Core Concepts Guide

Payment orchestration is the practice of integrating and managing multiple payment services through a single, unified platform. Instead of building direct integrations to various PSPs, acquirers, or fraud tools, you connect to Xelf Solutions, and we handle the connections and routing logic.

Benefits include:

• Flexibility: Easily switch or add new payment providers without major code changes.
• Resilience: Automatically route payments to backup providers if one fails.
• Optimization: Use smart routing rules to improve authorization rates and reduce costs.
• Global Reach: Access local payment methods in different regions more easily.

A Token is a secure, non-sensitive placeholder for actual payment information (like a credit card number). Xelf Solutions allows you to tokenize payment details, meaning the sensitive data is stored securely in our PCI-compliant vault, and you interact with the token.

Vaulting is the process of storing these tokens. This enables:

• PCI Compliance: Reduces your PCI DSS scope as sensitive cardholder data doesn't touch your servers.
• Repeat Payments: Easily charge returning customers without asking for their card details again.
• Provider Agnosticism: Tokens can often be used across different PSPs connected via Xelf.

You'll typically create tokens using our client-side libraries (Xelf.js or mobile SDKs) or by directly passing payment details to our API (server-to-server).

A Payment Intent represents your intention to collect a payment from a customer. It tracks the lifecycle of a payment, from initial creation through authorization, capture (if applicable), and final status (succeeded or failed).

Key aspects of Payment Intents:

• State Management: Manages the various states of a payment (e.g., requires_payment_method, requires_confirmation, requires_action, processing, succeeded, canceled).
• Dynamic Authentication: Can automatically trigger 3D Secure or other authentication steps if required by the PSP or regulations.
• Single Source of Truth: Provides a consistent object to track the payment regardless of the underlying PSP or method.

You create a Payment Intent on your server and then typically use its client secret on the frontend to confirm the payment with Xelf.js.

Xelf Solutions allows you to define Workflows or Routing Rules to determine how payments are processed. This is a core part of payment orchestration.

You can configure rules based on various criteria, such as:

• Payment amount or currency
• Card type or issuing country
• Customer location
• Risk score
• Provider availability or cost

This enables strategies like "waterfalling" (retrying a failed payment with another provider) or routing specific card types to the most cost-effective PSP.

Security is paramount in payments. Xelf Solutions is built with security and compliance at its core.

• PCI DSS Compliance: We maintain PCI DSS Level 1 compliance, the highest level of certification, to ensure cardholder data is handled securely. By using our tokenization services, you significantly reduce your own PCI scope.
• Data Encryption: Sensitive data is encrypted both in transit (TLS/SSL) and at rest.
• Authentication: API access is secured via secret keys. Multi-factor authentication (MFA) is recommended for your Xelf Dashboard access.
• Fraud Prevention: We offer integrations with leading fraud prevention tools and allow you to incorporate fraud checks into your payment workflows.

Webhooks are automated messages sent from Xelf Solutions to your server when specific events occur in your account. They are crucial for receiving real-time updates without needing to constantly poll our API.

Common events you might subscribe to include:

• payment_intent.succeeded
• payment_intent.payment_failed
• customer.created
• invoice.paid
• dispute.created

It's essential to secure your webhook endpoints by verifying signatures to ensure requests genuinely originate from Xelf Solutions.

Xelf Solutions provides distinct Test and Live environments for your integration.

• Test Mode: Uses test API keys. Allows you to simulate payment scenarios, test your integration logic, and trigger various responses (e.g., successful payments, card declines) without interacting with actual payment networks or moving real money. Test data is separate from live data.
• Live Mode: Uses live API keys. Processes real transactions with actual payment networks. Use this only when you are ready to start accepting payments from customers.

Always ensure you are using the correct set of API keys for the environment you intend to interact with.