Payment Method Distribution

In addition to built-in gateway integration, Spreedly supports the ability to distribute vaulted credit card data to third parties, referred to as “receivers”. Distribution differs from third-party vaulting in that the recipient of the card data is not a known and supported endpoint that Spreedly has fully integrated with; it can be another third party with whom you do business.

How distribution works

Payment method distribution (PMD) allows you to transact against another service’s API while still controlling your customer’s card data by vaulting with Spreedly.

Consider a travel service that books accommodations on behalf of its users. The travel service would be able to store its customers’ card data in Spreedly up front and use that data to purchase airline and hotel reservations on behalf of its customers later. The service would ask its customers to enter their credit card information only once but would be able to use that information at any later time to make purchases at multiple independent services (e.g., airlines and hotels).

Spreedly’s payment method distribution enables businesses to transact with multiple endpoints on behalf of their customers via a single integration.

Single vs. batch distribution

Payment method distribution (PMD) can operate in two modes: single card PMD or batch export PMD. If you’re working with an external HTTPS API endpoint that accepts a single card per call, then use single card PMD. If you’re working with an SFTP endpoint that accepts a file containing multiple cards, then use batch export PMD.

In both modes, the basic workflow remains the same: you specify a template that tells Spreedly how to format the request and which card(s) to deliver, and Spreedly executes the call on your behalf. Spreedly provides an open repository of code templates for simplifying implementation of new receivers. The single card and batch export PMD modes operate very similarly; one small difference between the two is that batch export operates asynchronously, making it a bit more complex.

The following guides explain how to provision a receiver and how to distribute payment methods for the two PMD modes:

Supporting your receiver

You can begin developing and testing your PMD workflow using a test receiver. However, before you can distribute real payment method data, your receiver must be confirmed and implemented by Spreedly. Please email the following information to Spreedly to get your receiver in the approval queue:

  • the receiver name and/or company name,
  • a link to their public site, and
  • the production URL you will be invoking with Spreedly payment data. While HTTPS endpoints must utilize SSL, Spreedly does not require the SSL certificate to set up and allow the domain, which ensures that you are not affected when the receiver updates their certificates. If there will be a domain change, please contact Spreedly Support and let us know in advance.

Alternatively, if you have an existing relationship or contact at the receiver company, you can send them to Becoming a Receiver so that they can work with Spreedly directly.

We ask that you allow several weeks for Spreedly to approve and configure a receiver for production use. During this time, you can begin testing against a test receiver, which simulates the delivery of test payment methods to a user-specified endpoint URL. We will return the parsed and formatted request in the delivery response, with sensitive data scrubbed, but we will not deliver the request to a third-party endpoint. The test receiver allows you to validate the deliver API request while ensuring the request is properly formatted using our provided receiver variables and functions.

Once you’ve set up your receiver, you can see which requests are powered by Spreedly by looking for the X-Transaction-Powered-By: Spreedly header. Filtering requests to ones with this header can be helpful for debugging and for tracking Spreedly-originating transactions.

Using SSL certification with your receiver

Some endpoints require a certificate to authenticate your call. In these cases, you can attach a certificate to your receiver using the Spreedly API.

  1. Generate a certificate signing request using the certificates API, which will return a certificate token.
  2. Send the CSR to the endpoint so it can be signed
  3. Update the certificate with the signed PEM received from the endpoint
  4. Provision your receiver using the field ssl_certificate_token adding the certificate token as the value

Use PMD with 3DS

Payment Method Distribution can be used with 3DS2 by passing 3DS2 authentication results into the body of your request. The 3DS2 authentication can be performed by Spreedly via the Spreedly Global 3DS2 service.

If using the Spreedly Global 3DS2 service for authentication, follow these steps to send authentication data through PMD:

  1. Create an SCA Authentication for the payment method and amount that will be used in the delivery
  2. Pass the authentication values from the response of the SCA Authentication into your deliver request’s body
    • Please see our API reference for details on the SCA Authentication response object

Note: Values required by receiver from the SCA Authentication can vary depending on your receiver. Refer back to the receiver’s documentation to get specifics like sample requests etc.

List of supported receivers

We currently support the following receiver types and their associated URLs:

