worldline Direct
Sign up

Back Office

    Some of our features are available via both the Merchant Portal and the Back Office. If you are using the Back Office, learn here how to manage these.

    Back Office vs Merchant Portal

    Both the Merchant Portal and the Back Office have separate login pages and a distinctive user interface layout.

    To make sure which one you are currently using, refer to these screenshots / login Urls.

    Back Office

    The screenshot shows the layout of the Back Office Back Office test login Back Office live login

    Merchant Portal

    The screenshot shows the layout of the Merchant Portal Merchant Portal test login Merchant Portal live login

    API key/secret configuration

    Our Direct API's authentication mechanism is based on a API key/secret pair linked to your PSPID. Follow these steps: 

    1. Login to the Back Office. Go to Configuration > Technical information > API settings > Direct API Key
    2. If you have not configured anything yet, the screen shows “No api credential found”. To create both API Key and API Secret click on “GENERATE”
    The image shows the Back Office message "No api credential found"
    1. The screen now shows both codes in the table in the “Key” / “Secret” column respectively
    The image shows the information available in the "API settings" Back Office tab
    Make sure to save the API Secret in your system right away, as it will not be visible in the Back Office anymore once you access this menu anew. However, you can look up the API Key anytime
    Key The current key configured in this PSPID
    Version date The date when the Key/Secret pair was created
    Expiration date The date when the Key/Secret pair will expire. Default time of permanency is two years
    Status The current status of the API key/secret pair
    • "Active": usable until the date as defined in column “Expiration date”
    • "Expiring": expires after the date as defined in column “Expiration date”

    If you wish to use a new API Key and API Secret, follow these steps

    1. Select a period from the drop down menu “leave valid for X hour(s)”. Click on the “RENEW” button. The currently used API Key/Secret pair will expire after the date as defined in “Expiration date”
    2. At the same time, a new API Key/Secret appears in the first line of the table. Make sure to save the API Secret in your system, as it will not be visible in the Back Office anymore once you access this menu anew
    3. To force an immediate expiration of the expiring API Key/Secret, click on “EXPIRE”. Our platform removes the respective API Key/Secret from the table and our platform, making it unusable for requests
    Do not click on on “EXPIRE” if you have only one API Key/Secret at the time, as this will make them unusable instantly. Make sure to create a new API Key/Secret pair first before you force the expiration of the currently used pair.

    Webhooks key

    Direct uses Webhooks to update your database about transaction results and status changes. Follow these steps: 

    1. Login to the Back Office. Go to Configuration > Technical information > API settings > Webhooks Configuration
    2. Click on "GENERATE WEBHOOKS API KEY" or enter the desired webhooks api key manually. The "WebhooksKey" is used to validate the messages as legitimate data transfer between our platform and your server. If you use one of our SDKs, this process happens automatically. If you choose to build your own application, make sure to include it
    3. In "Endpoint URLs", enter your webhook destination(s) on your server. Enter any additional URL in a separate line
    4. Click on "SAVE" to confirm your settings
    The image shows where to configure webhooks in the Back Office
    1. To process the incoming webhooks in your system, you need to build an application on an HTTPS endpoint on your server. It should be able to
    • Translate JSON into objects and signature verification. Our Server SDKs help you achieve this
    • Respond to a GET action and echo the 'X-GCS-Webhooks-Endpoint-Verification' header value in the body
    • Respond to the POST action with a 2XX status code for all events delivered
    • Validate the signature on the message

    Reset own password

    To reset your password, follow these steps:

    1. Go to either test/production login screen and click on Lost your password?
    The image shows where to find the “Lost your password?” link on the login screen
    1. Follow the instructions on the screen by entering your PSPID and the e-mail address for your user in the respective PSPID
    The image shows the instruction to enter the PSPID on our login screen The image shows the instruction to enter the user’s e-mail address on our login screen
    1. Keep an eye on your e-mail inbox. Our system will send you a password within a couple of minutes. Use this password to login to your account
    2. The password you have received in the e-mail is a one-time password. You have to change right after the login. Enter the three fields as follows:
      a) Current password: enter the password you have sent received by email and used for logging in
      b) New password: enter a new password by your choice. Please mind that certain requirements must be met as described in the lower part of the screen
      c) Confirm new password: enter the new password from the New password field once more

    The image shows where to find the three fields “Current password”/”New password”/”Confirm new password” on the login screen

    If you have still trouble with changing your password, contact us.

