How to prepare your application to certify with Worldpay

Blog Post created by lsolheim on May 10, 2019

Worldpay provides secure payment services for small and large businesses, including payments online, card machines, and telephone payments. Getting from code to live application is a simple, three-step process where ultimately the app is certified for use in Worldpay payment services.

This article will show developers and QA engineers how to prepare their app for Worldpay Certification.


prep your app for worldpay


Worldpay certification: a three-step process

Worldpay offers two environments for building your app: a Worldpay Total REST API and an Integrated Payments Client SDK. Which option you use will depend on the functionality of your app. If you are going to be attaching a card reader to your application, the IPC SDK is your best choice. If you want a more open and robust platform, I would recommend the Worldpay Total REST API.


For the purposes of this article, we will use the REST API.


What are the steps to get Worldpay certified? This is a simple, three-step process.

 prepare your app to certify

First, you need a sandbox, which provides a safe place where you can test your code.

This sandbox is delivered by Worldpay through the Worldpay Total Platform.

It has two important characteristics:

  • It allows you to send API requests and view the responses in real time.
  • A functional test simulator is added so you can build your test cases for a variety of test scenarios.


Step 1: Get your developer credentials

In order to send API requests, you need to set up credentials. To get the credentials, first sign up for a sandbox account. After answering some questions, you will be provided your developer credentials, a sandbox account and a Virtual Terminal for managing your account, getting activity reports, and creating the test scenarios.


The developer credentials consist of three pieces of information:

  • SecureNet ID. This ID will be sent to you by email after you’ve signed in for your account.
  • Secure Key. The Secure Key can be found in the Virtual Terminal. You can log into the terminal with the emailed login credentials. The Secure Key can then be found in the menu Settings by clicking on the Key Management Link.
  • Public Key. This is only used for making tokenization calls. This can also be found in the Virtual Terminal.


Once you have obtained your developer credentials and a sandbox, you can now start developing your app in the sandbox.

Step 2: Build your app in the Worldpay sandbox

Now, we can build our app inside the Worldpay sandbox. In order to make API calls against the sandbox, we need to get the developer credentials in our application to enable authentication.

To make calls against the sandbox, an API call must include an HTTP Authorization header holding a SecureNet ID and Secure Key, which both have to be valid.


As we saw above, the SecureNet ID can be found in the email that you received during the signup process. The SecureKey can be found in the Settings of the Virtual Machine as discussed above.

To build the authentication header string, do the following:

  • Build a string in the form securenetid:securekey
  • Base64-encode the string
  • Supply an "Authorization" header containing "Basic" followed by the encoded string, ex: "Basic YBXtjM50YBZliX9="


With certain programming languages, including Python and PHP, you can take an alternative approach by using their built-in method for HTTP basic authentication. For example, in Python, you need only to supply your SecureNet ID and Secure Key into the code:

            # Add SecureNet ID and Secure Key into the Python code
            # Pull the SecureNet ID from your sign-on email
            snid = '90011333'       

            # Get this from Virtual Terminal
            skey= 'vQybLLQgABfp'   

            # base 64 encode the string and accompanying colon
            authId = "Basic " + b64encode(snid + ":" + skey) 

            # build the header to use in all of your REST calls.
            httpHeader = {'Authorization': authId,
            'Content-Type': 'application/json',
           'Accept': 'application/json' }


Now you can start building your API calls.

As with other REST APIs, The Worldpay Total REST API uses the standard HTTP methods Post, Get, Put, and Delete to perform all of its operations:

  • Post -> creates a resource
  • Get -> retrieves a resource
  • Put -> updates a resource
  • Delete -> deletes a resource


Here are some examples of operations you can perform with the Worldpay Total REST API:

  • Enabling the user to run credit card present (CP) or credit card not present (CNP) transactions.
  • Tokenizing cards and payments
  • Managing payment accounts
  • Enabling recurring billing


Step 3: Certify your application

Once you have completed the steps above, you're ready to begin working with a Worldpay implementation consultant to gain official certification.


The consultant will work through testing certain scenarios based on specific datasets that simulate real transactions. These can be found in section 2.4 of the eComm cnpAPI Reference Guide. Keep in mind that you are only required to certify for those transactions that you will be processing in production; additional test cases, which you are free to use at any time, are provided within section 2.5 of the eComm cnpAPI Reference Guide.


In the certification environment, you will submit the test case, leading to a response. This allows you to verify that your code is to the standards of Worldpay.


When all test cases are submitted, the implementation consultant will review the results for completeness and accuracy. If any issues are found, the consultant will help you to solve these issues. When all tests are accepted, the implementation consultant will give you an official certification email containing details as to which specific parts of your app have been certified — such as transaction types, connectivity or communication protocols.



 To get Worldpay certified you will have to perform the following three steps:

  • Get your developer credentials
  • Develop your application in the Worldpay sandbox
  • Work with a Worldpay consultant to certify your application based on test scenarios.


As this article shows, completing these steps requires some work and careful attention to Worldpay's documented requirements. But overall, the process is easy to follow, and Worldpay offers a number of resources to help you complete it.