Payment Method Distribution

In addition to built-in gateway integration, Spreedly supports the ability to distribute vaulted credit card data to third parties, referred to as “receivers”. Distribution differs from third-party vaulting in that the recipient of the card data is not a known and supported endpoint that Spreedly has fully integrated with; it can be another third party with whom you do business.

How distribution works

Payment method distribution (PMD) allows you to transact against another service’s API while still controlling your customer’s card data by vaulting with Spreedly.

Consider a travel service that books accommodations on behalf of its users. The travel service would be able to store its customers’ card data in Spreedly up front and use that data to purchase airline and hotel reservations on behalf of its customers later. The service would ask its customers to enter their credit card information only once but would be able to use that information at any later time to make purchases at multiple independent services (e.g., airlines and hotels).

Spreedly’s payment method distribution enables businesses to transact with multiple endpoints on behalf of their customers via a single integration.

Single vs. batch distribution

Payment method distribution (PMD) can operate in two modes: single card PMD or batch export PMD. If you’re working with an external HTTPS API endpoint that accepts a single card per call, then use single card PMD. If you’re working with an SFTP endpoint that accepts a file containing multiple cards, then use batch export PMD.

In both modes, the basic workflow remains the same: you specify a template that tells Spreedly how to format the request and which card(s) to deliver, and Spreedly executes the call on your behalf. Spreedly provides an open repository of code templates for simplifying implementation of new receivers. The single card and batch export PMD modes operate very similarly; one small difference between the two is that batch export operates asynchronously, making it a bit more complex.

The following guides explain how to provision a receiver and how to distribute payment methods for the two PMD modes:

Supporting your receiver

You can begin developing and testing your PMD workflow using a test receiver. However, before you can distribute real payment method data, your receiver must be confirmed and implemented by Spreedly. Please email the following information to Spreedly to get your receiver in the approval queue:

  • The receiver name and/or company name,
  • A link to their public site, and
  • The production URL you will be invoking with Spreedly payment data. While HTTPS endpoints must utilize SSL, Spreedly does not require the SSL certificate to set up and allow the domain, which ensures that you are not affected when the receiver updates their certificates. If there will be a domain change, please contact Spreedly Support and let us know in advance.
  • The PCI AOC (Attestation of Compliance) from the organization (you or your partner) where the request will be sent containing sensitive information. Note that the AOC should be certified through the current year according to PCI standards. We cannot accept an outdated one.

Alternatively, if you have an existing relationship or contact at the receiver company, you can send them to Becoming a Receiver so that they can work with Spreedly directly.

We ask that you allow several weeks for Spreedly to approve and configure a receiver for production use. During this time, you can begin testing against a test receiver, which simulates the delivery of test payment methods to a user-specified endpoint URL. We will return the parsed and formatted request in the delivery response, with sensitive data scrubbed, but we will not deliver the request to a third-party endpoint. The test receiver allows you to validate the deliver API request while ensuring the request is properly formatted using our provided receiver variables and functions.

Once you’ve set up your receiver, you can see which requests are powered by Spreedly by looking for the X-Transaction-Powered-By: Spreedly header. Filtering requests to ones with this header can be helpful for debugging and for tracking Spreedly-originating transactions.

Using SSL certification with your receiver

Some endpoints require a certificate to authenticate your call. In these cases, you can attach a certificate to your receiver using the Spreedly API.

  1. Generate a certificate signing request using the certificates API, which will return a certificate token.
  2. Send the CSR to the endpoint so it can be signed
  3. Update the certificate with the signed PEM received from the endpoint
  4. Provision your receiver using the field ssl_certificate_token adding the certificate token as the value

Use PMD with 3DS

Payment Method Distribution can be used with 3DS2 by passing 3DS2 authentication results into the body of your request. The 3DS2 authentication can be performed by Spreedly via the Spreedly Global 3DS2 service.

If using the Spreedly Global 3DS2 service for authentication, follow these steps to send authentication data through PMD:

  1. Create an SCA Authentication for the payment method and amount that will be used in the delivery
  2. Pass the authentication values from the response of the SCA Authentication into your deliver request’s body
    • Please see our API reference for details on the SCA Authentication response object

Note: Values required by receiver from the SCA Authentication can vary depending on your receiver. Refer back to the receiver’s documentation to get specifics like sample requests etc.

