OutsideHireBook a discovery call
← All posts
2 min readIntegrations, Gateways, Processors

Payment gateway integration: what it actually takes

Connecting to a gateway looks like a weekend API job and turns into a multi-quarter project. Here is the work that actually sits between 'hello world' and money moving reliably in production.

A payment gateway integration looks deceptively small on the roadmap. There is an API, there are some endpoints, how hard can it be. Then the team starts, and the work expands: certification, edge cases, scheme rules, and a long tail of failure modes that only show up with real money. This is where payment roadmaps stall, not because the happy path is hard, but because the unhappy paths are many.

Here is what a real integration involves.

The money-movement flows

The core is more than "charge a card." A production integration handles the full lifecycle:

  • Authorization, capture, void, and refund, including partial captures and partial refunds.
  • Idempotency so a retried request never double-charges. Networks time out; your client retries; the gateway must treat the second request as the same operation.
  • Tokenization so raw card data never touches your systems, which is also what keeps your PCI scope small.
  • Webhooks and reconciliation so your records match the gateway's, to the cent, even when a response is lost in transit.

Each of these is a place where a naive implementation passes the demo and fails in production.

The compliance and scheme layer

Card networks have rules, and they change. A real integration handles 3-D Secure and SCA so you reduce fraud and meet regional mandates without tanking conversion. It captures Level 2 and Level 3 data where it lowers interchange on B2B and government cards. It accounts for decline codes and soft declines, retrying intelligently rather than burning a customer's patience. None of this is visible in the API reference; all of it is the difference between a connection that works and one your team keeps reopening.

Certification and cutover

Most gateways and acquirers require certification: a structured test pass against their sandbox before you go live. This is its own project, with its own test scripts and sign-off. Then comes production cutover, where you move real traffic without downtime and with a rollback plan. Underestimating these two steps is the most common reason a "two-week integration" becomes a quarter.

Why payments-native engineering matters here

Integrations break on the details: interchange qualification, settlement timing, decline handling, and scheme mandates that generalist engineers learn on your dime. A team that already knows them skips the ramp and ships a connection that holds up under real conditions. We built omni-channel payments into the SDKs and shopping-cart plugins for a large US ISO in 12 months, the kind of work that only goes fast when the people doing it have done it before.

If a stalled gateway integration is sitting in your backlog, that is exactly the work we do. See payment integration development, or how we build for payment processors and gateways.

Ready to scope it? Book a discovery call with engineers who already speak gateways, processing, and settlement.

Let's scope your payments build.

Book a discovery call with engineers who already speak gateways, processing, settlement, and compliance. We'll talk through your goals and the right way to build it.