Appearance

Production Environment

NOTE

The production environment is NOT to be used with test data. Test data includes test transactions and test card numbers.

Prerequisites to using the PayNetWorx Hosted Payments production environment

Developer testing and certification efforts must have been completed and reviewed. At this point the production environment will be configured for live transaction traffic. It is advised that initial, low-value transactions be performed in order to confirm funding flows before turning on full transaction traffic to the gateway.

Purpose

The production environment is designed for:

  • Live transaction processing
  • Real customer payments
  • Production applications and websites
  • Processing actual card transactions

Environment URLs

API Base URL

text
https://api.hosted-payments.paynetworx.cloud

Session Creation Endpoint:

text
https://api.hosted-payments.paynetworx.cloud/v1/payments/sessions/create

Hosted Form URL

text
https://hosted-payments.paynetworx.cloud

The complete hosted form URL (including the session ID) will be returned in the payment_session_url field when you create a payment session.

Authentication

Use your production API credentials provided by PayNetWorx. These credentials are different from your QA credentials.

IMPORTANT

Never use production credentials in test/development environments, and never use QA credentials in production.

Security Best Practices

  1. Credential Protection: Store production API keys securely (e.g., environment variables, secrets manager)
  2. HTTPS Only: Always use HTTPS for all API requests and iframe embedding
  3. Origin Validation: Strictly validate postMessage origins to prevent security vulnerabilities
  4. Error Handling: Implement comprehensive error handling and logging
  5. PCI Compliance: Follow all PCI DSS requirements even when using tokenization

Example Session Creation Request

js
async function initializePaymentSession() {
  const headers = new Headers();
  headers.append("Content-Type", "application/json");
  headers.append("Authorization", "{{ YOUR_PRODUCTION_API_KEY }}");

  const api_response = await fetch(
    `https://api.hosted-payments.paynetworx.cloud/v1/payments/sessions/create`,
    {
      method: "POST",
      headers,
      body: JSON.stringify({
        payment_session: {
          payment_session_use: "TOKENIZE",
        },
      }),
    }
  );
  return await api_response.json();
}

Origin Validation

When implementing postMessage listeners for the production environment, use the following origin:

js
const allowedOrigin = "https://hosted-payments.paynetworx.cloud";

window.addEventListener("message", (event) => {
  if (event.origin !== allowedOrigin) {
    console.warn("Rejected message from unauthorized origin:", event.origin);
    return;
  }

  if (event.data?.type === "pnx-tokenized-payment-info") {
    // Handle tokenized data
    const tokenizedData = event.data.payload;
    // Process payment...
  }
});

Monitoring and Support

  • Monitor your application logs for errors and failed transactions
  • Implement alerting for payment processing issues
  • Contact PayNetWorx support if you encounter production issues
  • See contacts for support information

Initial Production Testing

When first deploying to production:

  1. Start with low-value test transactions using real cards
  2. Verify funding flows are working correctly
  3. Confirm all error handling is working as expected
  4. Monitor transaction logs closely
  5. Gradually increase transaction volume once confident in the integration