Skip to main content
Talk to an expert
Opayo logo

Opayo payment integration for ecommerce

Payment authorisation, capture and settlement reconciliation governed cleanly iWeb integrates Opayo so your checkout captures payment intent, ERP reconciles settlement, and chargebacks are tracked from the moment they arrive. Works with Adobe Commerce, Magento Open Source, Shopify Plus, BigCommerce and other storefronts.

Also searched as: payment connector, checkout plugin, app, extension.

OpayoiWeb integration layeryour storefront
Works with - Adobe Commerce · Magento Open Source · Shopify Plus · BigCommerce · Other storefronts
01 · What you get

What a Opayo integration gives you.

Governed payment capture and settlement

Finance knows which transactions have authorised, which are pending capture and which have settled. ERP reconciliation becomes a matching task rather than a detective hunt.

Tokenisation that persists across replatform

Saved customer cards continue to work after a commerce platform migration because token identifiers are decoupled from the old platform and synced to the new one.

Refund flow that reconciles back to sales

When a refund is issued in ERP, it triggers a matching refund in Opayo. Finance can see refunded, pending and failed refund attempts in one place.

Checkout that completes even if Opayo has latency

If Opayo takes time to respond, checkout captures the payment intent and retries asynchronously rather than timing out the customer. Settlement confirmations arrive as webhooks.

Compliance visibility without manual verification

3DS and SCA challenges are recorded and logged so you can prove compliance without manually reviewing every transaction.

02 · When it's worth it

Where a Opayo integration earns its place.

If two or more of these are true, the integration usually pays for itself quickly.

Processing card payments at checkout across multiple currencies
Managing deferred capture for order confirmation workflows
Handling refunds and credit notes against captured transactions
Storing tokenised cards for repeat and subscription payments
Managing 3D Secure and SCA compliance for stronger customer authentication
03 · The limits

Where off-the-shelf connectors fall short.

Vendor connectors are fine for simple cases. Here's where the real ones need more.

Deferred capture workflow not always explicit

Opayo supports auth-then-capture, but the default merchant account setup may assume immediate capture. You need to verify and configure your Opayo account for deferred capture if you want to hold authorisation pending order confirmation.

Token lifecycle not automatically synced to commerce

When a shopper's saved card is declined or revoked by the card network, Opayo may not immediately notify your vault. Commerce must periodically refresh token validity or handle failed token attempts gracefully.

Reconciliation file timing and format variability

Settlement files arrive on a schedule that may not match your ERP's accounting close cycle. Manual reconciliation may be needed if transactions settle outside your expected posting window.

Multi-currency pricing not governed in Opayo

Opayo processes the amount you send in the currency you specify, but it does not validate or enforce currency rules. Commerce must ensure the correct currency is sent for each region or store view.

Chargeback and dispute workflow not fully integrated

Opayo notifies you of chargebacks, but the evidence gathering, response and tracking workflow is manual or requires a separate dispute management system.

04 · The real work

Payment processing seems straightforward in checkout, but the gap between authorisation, capture, settlement and reconciliation is where most variance and manual rework lives.

05 · Where it sits

Where this integration sits in your estate.

Opayo holds the commercial record. The iWeb integration layer manages the rules, mappings, monitoring and exceptions. The commerce platform presents the customer-facing experience. The estate map helps agree ownership before anything is built.

Works across the whole stack. Connect Opayo to your storefront, ERP and everything between.

System of record
Source / owner
Opayo
Payment processor and gateway for card schemes and alternative methods
  • Card authorisation and decline decisions
  • Capture and refund execution
  • Tokenisation and vaulting of payment methods
  • 3DS and SCA challenge issuance
  • Daily settlement and reconciliation data
iWeb integration layer
Customer-facing commerce
Commerce platform
Adobe CommerceMagento Open SourceShopify PlusBigCommerceOther storefronts
  • Payment method selection at checkout
  • Order creation and confirmation after auth
  • Capture and refund timing
  • Customer-facing payment status and error messaging
Connected neighbours
Integration layer
ERP
Receives settlement files and authorisation status; posts invoices and credits; reconciles bank.
Integration layer
Commerce platform
Routes checkout payment requests to Opayo; displays auth status and 3DS challenges; stores order and token references.
Integration layer
Customer data platform
May ingest payment success/failure events for customer segments and marketing suppression.
Integration layer
Dispute and chargeback handler
Receives chargeback notifications from Opayo; gathers evidence and submits dispute responses.
Integration layer
Bank and accounting system
Receives settlement and reconciliation data; matches against bank statements and financial close.
Two-way sync where relevant
06 · Surrounding systems

Systems this integration usually sits next to.

