Guide / Payment Configs
KO EN

Payment Configs

The Payment Configs page allows administrators to manage detailed payment gateway settings by provider and environment. This is where you enter the actual connection information required to process payments.

Use Payment Providers to register the payment company, such as Stripe or Authorize.Net. Use Payment Configs to configure the detailed payment settings, such as API keys, transaction keys, webhook secrets, environment, domain URL, capture mode, 3DS, and additional metadata.

Overview

Payment Configs are environment-specific payment settings. A single payment provider can have multiple configs, such as one for TEST and another for LIVE.

Menu Purpose
Payment Providers Defines the payment company, provider code, active status, and sort order.
Payment Configs Defines the actual payment gateway connection settings for each provider and environment.

Config List

The Config List displays payment configurations by provider, environment, display name, merchant key, 3DS status, capture mode, active status, and last updated date.

Top Actions

Button or Filter Description
+ New Opens the Config Edit page to create a new payment configuration.
All Providers Filters configurations by payment provider.
All Env Filters configurations by environment, such as TEST or LIVE.
All Filters configurations by active status or other available status options.
Keyword Searches by provider, display name, merchant key, or related configuration text.
Search Runs the search using the selected filter conditions.

Config Table

Column Description
ID The internal config ID.
Provider The payment provider connected to this configuration, such as Authorize.Net or Stripe.
Env The environment for this configuration, such as TEST or LIVE.
DisplayName The display name used to identify this payment configuration.
MerchantKey The merchant identifier or account key, depending on the provider.
3DS Shows whether 3D Secure is enabled or disabled.
Capture Shows the capture mode, such as AUTO or manual capture mode.
Active Shows whether this config is currently active.
Updated The last updated date and time.
Manage Provides actions such as Edit, Toggle, and Delete.

Config Edit

The Config Edit page is used to create or update the detailed payment gateway settings. It is divided into Core, Keys, Advanced, and Summary sections.

Core Section

The Core section defines the provider, environment, active status, merchant key, and display name.

Field Description
Provider Selects the payment provider for this configuration. Only registered providers are available.
Environment Selects the environment, such as TEST or LIVE.
IsActive Controls whether this configuration can be used by the payment system.
MerchantKey Stores the merchant key, account key, or merchant identifier depending on the payment provider.
DisplayName The name shown internally to identify this configuration.

Provider

Select the payment provider to configure. When a provider is selected, the system may automatically show only the fields required for that provider.

Default rules are applied for common providers such as Stripe and Authorize.Net.

Environment

Environment controls whether this configuration is used for testing or live payment processing.

Environment Meaning
TEST Used for sandbox or test payment processing. This should be used before going live.
LIVE Used for real payment processing. Use this only after the payment settings have been verified.

IsActive

If IsActive is set to true, the configuration is available for use. If it is set to false, the configuration is disabled.

Keys Section

The Keys section stores provider-specific authentication and connection values. The labels may change depending on the selected provider.

For Stripe, common key fields may include pk/sk/whsec. For Authorize.Net, common key fields may include LoginId and TransactionKey.
Field Description
ApiKeyPublic The public API key or API Login ID. For Authorize.Net, this can be the API Login ID.
ApiKeySecret The secret key or transaction key. For Authorize.Net, this can be the Transaction Key.
WebhookSecret The webhook signature key or secret used to verify webhook requests.
EndpointBaseUrl The base domain or endpoint URL used for payment return, cancel, webhook, or callback flows.

ApiKeyPublic

Enter the public key, publishable key, or API Login ID provided by the payment gateway.

ApiKeySecret

Enter the secret key, private key, or transaction key provided by the payment gateway. This value must be protected and should not be exposed publicly.

WebhookSecret

Enter the webhook signature secret if your payment provider uses webhook verification. This helps confirm that webhook requests are sent from the real payment provider.

EndpointBaseUrl

Enter the base domain used by the payment flow.

Example:
https://your-domain.com
https://your-ngrok-domain.ngrok-free.dev
For local testing, a temporary public URL such as an ngrok domain may be used. For production, use your real website domain with HTTPS.

Advanced Section

The Advanced section controls payment policy, risk, capture, 3DS, settlement, metadata, and internal notes.

Field Description
Currency The payment currency, such as USD.
RiskLevel The internal risk level from 1 to 5.
SettlementDays The expected number of days before settlement.
Enable3DS Controls whether 3D Secure is enabled.
CaptureMode Controls whether payment is captured automatically or manually.
MetaJson Stores additional provider-specific settings in JSON format.
Notes Internal notes for administrators. Do not store sensitive credentials here.

Currency

Select the currency used by this payment configuration.