    As our platform treats users/PSPIDs on our two environments (test and live) as strictly separated entities, you have always separate passwords for either environment. Therefore, make sure not to mix up passwords for the test/live environment

    Reset password for other users/PSPIDs

    If you have multiple users in your PSPID, you can reset the passwords for them. To do so, follow these steps:

    1. Login to the Back Office. Go to Configuration > Users.
    2. In the table overview, click on "Send new password" in the line for the respective user. If a user is blocked due to too many password errors, you need to click on a separate "Activate" button first. Only then will the "Send new password" be available
    3. You get a success message on the screen. Our system sends an automated e-mail with a new password to the user. As the password is a one-time password, the recipient will have to change it as described above right after the first login.

    Payment method activation status

    You can check the payment method’s activation status via Configuration > PM activation. You can change its activation status by clicking on the "Edit" symbol via PM activation.

    Apple Pay

    Offering this payment method requires you to either register your Merchant ID (for Hosted Checkout Page integration mode) and/or created your Apple Pay certificates (for Mobile/Client Integration).

    Register Merchant ID (Hosted Checkout Page)

    Follow these steps:

    1. Log in to the Back Office. Go to Configuration > Payment Methods > Apple Pay > Hosted Checkout registration.
    2. Read the Apple Pay terms and conditions by clicking on the respective link. Click on "REGISTER" to approve them.
    3. Click on "CHECK ACCOUNT STATUS" and wait for the message "Your PSPID is correctly registered" to appear. This will take only a couple of seconds: You are ready to offer Apple Pay to your customers via Hosted Checkout Page integration mode.

    Mind the following: 

    • You can repeat step 3 anytime to check your status.
    • You can revoke your approval any time by clicking on "UNSUBSCRIBE".
    • If you reject the Apple Pay terms & conditions, the payment method will not be available on our Hosted Checkout Page.
    • Apple's terms and conditions can change. Keep yourself up to date by accessing them regularly.

    Create Apple Pay certificates (Mobile/Client integration)

    For payments via Mobile/Client Integration, you need to create Apple certificates. Depending on whether you leave handling payment data decryption to us or do this by yourself, differences apply:

    We handle decryption

    This requires you to create certificates and upload them in the Back Office. To do so, follow these steps:

    1. Log in to the Back Office. Go to Configuration > Payment Methods > Apple Pay > Add new certificate.
    2. Follow the instructions on the page to
      a) Download the certificate signing request (CSR) on that page.
      b) Create the Apple Pay certificate on the Apple developer portal using that CSR.
      c) Upload the generated certificate via the Browse.../UPLOAD CERTIFICATE buttons.

    Find detailed information about how to apply this decryption mode in the “Integration” and “Process flows" chapters.

    Mind the following: 

    • Make sure to create separate certificates for our test / production environment.
    • Apple allows you to create a maximum of three certificates per Merchant ID. Mind that only one certificate per Merchant ID can be active. Use the three slots to manage expiring certificates.
    • Due to this limitation, we recommend using different Merchant ID for our test / production environment.
    • Apple certificates expire after two years. Make sure to timely create and upload a new one. We will notify you via e-mail as soon as a certificate is about to expire.

    You handle decryption

    This requires you to create certificates and upload them on your server. To do so, follow these steps:

    1. Contact us to set up your Worldline account to allow handling decryption by yourself.
    2. Set up your Apple Developer account to allow handling Apple Pay token by yourself.
    3. Create the Apple Pay certificates on the Apple developer portal
      a) Create a Certificate signing request
      b) Create a Merchant Identity Certificate
      c) Create a payment processing Certificate
    4. Write the code for your app for data decryption.

    Find detailed information about how to apply this decryption mode in the “Integration” and “Process flows" chapters.

    This decryption mode requires more effort on your side, most notably

    • Decrypting the Apple Pay payment token.
    • Generating of public keys.
    • Creating certificate signing requests (CSRs).

    We recommend implementing it only if you

    • Prefer handling data encryption yourself.
    • Want to access the payment token before processing the actual payment.

    Bancontact

    Follow these steps to configure Bancontact for the Hosted Checkout Page. 

    1. Go to Configuration > Payment methods > Bancontact > PM options > BCMC Mobile Application solution activation
    2. Select the available payment modes your customers can choose from on the Hosted Checkout Page:
      Mode Description
      Display QR code? Allow your customers to pay by scanning a QR code.
      Display URL intent? Allow your customers to pay with the Payconiq by Bancontact app.
    3. Click on "Save" to confirm your choices
    4. Depending on your choice, the following modes are now available for the respective devices:
      Mobile Tablet Desktop
      QR code No Yes Yes
      URL intent Yes Yes No
      PAN Bancontact card Yes Yes Yes

    Bizum

    Configure the activation credentials, activate this payment method and make the test configuration.