Examples, not a closed list. iWeb is platform-agnostic on both sides: we wire this integration into whatever ecommerce platform and surrounding systems your estate already runs.

Ecommerce platforms (examples)
  • Adobe Commerce
  • Magento Open Source
  • Shopify Plus
  • BigCommerce
  • Other storefronts
Surrounding systems (examples)
  • ERP (finance and order capture)
  • Checkout and commerce platform
  • Order management system
  • Customer data platform
  • Bank reconciliation and accounting system
  • Dispute management workflow
  • Subscription or billing system
Not sure?

Not sure if this works with your stack?

Tell us what you’re using and what needs to connect. We’ll give you a straight view on what’s possible, what might be awkward, and the safest way to approach it.

07 · Data flows

The data flows we wire.

Each flow has a direction and an owner. We agree both before a line of code is written.

Into OPAYO
From OPAYO
Payment authorisation and capture: Checkout sends card details or a stored token to Opayo for authorisation
Opayo validates the card against the card network and returns an authorisation code or decline.
Authorisation response to checkout: Opayo returns authorisation status, transaction reference and challenge data (for 3DS) back to checkout so the shopper can complete payment or receive decline messaging.
Settlement and reconciliation data to ERP: Daily settlement files from Opayo record captured transactions, fees and chargebacks so finance can match payments against invoices and reconcile bank statements.
Refund and credit note requests: When an order is cancelled or returned, commerce sends a refund request to Opayo using the original transaction reference
Opayo reverses the charge or issues a credit depending on the transaction state.
Chargeback and dispute notifications: Opayo notifies commerce and ERP of chargebacks and disputes so disputes can be tracked, evidence gathered and finance reconciliation adjusted accordingly.
08 · How we build it

How iWeb configures the integration around your business.

Same method on every integration. The decisions come before the code.

  1. 01
    Payment flow design

    We design auth-then-capture, immediate-capture, and tokenisation flows to match your order lifecycle. We specify whether capture happens at order confirmation, at despatch or at invoice posting.

  2. 02
    Opayo account and integration setup

    We configure your Opayo merchant account for your business model, test deferred capture, token storage and multi-currency handling. We obtain API credentials and design API call routing.

  3. 03
    ERP reconciliation integration

    We build ETL to pull daily settlement and chargeback files from Opayo and match them to ERP sales orders and invoices. We create reconciliation dashboards and exception alerts.

  4. 04
    Refund and chargeback handling

    We build workflows so that ERP credit notes trigger refund API calls to Opayo and chargeback notifications from Opayo are logged and routed to dispute handlers.

  5. 05
    Testing, monitoring and runbooks

    We design test suites for 3DS flows, token expiry scenarios and Opayo downtime. We set up monitoring on payment success rates, capture delays and reconciliation gaps. We write runbooks for common failure modes.

09 · Ownership

Who owns what.

The single most important table in any integration. One system owns each field; everything else reads it.

Data
Source / owner
Maintained by
Notes
DataPayment methods enabled
Source / ownerOpayo
Maintained byPayments and Compliance
NotesOpayo merchant account configuration specifies which card schemes, alternative methods and currencies are active; commerce platform reads this config.
DataAuthorisation and capture status
Source / ownerOpayo
Maintained byOpayo and Commerce Platform
NotesOpayo holds the authorisation state; commerce platform records the decision (auth, capture, fail) and syncs to ERP for order and invoice workflows.
DataRefund and credit note requests
Source / ownerOpayo
Maintained byERP and Commerce
NotesERP or commerce initiates a refund request (via API) to Opayo using the original transaction reference; Opayo processes and confirms the refund.
DataTokenised payment methods and vaulting
Source / ownerOpayo
Maintained byOpayo and Commerce Platform
NotesOpayo stores tokenised card data; commerce platform stores the token reference and customer associations; both must sync on token validity and expiry.
DataSettlement and transaction reconciliation
Source / ownerOpayo
Maintained byOpayo and ERP
NotesOpayo generates daily settlement files showing captured transactions and fees; ERP reconciles these against invoices and bank statements.
DataChargebacks and disputes
Source / ownerOpayo
Maintained byOpayo and Dispute Handler
NotesOpayo notifies of chargebacks; dispute handler or finance team tracks evidence gathering and response workflow; Opayo records the final outcome.
Data3DS and SCA compliance logging
Source / ownerOpayo
Maintained byOpayo
NotesOpayo records all 3DS challenges, responses and authentication attempts for audit and compliance review; commerce platform may request logs for dispute evidence.
10 · Experienced integrator