Example:
USD - US Dollar

RiskLevel

RiskLevel is an internal value used to classify the risk policy for this configuration. A lower value usually means lower risk, and a higher value means stricter review may be required.

SettlementDays

SettlementDays defines the expected number of days before funds are settled. This value may depend on the payment provider and merchant account settings.

Enable3DS

Enable3DS controls whether 3D Secure authentication is used. If the field is disabled, the selected provider or environment may not support 3DS in the current configuration.

CaptureMode

CaptureMode controls when a payment is captured.

Capture Mode Description
AUTO The payment is captured automatically after authorization.
MANUAL The payment is authorized first and captured later by an administrator or system process.

MetaJson

MetaJson stores additional configuration values that do not have separate input fields. This field must be valid JSON.

{
    "hostedPaymentPageId": "12345678",
    "returnPath": "/ShowPage/iCheckout/Return",
    "cancelPath": "/ShowPage/iCheckout/Cancel",
    "transactionType": "authCaptureTransaction",
    "showReceipt": true
}

Common MetaJson Fields

Key Description
hostedPaymentPageId The hosted payment page ID if the provider uses hosted payment pages.
returnPath The return path used after payment is completed.
cancelPath The path used when the customer cancels the payment.
transactionType The provider transaction type, such as authorization-only or authorization-and-capture.
showReceipt Controls whether the receipt page is shown when supported.
MetaJson must be valid JSON. If the JSON format is invalid, the payment configuration may not work correctly.

Summary Panel

The Summary panel provides a quick overview of the current configuration state. It shows the selected provider, provider code, environment, and active status.

Use this panel to confirm the selected provider and environment before saving.

Recommended Workflow

  1. Open Admin > Payment > Configs.
  2. Click + New to create a new configuration, or click Edit to update an existing one.
  3. Select the Provider.
  4. Select the Environment, such as TEST or LIVE.
  5. Set IsActive.
  6. Enter MerchantKey and DisplayName.
  7. Enter the provider-specific keys in the Keys section.
  8. Enter EndpointBaseUrl.
  9. Configure Currency, RiskLevel, SettlementDays, 3DS, and CaptureMode.
  10. Enter valid MetaJson if additional provider settings are required.
  11. Review the Summary panel.
  12. Click Save.
  13. Test the payment flow before using the configuration in LIVE mode.

Common Use Cases

Use Case Recommended Action
Create a test Authorize.Net config Select Authorize.Net, set environment to TEST, enter API Login ID and Transaction Key, then save.
Create a live payment config Create or edit a config, set environment to LIVE, enter production credentials, and test carefully.
Temporarily disable payment processing Edit the config and set IsActive to false.
Use hosted payment page Enter hosted payment page related values in MetaJson.
Change return or cancel URL Update EndpointBaseUrl and the related paths in MetaJson.

Important Notes

  • Payment Configs store sensitive connection information. Access should be limited to trusted administrators.
  • Always test payment settings in TEST mode before enabling LIVE mode.
  • Use HTTPS for production EndpointBaseUrl.
  • Do not store secret keys in Notes. Use the designated key fields.
  • Confirm that MetaJson is valid JSON before saving.
  • Do not delete configs that are connected to existing transactions unless you understand the impact.
  • If multiple configs exist for the same provider, use clear DisplayName values.

Troubleshooting

Problem Possible Cause Solution
Payment provider does not appear The provider may not be registered or may be inactive. Go to Payment > Providers and confirm the provider is active.
Payment fails in TEST mode Sandbox credentials may be incorrect, or the endpoint URL may not be reachable. Verify API keys, environment, EndpointBaseUrl, and provider sandbox account settings.
Payment fails in LIVE mode Production credentials may be incorrect or the merchant account may not be approved. Confirm production credentials and payment provider account status.
Webhook is not verified The WebhookSecret may be missing or incorrect. Enter the correct webhook signature key from the payment provider dashboard.
Return URL does not work The EndpointBaseUrl or returnPath in MetaJson may be incorrect. Check EndpointBaseUrl and MetaJson paths.
Config cannot be saved Required fields may be missing, or MetaJson may be invalid. Fill in required fields and validate the JSON format.

Best Practices

  • Create separate TEST and LIVE configs.
  • Use clear DisplayName values such as Authorize.Net (Test) and Authorize.Net (Live).
  • Keep inactive old configs instead of deleting them if transaction history exists.
  • Rotate keys periodically according to your payment provider�s security policy.
  • Review config values after changing domains, checkout URLs, or webhook settings.
  • Limit access to this page because it contains sensitive payment configuration data.
Payment Configs are required for real payment processing. A Provider only defines the payment company; a Config defines how iBoard connects to that company for a specific environment.