CyoGate Internet Payment Gateway
Developers Portal

Welcome Developers!

CyoGate has all of the tools you need to seamlessly integrate with virtually any software application and to develop robust, feature-rich commerce applications.

There are multiple ways to integrate the CyoGate payment gateway with a website or mobile application and these options have vary levels of ease of integration, required resources, features, and additional security.

All of our API's are well documented and include sample code to help you get your project off to a quick start.

CyoGate provides the following integration tools:

Integrations may be tested using either a TEST gateway account, or a LIVE gateway account that is set in "TEST" mode.

To request a TEST gateway account for development, please click here

Three Step Redirect

The Three Step Redirect is the preferred API for customized web-based payment processing. Using this integration method significantly reduces a merchant's PCI footprint without sacrificing end-user look and feel. This method is required when using Verified by Visa/Mastercard SecureCode (Payer Authentication).

How It Works

The way CyoGate's Three-Step Redirect API works is as follows:

  1. In the first step, the customer sends their payment information to the merchant's web site.

  2. The merchant's web site then posts the payment data to the CyoGate Payment Gateway.

  3. The CyoGate Gateway responds immediately with the results of the transactions.

  4. The merchant's web site displays the appropriate message to the customer.


To start step one, your payment application will submit a behind-the-scenes HTTPS direct POST that includes transaction variables, including an additional variable redirect-url, which is a URL that must exist on your web server that handles a future browser redirect. Sensitive payment information such as cc-number, cc-exp, and cvv cannot be submitted during step one. The Payment Gateway will generate and return the form-url variable containing a unique URL to be used in Step 2.

Next, during step two, you must develop an HTML form that collects at least the customer's sensitive payment information such as cc-number, cc-exp, and cvv. You must use the form-url obtained in step one as the action in the HTML of your payment form. When the customer submits the form, the customer's browser will transparently POST the contents of the payment form directly to the Payment Gateway. This methodology keeps your web server and payment application from seeing or transmitting any credit card data or other sensitive data. Once the Payment Gateway has collected the customer's sensitive payment details, the customer's browser will be instructed to return to the redirect-url on your web server. Furthermore, the Payment Gateway will generate and append a unique variable named token-id to the redirect-url in the GET query string. This token-id is an abstraction of the customer's sensitive payment information that the Payment Gateway collected. Your redirect-url script must parse the token-id for use in step three.

To complete the transaction, you will submit another behind-the-scenes HTTPS direct POST including only the token-id and api-key. This token-id is used to "tie" together the initial customer information with the sensitive payment information that the payment gateway collected directly.

Transaction Flow

Direct Post

The Direct Post method is the simplest integration method for both web-based and non web-based payment applications, however, merchants using this integration method should have passed a PCI vulnerability scan before use.

How It Works

The way CyoGate's Direct Post API works is as follows:

  1. In the first step, the customer sends their payment information to the merchant's web site.

  2. The merchant's web site then posts the payment data to the CyoGate Payment Gateway.

  3. The CyoGate Gateway responds immediately with the results of the transactions.

  4. The merchant's web site displays the appropriate message to the customer.

Transaction Flow

Mobile API

The CyoGate Mobile API supports both iOS and Android based devices. These SDKs include a mobile card reader library which simplifies integrations for applications requiring encrypted mobile card readers. Additionally, an end-to-end encryption library is included, allowing merchants to send both swiped and keyed-in payment information without ever touching any sensitive data.


In addition to CyoGate's powerful Processing API's, CyoGate also provides a robust Querying API that allows transaction history to queried from external applications.

The Query API allows merchants to access a detailed stream of transaction data that may then be used for in-house reports and analytics, and customer reporting.

QuickClick Shopping Cart


QuickClick is a great option for e-commerce merchants who do not have an IT team or developer on staff. A button-generator is included, which allows merchants to create website links to products and services without any previous development experience.

Button Types

  • Shopping Cart Button: Will connect products built with this button type so customers can add several products to the cart system. Also supports Recurring Billing.
  • Fixed Price Button: Does not connect to the 'Shopping Cart' system and will only process one item at a time.
  • Donation/Payment Button: Allows the customer to enter an amount and checkout.

Adding Buttons to Your Site


QuickClick buttons can be added to your website using an HTML form. This form can be created using our Button Generator or using the values found in the 'Variables' section. The form should use the "POST" method and the action should be

Link Alternative

Some websites do not allow for entry of HTML, and can sometimes act finicky. If this is the case with your website, you have the option of using the Link Alternative which can be pasted on your website as a link. The only way to create this link is by using the Button Generator.

Please note that use of this link will nullify any shopping cart product options or text input (amount) fields as these options appear alongside the HTML button.

IFrame Support

Please note that QuickClick is NOT supported via iframes as there are documented browser bugs (notably in Safari) that do not allow the user to view QuickClick due to Safari's documented blocking of third party cookies.

Gateway Emulator

We have designed the CyoGate gateway to be able to support transaction submissions and responses in the both the Authorize.Net and the Network Merchants (NMI) format. We call this our Gateway Emulator.

Using our Gateway Emulator, any application that supports AuthorizeNet's AIM or SIM integration method, or any of the NMU integration methods can quickly be made to support CyoGate as easily as changing a single word in a single line of code!

Just change the word "authorize" to the word "cyogate", use your CyoGate credentials, and your application that supported AuthorizeNet can now use CyoGate!

Apply for a Merchant Account Signup for the Payment Gateway

Retail & Internet Merchant Accounts

An Internet Merchant Account is sometimes referred to as a "MOTO" (Mail Order & Telephone Order) Account because they all require the ability to process a credit card payment when there is no physical credit card present to be swiped. A standard retail "swipe" merchant account does not allow processing of these "card-not-present" transactions.

View details »

High Risk Merchant Accounts

If the domestic banks are denying your merchant application because they believe your industry is considered high risk, CyoGate can help! We have an offshore network of merchant processing partners that enable us to provide low cost, high risk merchant solutions to a much wider range of businesses and industries.

View details »

Internet Payment Gateway

The CyoGate Internet Payment Gateway offers one of the quickest and most cost effective ways to accept and process credit card and electronic check payments online. Our payment gateway works with most existing merchant accounts and supports hundreds of popular web shopping carts and eCommerce platforms.

View details »