Built payment integrations before

iWeb has built Opayo integrations for commerce estates ranging from single-currency to multi-currency, immediate-capture to deferred-capture, and subscription renewal workflows. We understand how payment processing sits between checkout and ERP reconciliation.

We design auth-then-capture flows that match your order confirmation and despatch timelines, and we test expiry and retry logic so authorisations do not ghost or revenue is not lost.
We build reconciliation pipelines that ingest Opayo settlement files and match them to ERP invoices, surfacing variances and chargebacks before finance close.
We handle 3DS and SCA flows without breaking mobile or headless checkout and we log all challenges for compliance and dispute evidence.
We design token storage and renewal patterns so tokenised cards survive replatforming and so failed token attempts trigger customer notifications.
We model Opayo downtime scenarios and build asynchronous retry queues so payments do not block order creation and unprocessed transactions are captured and monitored.
11 · Before launch

What we test before launch.

Every one of these is rehearsed before a customer ever sees the integration.

Test that authorisation succeeds and capture can be deferred; verify that pending authorisations expire after 30 days without capture.
Test that refund requests trigger Opayo refund API calls and that duplicate refund attempts are rejected.
Test that 3DS challenges display and that completion returns control to checkout with a confirmed auth status.
Verify that settlement files arrive on schedule and that transaction reconciliation finds no mismatches in amount, currency or status.
Test that if Opayo is unreachable at checkout, the transaction is queued for retry and not silently failed.
Confirm that saved card tokens survive a commerce platform replatform migration by exporting and re-importing token references.
12 · Failure points

Common risks and where they bite.

We name these on day one. A risk written down is a risk you can plan around.

Authorisation held but never captured

If order confirmation fails after payment auth, the authorisation may expire (typically after 30 days) without being captured. Revenue is lost and the shopper may dispute the hold. You need a job that captures pending authorisations or warns finance when capture times out.

Refund request rejected because transaction already refunded

If a refund is issued twice (e.g. due to a retry loop or manual entry), the second refund fails silently. Finance does not see the failed refund and posts it as a credit memo. Reconciliation shows a variance.

Tokenised card declined on renewal, shopper never notified

A stored card is used for a subscription or repeat purchase, but the card is declined. If commerce does not handle the decline explicitly, the transaction is recorded as failed but the shopper receives no notification. Revenue is lost and the shopper does not know to update their payment method.

Chargeback arrives after reconciliation is closed

Opayo notifies you of a chargeback days or weeks after the original transaction settled. Finance has already closed the period and the chargeback is recorded as a variance or unexpected credit.

3DS challenge not completed during checkout timeout

Shopper completes 3DS in their bank app but checkout times out waiting for the response. The auth is pending or declined and the shopper is told payment failed, even though the bank may have authorised it. You need polling or webhook-based completion.

Settlement file arrives late or in unexpected format

Opayo's settlement file is delayed or formatted differently than usual (e.g. due to a public holiday or system maintenance). Reconciliation jobs fail or hang waiting for the file. Finance does not know which transactions have settled.

14 · Questions

Common questions about Opayo integrations.

How does Opayo fit into our checkout and order flow?

Opayo sits behind checkout as a payment processor. When a shopper submits card details or a saved token, checkout sends the payment intent to Opayo. Opayo validates the card against the card network and returns a result (authorised, declined, or challenge required). Checkout then creates an order based on the authorisation. Opayo does not create or manage the order itself.

What is the difference between authorisation and capture in Opayo?

