Generally, there are four main methods to integrate a payment gateway:
Hosted gateway
A hosted payment gateway acts as a third party, as it requires your customers to leave your website to complete a purchase.
The pros of a hosted payment gateway are that all payment processing is taken by the service provider. Client card data is also stored by the vendor. So using a hosted gateway requires no PCI compliance and offers pretty easy integration.
The cons are that there is a lack of control over a hosted gateway. Customers may not trust third-party payment systems. Besides that, redirecting them away from your website lowers conversion rate and doesn’t help your branding either.
How to integrate: Integration guides are generally open on the vendor’s websites. As an example of the integration of a hosted gateway, you may have a look at the PayPal Express Checkout Guide. Basically, you receive a piece of JavaScript code that places a button on your website. Clicking on the button will activate PayPal’s REST API and checkout flow to process the transaction.
Best fit for: small or local businesses that are more comfortable using an external payment processor.
Direct Post method
Direct Post is an integration method that allows a customer to shop without leaving your website, as you don’t have to obtain the PCI compliance. Direct Post assumes that the transaction’s data will be posted to the payment gateway after a customer clicks a “purchase” button. The data instantly get to the gateway and processor without being stored on your own server.
The pros of this method are equal to an integrated payment gateway. You get the customization options and branding capabilities, without PCI DSS compliance that we’ll discuss below. The user performs all the necessary action on one page.
The con is that a Direct Post method isn’t completely secure.
How to integrate: A vendor would set up the API connection between your shopping cart and its payment gateway to post the card data.
Best fit for: can be used by businesses of all sizes.
Non-hosted (integrated) method
An integrated payment gateway allows you to keep the user at your website during the purchase. Non-hosted payment gateway providers allow for integrating via APIs.
The pros are that you have full control over the transactions at your website. You can customize your payment system as you wish, and tailor it to your business needs.
The cons generally are all about maintaining the infrastructure of your payment system and the related expenses. To use an integrated gateway, you have to be PCI compliant first of all, because you will have to store all clients’ credit card data on your own servers. Also, integrating the gateway can be tricky if you want to add custom functionality.
How to integrate: Non-hosted payment gateways are integrated via APIs to your server. Consequently, it will require an engineering team to perform the integration. Most vendors have well-documented integration guides, API references, or developer portals.
Best fit for: for medium and large businesses that rely heavily on branding and user experience.