DocumentationAPI Reference

First Steps

Step 1: Account creation Create your account by contacting our Integration Support Team. Make sure you are compatible with the API from a technical, business and a compliance stand point.
Step 2: Credentials Once your account is activated, you will receive your Test Account and API keys that will enable you to start with the integration.
Step 3: Select your technical flow Choose which of our following options fits best for your integration:
  • Simple payments without tokenization.
  • Simple payments with tokenization.
  • Authenticated payments with Getnet's solution.
  • Authenticated payments with a third-party-solution.
Step 4: Build your integration Follow the instructions in the documentation to integrate the selected technical flow, remember you will be required to certificate the chosen features before advancing on production. If at any point you have technical doubts, our Integration Support Team will be happy to help.
Step 5: Go live Once you have completed the certifications in step 4, request an integration full validation with our support team to advance in a production pilot.

PCI Compliance

PCI-DSS, from the acronyms Payment Card Industry and Data Security Standard respectively, is a set of technical and operational requirements created to protect cardholder information that all merchants or service providers who process or store card data must comply with. The PCI SSC (Security Standards Council), which has been created by major international brands, is responsible for establishing the security standards/requirements that apply to all participants in the sector (financial institutions, merchants, service providers, software companies, among others).

Why comply with the PCI standards?

  • Protect data: It helps avoid potential security breaches or any illegitimate access to card data;
  • Avoid losing customer’s trust: Clients assume that their card information is safe;
  • Avoid damage to the brand, acquirer and merchant: If there is an illegitimate access to the data, could have economic, image, or reputational consequences, potentially putting their business at risk;
  • Avoid falling behind or becoming outdated in security-related practices: Criminal organizations' techniques improve over time, and they increasingly have more means to access merchants' systems. Therefore, it is important to comply with technical and security requirements to prevent intrusions.

What could happen if I don't comply with the PCI standards?

  • Penalty payments: Payment of fines or sanctions imposed by the brands or even by the acquirers, as well as the possible payment of compensation to customers who have been affected. It would also involve the assumption of other costs such as those for PCI Forensic Investigator (PFI) inspections or corrective actions;
  • Inability to work with the acquirer: They must ensure each merchant is protected from reputational, economic, or sanction-related risks;
  • Failure to comply with local legal and regulatory requirements.

For more information, please refer to the following link.


Concepts

Acquirer Payment processor that allows you to carry out digital payments and is accountable for the transactions.
API From the acronym Application Programming Interface, is a set of rules or protocols that enables software applications to communicate with each other to exchange data, features and functionality.
Authentication Is the process of confirming a customer’s identity through different factors.
Checkout It refers to the process by which a customer completes a transaction to purchase a product or service. It includes selecting a payment method and collecting customer information.
CVV It stands for Card Verification Value. It is a unique security code composed of a three- or four-digit number usually printed on the back of a debit or credit card. It is used to confirm that the person making a transaction has physical possession of the card.
Environment Is a collection of software that allows to perform different actions, in this case, process transactions. Depending on the integration's needs, the environment can present different types depending on showing test or real data: Stage or Production. Stage: Is a nearly exact replica of a real environment used for integration testing. It is safe to try out tasks and flows before going live in a production environment. Production: It refers to an environment where the application has been made live for real use and, therefore, carries out real transactions.
Tokenization In the context of data security, is the process of substituting a sensitive data element with a non-sensitive equivalent called a token. Therefore, the token is a reference that maps back to the sensitive data through a tokenization process but has no intrinsic meaning or value by itself. So, as a result, it prevents access to valuable information in the unfortunate event of a security breach.
Transaction ID Is a code used to identify a transaction. In the context of GetNet you will find:
  • transaction_id: Transaction identifier generated by the eCommerce platform.
  • acquirer_transaction_id: NSU of the GetNet transaction (Acquirer). A NSU is a unique sequence number used to identify sales transactions using cards.
String Is a sequence of characters used to represent text. It can contain letters, numbers, symbols and even spaces.
Number Is a representation of integer and floating point numbers.
TimeStamp Is a representation of a date/time values in a specific format: YYYY-MM-DDThh:mm:ss.tttZ where: YYYY represents a year, MM represents a month, DD represents a day, T indicates the beginning of the time related information, hh represents hours, mm represents minutes, ss represents seconds, ttt represents milliseconds, and Z is a time zone designator.
Date Is a representation of only a date value in the following format: YYYY-MM-DD where: YYYY represents a year, MM represents a month, and DD represents a day.
Boolean Is a logical type that can only have two possible values: true or false.
Status Indicates the status of a transaction and has 4 possible values: APPROVED, DENIED, ERROR, ACCEPTED.
UUIDv4 A UUIDv4 (Universally Unique Identifier version 4) is a 128-bit identifier generated using random or pseudo-random numbers, ensuring a high probability of uniqueness across different systems and applications.

Next Steps

Configuring your Integration

Configuring your Integration - Checkout

Certification Process

Api Ref - Certification Process

On this page

First Steps
Concepts