Authorisation reserves funds on the shopper's card but does not transfer money to your bank account. Capture is the instruction to Opayo to actually take the money. You can auth at checkout and capture later (e.g. when the order ships), or you can auth and capture immediately. Your Opayo account configuration and API flow determine the timing.

If we replatform from one commerce platform to another, what happens to saved cards?

Saved card tokens are stored in Opayo, not in your commerce platform. If you keep your Opayo merchant account, tokens are still valid on the new platform as long as you sync the token references to customers in the new platform. You do not need to re-tokenise all cards.

How do refunds work and when do they appear in the shopper's account?

To refund a transaction, commerce sends a refund request to Opayo using the original transaction reference. Opayo credits the shopper's card immediately at the processor level, but the shopper's bank takes 3-5 working days to post the credit to their account. Opayo notifies you when the refund is processed.

What happens if Opayo is unavailable at checkout?

If Opayo is unreachable, checkout cannot process the payment. You have two options: (1) fail the transaction and show the customer an error, or (2) queue the payment request and retry asynchronously once Opayo is back. Option 2 requires that you handle incomplete orders and retries carefully so you do not oversell or charge twice.

How do we stay PCI-compliant when tokenising cards?

Opayo is PCI Level 1 certified. By using Opayo's hosted payment field or token API, you avoid storing raw card data on your servers. Your checkout form collects card details and sends them directly to Opayo, which returns a token. You store the token, not the card. This approach greatly reduces your PCI burden.

How does 3D Secure (3DS) work and when is it required?

3D Secure adds an extra authentication step where the shopper verifies themselves with their bank. Opayo can be configured to require 3DS for all transactions, or only for high-risk or high-value ones. When 3DS is needed, Opayo returns a challenge URL or data. Checkout displays the challenge to the shopper. Once they authenticate, Opayo confirms the outcome.

How do we reconcile Opayo payments with our ERP?

Opayo generates a daily settlement file listing all captured transactions, refunds, chargebacks and fees. You import this file into your ERP and match transactions against invoices. Each transaction has an Opayo reference that links back to the original order. Finance reconciles the settled amount against your bank account.

What happens if a chargeback is filed against a transaction?

A chargeback occurs when a shopper disputes a transaction with their bank. Opayo notifies you of the chargeback and removes the amount from your next settlement. You have time to gather evidence (order confirmation, delivery proof, customer communication) and submit a dispute response through Opayo. If your evidence is strong, the chargeback can be reversed.

Can Opayo handle multi-currency payments?

Yes. Opayo supports payments in many currencies. You configure which currencies your merchant account accepts. At checkout, you specify the currency for each transaction. Opayo converts the amount if needed and processes the payment. Your ERP must track which currency each transaction was authorised and settled in.

How do subscription or repeat payments work with saved tokens?

You store a tokenised card when the shopper first pays. For future charges (e.g. monthly subscription renewal), you send the token to Opayo instead of asking the shopper to re-enter their card. Opayo charges the token. If the charge fails (e.g. card expired), Opayo returns a decline. You must handle the decline and notify the shopper to update their card.

What monitoring and alerts should we set up?

Monitor payment authorisation success rate, capture success rate, refund success rate, and settlement reconciliation variance. Alert if success rates drop below your baseline (e.g. more than 2-3% payment failures), if settlement files arrive late, or if reconciliation discrepancies appear. Log all API calls and responses for debugging payment failures.

If a payment is authorised but the order is never created, what happens?

The authorisation stays pending in Opayo until it expires (usually 30 days). If it is not captured by then, the hold is released and no money is taken. However, the shopper may see a pending charge on their statement. To avoid this, you should either capture quickly after order creation, or have a job that reviews pending authorisations and captures them before expiry, or explicitly expires them.

Can we store sensitive data like CVV in Opayo?

No. Opayo stores the card token, expiry and cardholder name, but never the CVV. If you need to capture CVV for a later refund or dispute, you must ask the shopper to provide it again or ask them to authenticate with their bank (3DS). Do not store CVV yourself.

Next step

Have a Opayo integration brief?

Send the brief, or tell us what is breaking. You will get a written response from a senior expert: the integration boundary, the realistic shape, the risks worth naming, and what it takes to support after launch.
Talk to an expertOr browse all integrations →