Overview

overview

The payment app is integrated within the SHOPLINE merchant admin, and provides customized payment processing services for merchants.

Only partners who meet SHOPLINE requirements can build payment apps in the SHOPLINE developer center.

Features

More payment methods

Merchants can use a payment app to redirect customers to an app-hosted page to complete payment processing, that can handle the following methods:

  • Wallets (see “Restrictions” section below)
  • Buy Now / Delayed Payment / Installment Payment / Buyer Financing
  • Cards
  • Bank Transfer/ Online Banking
  • Cryptocurrency
  • Cash and ATMs

Perform actions on payment methods

  • Collect information, make payment: Payment app partners can collect payment information from buyers and charge them for payment.
  • Refund: Merchants can trigger refunds from within the SHOPLINE admin panel.
  • Authorization: Merchants can set a hold item that can be charged later.
  • Capture: Merchants can charge a previously specified amount through an authorization.
  • Invalidate: The merchant can cancel a previously authorized amount.

Payment security

During a buyer's purchase, the payments app is responsible for the following:

  • Collecting payment information from buyers legally and securely, while complying with applicable law and any PCI requirements or market regulations, including securely storing buyer data.
  • Payments are processed according to the parameters specified by SHOPLINE.
  • Redirect buyers to SHOPLINE.
  • Settle transfers within five days.

Payment partners are responsible for monitoring and managing risk and fraud. SHOPLINE may take action if an unreasonably high percentage of merchant payments are fraudulent or high risk (at SHOPLINE's sole discretion). Actions may include the following:

  • Removal of your payment app from SHOPLINE's public list of payment gateways.
  • Restrict access to SHOPLINE's payment ecosystem.
  • Other necessary steps.

Transparent pricing and flexible merchant agreements:

  • Payment partners must provide merchants with transparent, understandable descriptions for all fees.
  • Payment partners may not refer to any fees, expenses or other costs as SHOPLINE charges on their invoices to the merchant.
  • Payment partners must allow merchants to terminate their merchant agreements within a 7-day notice period without penalty, fines, or other consequences from the payment service provider.

Review process

Before SHOPLINE approves a payment app, it needs to pass a three step review process:

1.Payment partner app review

Ⅰ. Partners apply to become payment partners.

For payment service providers, please apply through openapi_v2@shopline.com, and provide the company name and business contact information in the email. SHOPLINE will reply within 48 hours of receiving the email app.

To become a payment partner, you need to sign a cooperation agreement and a revenue sharing agreement with SHOPLINE.

Ⅱ. If you are approved as a payment partner, you will be granted access to SHOPLINE payment app-related permissions, including but not limited to: API, SDK and all other functions that support the construction of payment apps.

Ⅲ. Once you have built a new app in the SHOPLINE developer center, you can then send information about the app to openapi_v2@shopline.com, that includes: app name and Appkey.

We will grant payment API access to the payment app within 48 hours of receiving the email.

2.Payment app extension review

Ⅰ. The payment partner creates and configures the payment app extension.

Ⅱ. The payment partner submits the payment app extension for review.

Note

The payment app extension review is not a payment app review, payment partners can test payment app extensions in the development store.

Ⅲ. After the payment app extension review is passed, the payment partner can submit the payment app review.

Ⅳ. When the payment app extension is updated, a new version can be submitted for review, and the merchant can then use the updated payment app extension configuration item.

3.Payment app review

Ⅰ. Consistent with the reviewing process for public Apps, payment apps need to complete their app details and submit for review.

Ⅱ. The release of a new version of the payment app extension has nothing to do with the review of the payment app update information. After the payment app is approved, the payment app may be put on the merchant's payment service list. The payment app extension can be directly updated when the payment app partner needs to update the payment app extension and submit for review.

