Classic API Migration Playbook
This guide helps developers migrate from the Classic (Direct Post / Three-Step Redirect) API to the current gateway API, which offers improved security, better tokenization, and a more consistent developer experience.
The Classic API remains functional but is no longer receiving new features. We recommend migrating all integrations to the current API.
What Changed
| Feature | Classic API | Current API |
|---|---|---|
| Authentication | Username + Password in POST | API Security Key |
| Card Tokenization | Direct card data POST | Collect.js / Payment Component |
| Three-Step Redirect | Required for hosted flow | Replaced by Hosted Checkout |
| Customer Vault | Supported | Supported (improved) |
| Response Format | Query string only | Query string or JSON |
Migration Steps
- Generate an API Security Key — See Get Your API Keys. Replace username/password with
security_key. - Replace direct card POSTing — Implement Collect.js to tokenize cards on the frontend.
- Update transaction endpoint — The URL is the same; update the authentication field.
- Migrate Customer Vault — Existing vault entries remain valid. Update auth to use Security Key.
- Test in sandbox — Test all transaction types before deploying to production.
Authentication Change
# Classic (deprecated)
username=myuser&password=mypass&type=sale&amount=10.00
# Current API
security_key=YOUR_PRIVATE_KEY&type=sale&amount=10.00See Migration Code Examples for before/after samples in multiple languages.