Company Receiver Type and Hostnames
A1 Payments a1_payments
ABG Direct abg_direct
Accertify accertify
Ace Rent a Car ace_rent_a_car
Adquira adquira
Adyen MarketPay adyen_marketpay
Adyen adyen,,,
Airtime Rewards airtime
Alliance Reservations Network alliance_reservations_network
Allianz Global Assistance allianz_global_assistance,
Amadeus IT Group amadeus,,,
American Express american_express,,,,
s,,,,,,,,, authorize_net,,
AXS axs
Bankwest bankwest
Base Commerce base_commerce
BBC Shop bbc_shop
BestBus bestbus
Bexs bexs,
Bink bink
Blackbaud blackbaud
Blacklane blacklane
Blue Ribbon Bags blue_ribbon_bags
Bluesnap bluesnap
Booker by Mindbody booker, bookingcom
Braintree Payments braintree,,,
Budco Financial budco_financial,,
Bypass Mobile bypass_mobile
Bytemark bytemark,
CarTrawler car_trawler,
Carbon carbon,
CardConnect CardSecure cardconnect_cardsecure
Cardstream cardstream
Cashbackpoint cashbackpoint
CASHNet cashnet
CDS Global cds_global
CECABank ceca_bank,
Chain Commerce chain_commerce
Chargify chargify
https://* checkout_dot_com,,
Cielo cielo,,,
Cliq cliq
Clover clover,,
Clover Tokenization clover_tokenization,
Coalesce Services coalesce_services
Cosmic Cart cosmic_cart
Cover Genius cover_genius,
CreditGuard creditguard,
Credomatic credomatic
Credorax credorax,
CrowdTorch crowd_torch
Cybersource Decision Manager cybersource_decision_manager,
CyberSource cybersource,,,,,
Dalenys dalenys,,,
Mastercard Payment Gateway Services data_cash
Datacap Systems Inc datacap_systems,
Prisma (Decidir) decidir,
Demandware demandware
DHISCO dhisco
Dimoco dimoco,
DPO dpo
Diane Von Furstenberg dvf
Expedia Affiliate Network ean,,
Easirent easirent
ecommpay ecommpay
Economy Rent a Car economy_rent_a_car
eGlobalfares eglobalfares
EHI Direct ehi_direct
8D eight_d,,,,,,,,,
Elavon elavon,
emerchantpay emerchantpay
ePay epay
Electronic Payment Exchange epx
Eventbrite eventbrite
Expedia expedia
FanXchange fan_xchange,,
Farelogix farelogix,
Fidel fidel
Finix Payments finix_payments,,
First Data India Pvt Ltd. first_data_india,
First Pay first_pay
Fiserv IPG fiserv_ipg,
Fiserv fiserv_ucom,,
FreedomPay freedom_pay, geopagos,,
GIACT giact,
Global Technology Partners global_technology_partners
GMO Payment Gateway gmo,
Golf18Network golf18_network
GolfNow golf_now,,
Gordian gordian
Green Dot green_dot,,,,,,,
Heidelpay heidelpay
Hertz hertz,,
Hotel Planner hotel_planner
iFly Res (IBS) iflyres,
Ingenico ingenico,,,
IXOPAY ixopay
JEM Marketing jem_marketing
JustRide justride,
JustShareIt justshareit
Kount kount ,
LeaveTown leavetown,
Lincoln Center lincoln_center,
Luminate Online luminate_online,
Lyft Bikes lyft_bikes
Mastercard mastercard_gateway,
Mastercard mastercard_services,
Megasoft megasoft,
Mindbody mindbody
Moonpay moonpay,
First Data muxi_gateway_test_firstdata,
Mystifly mystifly,,
Navitaire navitaire
Network for Good network_for_good
NLS Payments nls_payments
NMI nmi,
NP Auto np_auto
NÜ Car Rentals nu_car_rentals
Nuvei nuvei,
Office Depot office_depot
Olo olo,
Omise omise,
Omnivore omnivore
1-800-Flowers one800_flowers
ONPEX onpex
Open Hotel open_hotel
Ordway Labs ordway_labs
Pace Payment Systems pace_payment_systems
PagoPlux pago_plux,,,
PayFabric pay_fabric
Paycorp paycorp
Payflow payflow,
Paymark Click paymark_click
Payment Vision payment_vision,
PayPal paypal,
Billing Tree payrazr
Payreto payreto,
Payroc payroc
Payvision payvision
PayWire paywire,
PBSC pbsc,,,,,,,,,,,,,,
PCI Booking pci_booking
plugnpay plug_n_pay
Poynt poynt,
Priceline priceline,
PrimeSport prime_sport
Prisma prisma,,
PromisePay promisepay
Qualpay, Inc qualpay
Ranty ranty,,,
Rapid Connect rapid_connect
Ravelin ravelin
Razorpay Software Private Limited razorpay
RedCoach red_coach
RedShield red_shield, rentalcars,,
Reward reward,
Routes Car Rental routes_car_rental
Sabre sabre,,,,,,
SafeCharge safe_charge,
SIX Payment Services saferpay,
Sage Pay sage_pay
SecurionPay securion_pay
SendWyre send_wyre,
shift_4_payments shift4,
Shopify shopify
Shoppable shoppable, single_id
SiteMinder site_minder,
Sixt sixt,
SlimCD slim_cd
SpeedPay speedpay
Spreedly spreedly sprinterbus_net
Square squareup,
Stone stone,
Storebox storebox
Stripe stripe
SynXis synxis,
SysPay syspay
Target target
Transcor Data Services tds_tickets
Telecharge telecharge,,,,
Tempus Technologies tempus
Tessitura tessitura_ramp
3C Payment Web2Pay three_c_web2pay,, ticket_network
Ticketmaster ticketmaster,
Toast toast,,,
TokenEx tokenex
TransferWise transferwise
Travelfusion travel_fusion
Travelport travelport,
Travolutionary travolutionary
Truevo truevo
Trust Payments trust_payments,
TSD tsd
Two Tap two_tap
USAePay usaepay,
RentPayment vacation_rent_payment,
Vervotech vervotech,
Viator viator
VietjetAir vietjet,
Virtual Card Services virtual_card_services
Visa visa,,
Viva Air viva_air,
Volaris volaris,
Walpay walpay
Wantickets wantickets
Webinc webinc
WePay wepay,
Windsurfer CRS windsurfer_crs,,
Wirecard Brasil wirecard_brasil
Wirecard wirecard
Worldline worldline,,,
Worldpay worldpay,,
Worldpay RiskGuardian worldpay_riskguardian,,,
YapStone yapstone
Zuora zuora,,,