App Requirements

Feature Requirements

  • Merchants can collect payments, chargebacks, and process test transactions through the payment App.
  • Payment Apps should comply with regulations requiring customer authentication in countries that process credit card payments.
  • Compliance may include 3D Secure authentication

Technical Requirements

  1. Idempotency: In order to provide a consistent buyer experience, the payment app must support idempotence checks.

    • The payment app API supports idempotence, which allows SHOPLINE to safely retry requests without accidentally performing the same operation twice. For example, to prevent network errors, multiple charges for the execution of the same payment. Note: Idempotent keys do not expire.
    • Payment app API (HTTP request from SHOPLINE to payment app) You need to support idempotent API requests for payment apps. No matter how many requests are sent with the same idempotent key, the result must be the same. Idempotent key properties are defined on a per-API basis.

  2. Retry strategy: When a similar network error occurs, the payment app must retry the request according to the strategy.

    • Due to the asynchronous nature of SHOPLINE's payment app API, you must send HTTP requests to notify SHOPLINE of the outcome of any payment or refund request.
    • Retry policies help maintain data consistency across merchants, payment partners, and SHOPLINE. If you do not receive an HTTP 200 status code back from SHOPLINE, you must retry the request according to the following incremental strategy, for a total of 18 retries within a 24-hour period.
ParameterDescriptionValue
Recommended number of retriesRecommended maximum number of retries18 times
Basic Delay IntervalSuggested time interval for the first retry5 seconds
Exponential backoff factorPayment partners should retry the request immediately, then 5s later, and then at increasing intervals thereafter until the request is confirmed or 24 hours have passed, whichever comes first.[0 seconds, 5 seconds, 10 seconds, 30 seconds, 45 seconds, 1 minute, 2 minutes, 5 minutes, 12 minutes, 38 minutes, 1 hour, 2 hours] + [4 hours] * 5

  1. RSA asymmetric encryption and decryption

    • The payment app must support the RSA encryption and decryption algorithm to ensure that the two-way request between SHOPLINE and the payment app is safe and credible. The public key will be issued through the developer center app console after the payment partner signs a cooperation agreement with SHOPLINE.

  2. Rate limit

    • Payment app API requests must comply with API flow control restrictions.

  3. API interface version: payment partners must implement a supported payment app API version.

    • Partners can configure the API version, and the payment app will use the configured API version to receive requests from SHOPLINE.

  4. 3-D Security

    • If you offer a credit card payment method in a country where 3-D Secure Authentication is mandatory, you must support 3-D Secure Authentication.

  5. General Data Protection Regulation

    • You must configure GDPR Webhook to ensure merchant and buyer data security and privacy.

  6. Payment app expansion review

    • To guarantee buyer experience, extension changes to payment apps must be approved by SHOPLINE.

Merchant service level requirements

  • The payment App must be running and available 99.95% of the time 24 hours a day, 7 days a week after the official service is provided in the SHOPLINE environment.
  • Payment partners must respond within 2 hours if there is an issue or service outage with the payment app.
  • Payment apps must provide service support to all merchants.

Transaction Requirement

Payment apps must support test mode.

Restrictions

  1. Use any SHOPLINE API other than the OpenAPI and GDPR Webhook
  2. Store payment vouchers for items not approved by SHOPLINE, and payment partners can only use payment-related data for transactions or services approved by SHOPLINE.
  3. It is forbidden to redistribute, share, transfer, and sell the API, SDK, and all other functions used for payment apps allowed by the SHOPLINE payment app without prior approval
  4. Create false or fraudulent merchants, orders or sales data.

Additional considerations

  • Payment app names cannot contain marketing elements: for example, names like "World's Best Payment Provider", "Get the World's 100 Most Popular Payment Methods" et cetera.
  • The payment app cannot obtain the order ID, checkout ID, and other order-related information.
  • The payment app is invisible and cannot be installed in the SHOPLINE app market, and can only be installed through the cashier of the merchant admin.
Was this article helpful to you?
SHOPLINE
SHOPLINE
SHOPLINE Enterprise
Legal
Privacy
Terms
Developer Agreement
LinkedInEmail
LinkedInEmail
© Copyright 2013-2025 SHOPLINE Limited.