Every integration must be reviewed and certified by the ECRYPT engineering team before processing live transactions. Certification confirms that your implementation handles payment flows correctly, meets compliance requirements, and avoids common issues that can cause problems in production.The process has three stages: prepare your integration in sandbox, schedule a certification call with our engineering team, and cut over to production once approved.
Work through the checklist below in your sandbox environment. Completing these items before your certification call keeps the review focused and avoids delays.
Refund issued against a settled transaction, amount does not exceed original
Void
Unsettled transaction voided successfully
Authorize
Authorization hold placed, no capture
Authorize then Capture
Capture completes against the original authorization, amount is equal to or less than authorized
Authorize then Void
Authorization voided before settlement
If your integration only handles initial transactions (sales, authorizations) and you plan to manage refunds, voids, and captures through the ECRYPT dashboard, let us know when scheduling your certification call.
If your integration accepts ACH payments, also test a sale and refund using the check payment object.
PCI scope. Confirm you understand your PCI obligations based on your integration method. If you tokenize via the hosted iframe or checkout page, your server never handles raw card data. If you tokenize server-side via POST /v1/tokens with raw card numbers, your environment must meet SAQ D requirements and provide ECRYPT a copy of your AOC.
Surcharging. If surcharging is enabled on your account, verify that surcharge amounts display correctly to the cardholder before they confirm the transaction. ECRYPT automatically drops surcharges on debit and prepaid cards via BIN lookup. You are responsible for complying with your states surcharging laws.
Stored credentials. When charging a customer wallet for recurring or installment payments, make sure initiatedBy is set correctly (0 for merchant-initiated, 1 for customer-initiated).
The certification call is a live review where an ECRYPT engineer works through your integration with you. Expect the session to cover:
Transaction walkthrough. You will run each of the core payment flows (sale, refund, void, authorize, capture) while the engineer monitors the requests and responses on the ECRYPT side.
Error handling review. The engineer may trigger specific decline codes or error conditions to confirm your integration responds appropriately.
Compliance check. The engineer reviews how you handle sensitive data, display surcharges (if applicable), and manage stored credentials to ensure there are no compliance risks.
Edge cases. Depending on your integration type, the engineer may check scenarios like partial refunds, duplicate transaction prevention, webhook retry handling, or terminal connectivity recovery.
Feedback. If any issues are found, the engineer will walk through what needs to change. Minor issues can often be resolved and re-tested on the same call.
Most certification calls take 30 to 60 minutes depending on the complexity of the integration.
After switching to production credentials, run a small live transaction (such as a $1.00 sale followed by a void or refund) to confirm your production configuration is working end to end.
If your integration uses in-person terminals, you must register each terminal in the production environment. Terminal registrations do not carry over from sandbox.