List of supported receivers

We currently support the following receiver types and their associated URLs:

Company Receiver Type and Hostnames
A1 Payments a1_payments
ABG Direct abg_direct,
Accertify accertify
Ace Rent a Car ace_rent_a_car,,
ADCP adcp,,,,,,
Adflex adflex,
Adquira adquira
Adyen adyen,,,
Adyen MarketPay adyen_marketpay
Affipay affipay
Agoda agoda,
Air France air_france,
Airtime Rewards airtime
Alliance Reservations Network alliance_reservations_network
Allianz Global Assistance allianz_global_assistance,,,
Amadeus IT Group amadeus,,,,,,,,,,,
American Express american_express,,,,
Ansa ansa,
Apexx apexx,,,
Asiapay asiapay,
Atpco atpco,,, authorize_net,,
AXS axs
Bankwest bankwest
Base Commerce base_commerce
BBC Shop bbc_shop
BestBus bestbus
Bexs bexs,
Bink bink
Blackbaud blackbaud
Blacklane blacklane
Blue Ribbon Bags blue_ribbon_bags
Bluesnap bluesnap
Booker by Mindbody booker, bookingcom
Bookwize bookwize
Braintree Payments braintree,,,
British Airways british_airways,
Budco Financial budco_financial,,
Bypass Mobile bypass_mobile
Bytemark bytemark,
CarTrawler car_trawler,,
Carbon carbon,
CardConnect CardSecure cardconnect_cardsecure
Cardstream cardstream
Carespay carespay
Cashbackpoint cashbackpoint
CASHNet cashnet
CDS Global cds_global
CECABank ceca_bank,
CentralPay centralpay,
Chain Commerce chain_commerce
Channel Payments channel_payments
Chargify chargify
https://* checkout_dot_com,,
Cielo cielo,,,
CityPay citypay,
Cliq cliq
Clover clover,,,
Clover Tokenization clover_tokenization,
Coalesce Services coalesce_services
Corendon corendon
Cosmic Cart cosmic_cart
Cover Genius cover_genius,,,
CreditGuard creditguard,,
Credomatic credomatic
Credorax credorax,
CrowdTorch crowd_torch
CyberSource cybersource,,,,,
Cybersource Decision Manager cybersource_decision_manager,
Dalenys dalenys,,,
Mastercard Payment Gateway Services data_cash
Datacap Systems Inc datacap_systems,,,
Prisma (Decidir) decidir,
Demandware demandware
DHISCO dhisco
Dimoco dimoco,
DPO dpo
Diane Von Furstenberg dvf
Expedia Affiliate Network ean,,
Easirent easirent
ecommpay ecommpay
Economy Rent a Car economy_rent_a_car
E-Comprocessing ecp,
eGlobalfares eglobalfares
EHI Direct ehi_direct,,,
8D eight_d,,,,,,,,,
Elavon elavon,
emerchantpay emerchantpay,,
Emyral Systems emyral_systems
ePay epay
eProcessingNetwork eprocessing_network
Electronic Payment Exchange epx
Eventbrite eventbrite
Everest everest,
Everyware everyware
Expedia expedia
FanXchange fan_xchange,,
Farelogix farelogix,,,,,,
Fiat Systems fiat_systems
Fidel fidel
Finix Payments finix_payments,,
First Data India Pvt Ltd. first_data_india,
First Pay first_pay
Fiserv Apps fiserv_apps
Fiserv IPG fiserv_ipg,
Fiserv fiserv_ucom,,
FlexCharge flex_charge
Fluidpay fluidpay,
Flutterwave flutterwave_api
Forter forter
FreedomPay freedom_pay,
Geopagos geopagos,,
GetNet getnet,
GIACT giact,
Global Technology Partners global_technology_partners
GMO Payment Gateway gmo,
Golf18Network golf18_network
GolfNow golf_now,,
Gordian gordian
Green Dot green_dot,,,,,,,,
Heidelpay heidelpay
Hertz hertz,,,,
Hilton Central Reservation System hilton,
Hotel Planner hotel_planner
Iberia Airlines iberia_air,
iFly Res (IBS) iflyres,
Ingenico ingenico,,,
IXOPAY ixopay
JEM Marketing jem_marketing
Judopay judopay
JustRide justride,
JustShareIt justshareit
Kount kount ,
LeaveTown leavetown,
Lincoln Center lincoln_center,
Luminate Online luminate_online,
Lyft Bikes lyft_bikes
