Payment Configs
The Payment Configs page allows administrators to manage detailed payment gateway settings by provider and environment. This is where you enter the actual connection information required to process payments.
Use Payment Providers to register the payment company, such as Stripe or Authorize.Net. Use Payment Configs to configure the detailed payment settings, such as API keys, transaction keys, webhook secrets, environment, domain URL, capture mode, 3DS, and additional metadata.
Overview
Payment Configs are environment-specific payment settings. A single payment provider can have multiple configs, such as one for TEST and another for LIVE.
| Menu | Purpose |
|---|---|
| Payment Providers | Defines the payment company, provider code, active status, and sort order. |
| Payment Configs | Defines the actual payment gateway connection settings for each provider and environment. |
Config List
The Config List displays payment configurations by provider, environment, display name, merchant key, 3DS status, capture mode, active status, and last updated date.
Top Actions
| Button or Filter | Description |
|---|---|
| + New | Opens the Config Edit page to create a new payment configuration. |
| All Providers | Filters configurations by payment provider. |
| All Env | Filters configurations by environment, such as TEST or LIVE. |
| All | Filters configurations by active status or other available status options. |
| Keyword | Searches by provider, display name, merchant key, or related configuration text. |
| Search | Runs the search using the selected filter conditions. |
Config Table
| Column | Description |
|---|---|
| ID | The internal config ID. |
| Provider | The payment provider connected to this configuration, such as Authorize.Net or Stripe. |
| Env | The environment for this configuration, such as TEST or LIVE. |
| DisplayName | The display name used to identify this payment configuration. |
| MerchantKey | The merchant identifier or account key, depending on the provider. |
| 3DS | Shows whether 3D Secure is enabled or disabled. |
| Capture | Shows the capture mode, such as AUTO or manual capture mode. |
| Active | Shows whether this config is currently active. |
| Updated | The last updated date and time. |
| Manage | Provides actions such as Edit, Toggle, and Delete. |
Config Edit
The Config Edit page is used to create or update the detailed payment gateway settings. It is divided into Core, Keys, Advanced, and Summary sections.
Core Section
The Core section defines the provider, environment, active status, merchant key, and display name.
| Field | Description |
|---|---|
| Provider | Selects the payment provider for this configuration. Only registered providers are available. |
| Environment | Selects the environment, such as TEST or LIVE. |
| IsActive | Controls whether this configuration can be used by the payment system. |
| MerchantKey | Stores the merchant key, account key, or merchant identifier depending on the payment provider. |
| DisplayName | The name shown internally to identify this configuration. |
Provider
Select the payment provider to configure. When a provider is selected, the system may automatically show only the fields required for that provider.
Default rules are applied for common providers such as Stripe and Authorize.Net.
Environment
Environment controls whether this configuration is used for testing or live payment processing.
| Environment | Meaning |
|---|---|
| TEST | Used for sandbox or test payment processing. This should be used before going live. |
| LIVE | Used for real payment processing. Use this only after the payment settings have been verified. |
IsActive
If IsActive is set to true, the configuration is available for use.
If it is set to false, the configuration is disabled.
Keys Section
The Keys section stores provider-specific authentication and connection values. The labels may change depending on the selected provider.
For Stripe, common key fields may include pk/sk/whsec. For Authorize.Net, common key fields may include LoginId and TransactionKey.
| Field | Description |
|---|---|
| ApiKeyPublic | The public API key or API Login ID. For Authorize.Net, this can be the API Login ID. |
| ApiKeySecret | The secret key or transaction key. For Authorize.Net, this can be the Transaction Key. |
| WebhookSecret | The webhook signature key or secret used to verify webhook requests. |
| EndpointBaseUrl | The base domain or endpoint URL used for payment return, cancel, webhook, or callback flows. |
ApiKeyPublic
Enter the public key, publishable key, or API Login ID provided by the payment gateway.
ApiKeySecret
Enter the secret key, private key, or transaction key provided by the payment gateway. This value must be protected and should not be exposed publicly.
WebhookSecret
Enter the webhook signature secret if your payment provider uses webhook verification. This helps confirm that webhook requests are sent from the real payment provider.
EndpointBaseUrl
Enter the base domain used by the payment flow.
Example:
https://your-domain.com
https://your-ngrok-domain.ngrok-free.dev
For local testing, a temporary public URL such as an ngrok domain may be used. For production, use your real website domain with HTTPS.
Advanced Section
The Advanced section controls payment policy, risk, capture, 3DS, settlement, metadata, and internal notes.
| Field | Description |
|---|---|
| Currency | The payment currency, such as USD. |
| RiskLevel | The internal risk level from 1 to 5. |
| SettlementDays | The expected number of days before settlement. |
| Enable3DS | Controls whether 3D Secure is enabled. |
| CaptureMode | Controls whether payment is captured automatically or manually. |
| MetaJson | Stores additional provider-specific settings in JSON format. |
| Notes | Internal notes for administrators. Do not store sensitive credentials here. |
Currency
Select the currency used by this payment configuration.
