The Toast hosted checkout integration is a single integrated payment acceptance service that allows you to easily enable and accept various payment methods.
Use the hosted checkout integration APIs to:
-
Remove Payment Card Industry (PCI) regulation requirements from your checkout page
-
Ease implementation of additional payment methods
The hosted checkout integration payment APIs use the term customer to represent a payor, which can be a restaurant guest, an organization, or vendor that is making and completing a payment at a Toast location.
The hosted checkout integration includes the implementation of an
HTML iframe that you can use to embed payments on your
checkout page or enable a customer to save a card to their profile. An
important benefit of using the hosted checkout iframe is
that customer payment information is collected within a Toast-managed,
PCI-compliant environment, reducing or removing the burden of
maintaining PCI compliance in your ordering site.
The following example shows an iframe embedded on a
checkout page.
The following procedure is a high-level overview of how to accept a payment using the hosted checkout integration payments APIs and SDKs.
-
Use your hosted checkout - payment credentials to send a
POSTrequest to the/v1/payment-intentsendpoint of the payment intents API to create a payment intent. Include the payment amount in the request. Generate and include an identifier for the payment intent in the request. -
Initiate a payment session and display the hosted checkout
iframeinterface to your customer using hosted checkout integration JavaScript SDK functions. Include the OAuth bearer token that you get with the hosted checkout - iframe credentials for your hosted checkout client. -
Monitor the result of the customer payment authorization using functions of the hosted checkout integration JavaScript SDK.
-
Apply the payment identifier you successfully generated as a payment for a Toast orders API check. The payment must be applied to a Toast order within five minutes of the payment card authorization. After five minutes the Toast platform automatically voids the payment.
The hosted checkout integration uses two credential sets:
-
Hosted checkout - payment credentials: Use this set of credentials to read and write to the hosted checkout integration payments APIs. For more information, see Hosted checkout API reference.
-
Hosted checkout - iframe credentials: Use this set of credentials to initiate and perform hosted checkout SDK functions. For more information, see SDK functions.
|
Note |
|
To make Toast API requests, you need to include an OAuth 2 bearer authentication token. For more information, see Authentication and restaurant access. |
To use the hosted checkout integration, you need to use a different hostname in your requests. The hosted checkout integration payments APIs use a different hostname to maintain security.
You use the different API request hostname with the following APIs:
You get the hostname for the hosted checkout integration payments APIs from the Toast integrations team.