Getting Started

Integration Details

CellPoint offers various means of integration depending on your needs and the channel you wish to accept payments. We offer Hosted Payment Pages, Direct APIs and mobile SDKs to our Merchants.

CellPoint's API is XML based and uses standard HTTP response codes and authentication.

What you will need

  • A PCI DSS certified website or platform
  • Velocity URL
  • Client ID
  • Merchant account ID
  • Velocity username and password
  • Country and currency
  • Country codes and operator ID
  • Salt string

How you will connect

HTTPS Authentication & Security Token

All API requests must be made through HTTPS. The Velocity API header value format is as follows:

  • Use HTTP basic authentication to authenticate the request. See Basic Authentication Method for details.
  • Specify the auth-parameter, where the overall parameter value is provided in the form is x-cpm-sec-token.
  • x-cpm-sec-token is a unique value that you generate for a unique request. Velocity uses this value to verify if a request is submitted multiple times.

To generate the x-cpm-sec-token, complete the following steps:

  1. Extract the request/response body string.
  2. Remove all space characters from the string including space, tabs, newline, and carriage return.
  3. Append the salt to the body string.
    To append the salt, complete the following steps, as applicable to the authentication type:
    1. For basic authentication, make the salt as base64 (API username + API password).
    2. For bearer authentication, CPD provides the bearer token to be used as salt.
  4. Calculate sha-256 (body + salt) of the string.
  5. Set this hash string as the x-cpm-sec-token header in the request/response.


Note: Consider the following items:

  • To generate the hash string, you can follow the same process at the receiver end.
  • To validate the salt, compare the hash string with the x-cpm-sec-token from the header.

The following is an example of the parameters in the header section.


How it works

To begin accepting payments you will need to understand our API calls.

| Fop Curation: Uses the context of the order to determine which forms of payment should be offered. It will also initialize your session and transaction and provide those IDs back to you for the next steps of the payment flow.

| APMs: Optional call used when certain forms of payment have been selected by the user. These are typically redirect APMs such as Paypal and eWallets like Apple Pay and Google Pay.

| Authorize: Triggers the authorization workflow for the provided payment with the order and payment details provided. This call has secondary uses when interrupts such as 3DS Challenges are triggered.