Example:
USD - US Dollar
RiskLevel
RiskLevel is an internal value used to classify the risk policy for this configuration. A lower value usually means lower risk, and a higher value means stricter review may be required.
SettlementDays
SettlementDays defines the expected number of days before funds are settled. This value may depend on the payment provider and merchant account settings.
Enable3DS
Enable3DS controls whether 3D Secure authentication is used. If the field is disabled, the selected provider or environment may not support 3DS in the current configuration.
CaptureMode
CaptureMode controls when a payment is captured.
| Capture Mode | Description |
|---|---|
| AUTO | The payment is captured automatically after authorization. |
| MANUAL | The payment is authorized first and captured later by an administrator or system process. |
MetaJson
MetaJson stores additional configuration values that do not have separate input fields. This field must be valid JSON.
{
"hostedPaymentPageId": "12345678",
"returnPath": "/ShowPage/iCheckout/Return",
"cancelPath": "/ShowPage/iCheckout/Cancel",
"transactionType": "authCaptureTransaction",
"showReceipt": true
}
Common MetaJson Fields
| Key | Description |
|---|---|
| hostedPaymentPageId | The hosted payment page ID if the provider uses hosted payment pages. |
| returnPath | The return path used after payment is completed. |
| cancelPath | The path used when the customer cancels the payment. |
| transactionType | The provider transaction type, such as authorization-only or authorization-and-capture. |
| showReceipt | Controls whether the receipt page is shown when supported. |
MetaJson must be valid JSON. If the JSON format is invalid, the payment configuration may not work correctly.
Summary Panel
The Summary panel provides a quick overview of the current configuration state. It shows the selected provider, provider code, environment, and active status.
Use this panel to confirm the selected provider and environment before saving.
Recommended Workflow
- Open Admin > Payment > Configs.
- Click + New to create a new configuration, or click Edit to update an existing one.
- Select the Provider.
- Select the Environment, such as TEST or LIVE.
- Set IsActive.
- Enter MerchantKey and DisplayName.
- Enter the provider-specific keys in the Keys section.
- Enter EndpointBaseUrl.
- Configure Currency, RiskLevel, SettlementDays, 3DS, and CaptureMode.
- Enter valid MetaJson if additional provider settings are required.
- Review the Summary panel.
- Click Save.
- Test the payment flow before using the configuration in LIVE mode.
Common Use Cases
| Use Case | Recommended Action |
|---|---|
| Create a test Authorize.Net config | Select Authorize.Net, set environment to TEST, enter API Login ID and Transaction Key, then save. |
| Create a live payment config | Create or edit a config, set environment to LIVE, enter production credentials, and test carefully. |
| Temporarily disable payment processing | Edit the config and set IsActive to false. |
| Use hosted payment page | Enter hosted payment page related values in MetaJson. |
| Change return or cancel URL | Update EndpointBaseUrl and the related paths in MetaJson. |
Important Notes
- Payment Configs store sensitive connection information. Access should be limited to trusted administrators.
- Always test payment settings in TEST mode before enabling LIVE mode.
- Use HTTPS for production EndpointBaseUrl.
- Do not store secret keys in Notes. Use the designated key fields.
- Confirm that MetaJson is valid JSON before saving.
- Do not delete configs that are connected to existing transactions unless you understand the impact.
- If multiple configs exist for the same provider, use clear DisplayName values.
Troubleshooting
| Problem | Possible Cause | Solution |
|---|---|---|
| Payment provider does not appear | The provider may not be registered or may be inactive. | Go to Payment > Providers and confirm the provider is active. |
| Payment fails in TEST mode | Sandbox credentials may be incorrect, or the endpoint URL may not be reachable. | Verify API keys, environment, EndpointBaseUrl, and provider sandbox account settings. |
| Payment fails in LIVE mode | Production credentials may be incorrect or the merchant account may not be approved. | Confirm production credentials and payment provider account status. |
| Webhook is not verified | The WebhookSecret may be missing or incorrect. | Enter the correct webhook signature key from the payment provider dashboard. |
| Return URL does not work | The EndpointBaseUrl or returnPath in MetaJson may be incorrect. | Check EndpointBaseUrl and MetaJson paths. |
| Config cannot be saved | Required fields may be missing, or MetaJson may be invalid. | Fill in required fields and validate the JSON format. |
Best Practices
- Create separate TEST and LIVE configs.
- Use clear DisplayName values such as
Authorize.Net (Test)andAuthorize.Net (Live). - Keep inactive old configs instead of deleting them if transaction history exists.
- Rotate keys periodically according to your payment provider�s security policy.
- Review config values after changing domains, checkout URLs, or webhook settings.
- Limit access to this page because it contains sensitive payment configuration data.
Payment Configs are required for real payment processing. A Provider only defines the payment company; a Config defines how iBoard connects to that company for a specific environment.