overviewCreate a payment with card dataAuth-only + manual captureTest cards