Persisted Invoices

Persisted invoices are invoices that have been uploaded via the Merchant Dashboard or via the API.

In order to iFrame or direct your customers to our persisted invoices pages, authentication is required.

1. Authentication

Authentication is achieved by providing some extra query parameters in the URL. This helps to avoid credit card skimming bots. The base path is /<your-merchant-username>/invoices. The query parameters that must be provided are:

nonceA alphanumeric string, randomly generated by you each time the page is accessed.
tsAn epoch timestamp representing the current time.
vAn MD5 hex-encoded verification code which is the timestamp (ts) and the nonce concatenated with a colon and encoded with your "PayNow" token.

Below is an example of how to generate the verification code in Ruby.

v = OpenSSL::HMAC.hexdigest('md5', paynow_token, [timestamp, nonce].join(':'))


Insert one of the following to your website, replacing the nonce, ts and v parameters with your own.

<!-- iFrame Example -->
<iframe height='800' src='' width='600'></iframe>

<!-- Link Example -->
<a href="">Pay Now</a>

3. Landing Page (Reference Entry)

When the customer arrives on the landing page, they will be asked to enter their invoice reference.


4. Credit Card Details Entry

If the customer enters a valid reference, they can then see the details of the invoice and enter their credit card details.


5. Confirmation

If successful the customer will see a message confirming that the payment has been processed.