Getting Started with MercuryPay RESTful API

Document created by matthew.milner on May 10, 2016Last modified by matthew.milner on Jun 1, 2016
Version 2Show Document
  • View in full screen mode

MercuryPay’s eCommerce RESTful API allows developers to post transaction requests directly from their shopping cart and combined with our tokenization it lightens the burden of PCI DSS compliance for developers. This guide shows you how to integrate to MercuryPay using our RESTful/JSON payments API integration method. For complete information about processing payment transactions, please refer to the MercuryPay Platform Integration Guide.


Our transaction calls use standard core data elements across each integration platform, payment middleware and your preferred programming language. The request/response details differ for each option, and we have created separate guides for each approach, which are available upon request.


There are four options for processing transactions through MercuryPay via our RESTful platform:


Standard integration

Refers to plain-text processing, that is, without anyMercuryPaysecurity features built in to protect sensitive card data.

End-to-end encryption (E2E)

Also referred to as point-to-point encryption. This method uses an encrypted swipe device that encrypts sensitive card data before transmission. Encrypted devices must be properly injected withMercuryPay’sencryption codes.


This method uses tokens, which are unique, dynamically generated reference numbers that are used to replace sensitive card data with an encrypted code using software. A unique token is generated for every transaction.

E2E andMToken

This method combines the use of E2E andMToken.


This guide illustrates how to implement an integration using MToken for eCommerce. 

All MToken transactions consist of two steps:


(1) an Initial Token Request, and

(2) subsequent use of the token.


Once the token is passed back to the POS, all subsequent requests are submitted by adding ByRecordNo to the TranCode.


[Symbol] Note  If you receive an error message, “Token Invalid”, check to make sure that the RecordNo is not being urlencoded in an unexpected manner.


Supported eCommerce Transactions

TagsUsed to Request a Token

Tagsfor Subsequent Use of Token

















eCommerce Website Requirements


Before a business can be approved to process eCommerce transactions, it must have a valid website with the requirements listed below.  Should the products or services offered through an eCommerce merchant account change, Vantiv Integrated Payments must be notified immediately.


The following eCommerce policies and procedures have been established to comply with Visa, MasterCard, Discover and Mercury regulations:


  1. Product(s) Sold.  eCommerce merchants must maintain a valid website with complete descriptions of the products and services sold. All federal and state laws apply in addition to the card association regulations regarding all products and services sold.
  2. Security Policy.  eCommerce merchants must submit transactions for authorization and settlement through a secure online gateway. The security protocols used to protect a customer’s information must be disclosed.
  3. Privacy & Return Policy.  The website must contain a return, refund and privacy policy. Terms of Use or Terms and Conditions must also be properly disclosed on the website.
  4. Delivery Policy.  eCommerce merchants set their own policies and restrictions regarding delivery of goods. Any restrictions on delivery must be clearly stated on the website.
  5. Customer Service Contact.  Contact information for your business must be easily accessible to customers. It must show a physical address along with an electronic mail address and telephone number.
  6. Card Acceptance Brand Marks.  Full-color brand marks are required by Visa, MasterCard and Discover. The American Express logo must be displayed if accepted.

1 person found this helpful