    Configuration and activation

    1. Get your Bizum credientials (Bizum ID, Terminal ID, Secret Key).
    2. Login to the Back Office (test / live). Go to Configuration > direct.backOfficePath.paymentMethods > Choose new payment methods
    3. Look up Bizum via the search mask and click on "ADD".
    4. In "direct.backOfficePath.paymentMethods.contractDataEnter", enter the activation credentials. Click on "SUBMIT".
    5. In "PM activation", select "Yes" and click on "SUBMIT". 

    Test configuration

    You can activate Bizum in the following ways:

    • Contact us should you need help for any of the necessary activation steps.
    • Make sure to send your transaction requests to our live environment as soon as you have finalised your tests.

    Activate in test account with Direct simulator

    This allows you to send transaction requests to our test environment and perform test as described in our Testing chapter. These transactions do not have a financial impact.

    Follow these steps:

    1. Login to your test account. Go to Configuration > Payment methods > Choose new payment methods.
    2. In "Additional filter criteria", go to "Web Banking". In the table, click on "Add" next to "Bizum".
    3. In the "Contract data" tab, fill in the following properties:
      Property Description/Actions
      UID Enter any 8-digit numerical value.
      TID Enter any 3-digit numerical value.
      Secret Key Enter one of these SHA-256 SecretKey strings:

      VmFsaWRCaXp1bUtleUluMjRQb3MwMDAx
      Qml6dW1LZXlJbjI0UG9zMDAwMlZhbGlk
      S2V5SW4yNFBvczAwMDNWYWxpZEJpenVt
      SW4yNFBvczAwMDRWYWxpZEJpenVtS2V5
      MjRQb3MwMDA1VmFsaWRCaXp1bUtleUlu
      UG9zMDAwNlZhbGlkQml6dW1LZXlJbjI0
      MDAwN1ZhbGlkQml6dW1LZXlJbjI0UG9z
    4. Click on "SUBMIT" to confirm.
    5. Go to the "PM activation" tab. In "Activation", select the "Yes" radio button. Click on "SUBMIT" to confirm. 

    Activate in test account with end-to-end testing

    This allows you to send transaction requests to our test environment. Our platform sends your requests to the Bizum test environment to process your transactions. These transactions do not have a financial impact.

    This mode requires you to have a signed acquiring contract with Bizum, as you have to enter live acquiring data.

    Follow these steps:

    1. Login to your test account. Go to Configuration > Payment methods > Choose new payment methods.
    2. In "Additional filter criteria", go to "Web Banking". In the table, click on "Add" next to "Bizum".
    3. In the "Contract data" tab, fill in the following properties:
      Property Description/Actions
      UID Enter the 8-digit Unique Identifier you have received from Bizum.
      TID Enter the 3-digit Terminal ID you have received from Bizum.
      Secret Key Enter the SHA-256 SecretKey you have received from Bizum.
    4. Click on "SUBMIT" to confirm.
    5. Go to the "PM activation" tab. In "Activation", select the "Yes" radio button. Click on "SUBMIT" to confirm.

    Activate in live for real transaction processing

    This allows you to send transaction requests to our live environment. Our platform sends your requests to the Bizum live environment to process your transactions. These transactions have a financial impact.

    This mode requires you to have a signed acquiring contract with Bizum, as you have to enter live acquiring data.

    Follow these steps:

    1. Login to your live account. Go to Configuration > Payment methods > Choose new payment methods.
    2. In "Additional filter criteria", go to "Web Banking". In the table, click on "Add" next to "Bizum".
    3. In the "Contract data" tab, fill in the following properties:
      Property Description/Actions
      UID Enter the 8-digit Unique Identifier you have received from Bizum.
      TID Enter the 3-digit Terminal ID you have received from Bizum.
      Secret Key Enter the SHA-256 SecretKey you have received from Bizum.
    4. Click on "SUBMIT" to confirm.

    Przelewy24

    Configure the currency/activation credentials and activate this payment method.

    Przelewy24 currency configuration

    1. Login to the Back Office (test / live). Go to Configuration > Account > Currency.
    2. Select "PLN : Polish Zloty" from the drop down menu and click on "ADD".
    3. The currency has been added to the table listing all available currencies to you.

    Activation

    1. Get your activation credentials (Merchant ID/CRC/Secret) from your Przelewy24 user profile.
    2. Login to the Back Office (test / live). Go to Configuration > direct.backOfficePath.paymentMethods > Choose new payment methods
    3. Look up Przelewy24 via the search mask and click on "ADD".
    4. In "direct.backOfficePath.paymentMethods.contractDataEnter", enter the activation credentials. Click on "SUBMIT".
    5. In "PM activation", select "Yes" and click on "SUBMIT". 

    Was this page helpful?

    Do you have any comments?

    Thank you for your response.
    Help & Info
    API Info
    Developer Tools
    © 2025 | Worldline | Terms of use | Privacy | Cookie notice