+Pagos Nación maspagos,,
Mastercard mastercard_gateway,
Mastercard mastercard_services,
Maverick maverick,,
Megasoft megasoft,
MercadoPago mercado_pago
Mindbody mindbody
Moka moka,
Moonpay moonpay,
Multipay multipay,,
First Data muxi_gateway_test_firstdata,
MyFatoorah myfatoorah,,
Mystifly mystifly,,
Navitaire navitaire
Network for Good network_for_good
Nexi nexi,,,
NextPax next_pax
Nexus nexus,
NLS Payments nls_payments,
NMI nmi,
NP Auto np_auto
NÜ Car Rentals nu_car_rentals
Nuvei nuvei,
Office Depot office_depot
Olo olo,
Omise omise,
OmniFund omni_fund
Omnivore omnivore
1-800-Flowers one800_flowers
ONPEX onpex
Open Hotel open_hotel
Ordway Labs ordway_labs
Paay paay
Pace Payment Systems pace_payment_systems pagar_me
PagoPlux pago_plux,,,
PatientRev patient_co,
PayFabric pay_fabric
PayNearMe pay_near_me,
Paycorp paycorp
Payflips payflips
Payflow payflow,
Paymark Click paymark_click
Paymaya paymaya,
Payment Vision payment_vision,,
Paymongo paymongo
PayPal paypal,
Billing Tree payrazr
Payreto payreto,,,
Payrix payrix,
Payroc payroc
Payvision payvision
PayWire paywire,
PBSC pbsc,,,,,,,,,,,,,,,,,,,,
PCI Booking pci_booking
PDCflow pdcflow,,,
PegasusNDC pegasus_ndc
plugnpay plug_n_pay
Poynt poynt,
Priceline priceline,
Priceline Postback priceline_postback
PrimeSport prime_sport
Prisma prisma,,
PromisePay promisepay
PVS pvs,,
Qualpay, Inc qualpay
Quantic quantic
Rakuten rakuten,
Ranty ranty,,,
Rapid Connect rapid_connect,
Ravelin ravelin
Razorpay Software Private Limited razorpay
RedCoach red_coach
RedShield red_shield, rentalcars,,
RentalsUnited rentals_united
Revelex revelex
Reward reward,
Rewards Network rewards_network,
Routes Car Rental routes_car_rental
SafeCharge safe_charge,
SIX Payment Services saferpay,
Sage Pay sage_pay
SecurionPay securion_pay
SendWyre send_wyre,
shift_4_payments shift4,
Shopify shopify,
Shoppable shoppable, single_id
SiteMinder site_minder,
Sixt sixt,,
SlimCD slim_cd
SpeedPay speedpay
Spirit Direct Connect spirit_direct_connect
Spreedly spreedly
Springboard springboard
https://* sprinterbus_net
Square squareup,
Stone stone,
Storebox storebox
Stripe stripe
SunExpress sun_express
SynXis synxis,,,,,
SysPay syspay
Target target
Transcor Data Services tds_tickets
Telecharge telecharge,,,,
Tempus Technologies tempus
Tessitura tessitura_ramp
Thales thales,,,,,
Thanx thanx
3C Payment Web2Pay three_c_web2pay,, ticket_network
Ticketmaster ticketmaster,
Toast toast,,,
TokenEx tokenex
Transaction Services transaction_services,
Transbank transbank,,,
TransferWise transferwise
Travelfusion travel_fusion
Travelcaster API travelcaster_api,
Travelport travelport,,,,,,,,,
Travolutionary travolutionary
Truevo truevo
Trust Payments trust_payments,
TrustPay trustpay,
TSD tsd
TSYS Transit tsys_transit,,,
Two Tap two_tap
2C2P twoc2p,
USAePay usaepay,
Usio, Inc. usio
RentPayment vacation_rent_payment,
Vamoose vamoose
Vantiv vantiv,,,,
Vervotech vervotech,
Very Good Security very_good_security,,,
Viator viator,
VietjetAir vietjet,
Vindicia vindicia,
Virtual Card Services virtual_card_services
Visa visa,,
Viva Air viva_air,,,,,
Volaris volaris,
Walpay walpay
Wantickets wantickets
Webinc webinc
WePay wepay,
Windsurfer CRS windsurfer_crs,,
Wirecard wirecard
Wirecard Brasil wirecard_brasil,
Worldline worldline,,,,,,,
Worldpay worldpay,,
Worldpay RiskGuardian worldpay_riskguardian,,,
YapStone yapstone,,,
ZentrumHub zentrumhub,
Zoop zoop
MyChoice2Pay zru
Zuora zuora,,,