Click here to search

Welcome to the XML API

Warning:  This guide has been migrated to our new developer portal. The version at this location will soon be removed.

This guide helps you connect to the Worldwide Payment Gateway, using our XML API. It contains everything you need to get connected and start securely processing payments.

You connect with a Direct or Hosted integration.

About Direct

You can manage shopper data and the shopper journey within your own environment.


What we do

  • Process your shopper's payment

  • Carry out changes/modifications to the payment

  • Notify you of payment status changes

  • Respond to your queries about the status of an order

What you do

  • Collect details of the items your shopper wants to buy

  • Collect the shopper's payment details (such as cardholder name and card number) and their chosen payment method

  • Send the payment to Worldpay

About Hosted

We reduce your PCI-DSS burden by handling and validating your shopper data on our payment pages.

What we do

  • Collect the shopper's payment details

  • Process your shopper's payment

  • Carry out changes/modifications to the payment

  • Notify you of payment status changes

  • Respond to your queries about the status of an order

What you do

  • Collect details of the items your shopper wants to buy

  • Send the order details to Worldpay

  • Redirect the shopper to Worldpay to make a payment

  • Inform the shopper of the payment result


To take card payments, you must comply with the Payment Card Industry Data Security Standard (PCI DSS). Collecting and storing information on your own payment pages (using our Direct model) will increase the costs of complying with the PCI-DSS, so this method is only suitable if you have high transaction volumes.

You can reduce the burden of PCI-DSS compliance by using Worldpay's Client Side Encryption with your own payment page integration, or avoid it by using Worldpay's Hosted Payment Pages, where we collect and process your shoppers' payment details. If you’re currently using our Hosted Payment Pages and want to switch to using your own payment pages, you may want to consider Tokenisation as a way to reduce your PCI burden.

To learn more about PCI DSS, click here.

3D Secure and Dynamic 3D Secure

3D Secure, the cardholder authentication scheme for online credit and debit card transactions:

  • Helps reduce your exposure to fraud

  • Increases confidence in online shopping through an additional level of authentication

For more customisation, Dynamic 3D Secure enables you to switch on and off the 3D Secure authentication service per transaction.

Our guidance shows you how to integrate with 3D Secure here. To learn about Dynamic 3D Secure, see our Dynamic 3D Secure guide.

What else you can do

Order modifications

Order modifications give you the flexibility to modify an order you have previously submitted to us - for example, to cancel, capture or refund the payment, or add your own back-office code to the order. With our batched modification service you can also group modifications together in a single message.

Order notifications

This service automatically reports the status of your orders to your back-office system whenever a payment changes status, covering a large number of payment statuses. Order notifications are available in a number of formats, including text, cgi and XML, and are delivered via email and HTTP message.

Order inquiries

You can send order inquiries to find out the current payment status of an existing order, or of a batch of orders. Order inquiries can be a useful tool, but mostly you will find that order notifications are more convenient - we do all the work, because order notifications are sent to you automatically when the status of a transaction changes.

Order batches

Instead of sending Worldpay orders for processing individually, you can submit a large number of orders in one batch.

Sending batch orders may be right for you if:

  • You do not need immediate online feedback on the status of orders

  • Your business model allows you to store large numbers of orders securely on your own platform, and send them to Worldpay at regular intervals for processing

Test your integration

We provide a comprehensive secure-test environment where you can test your technical integration with Worldpay. Our test environment supports the testing of both card payments and alternative payment methods, from initial order submission through to the SETTLED state. Testing for the Direct model is covered here; testing for the Hosted model is explained here.

Mobile Wallets

Enable the Apple Pay, Google Pay and Samsung Pay wallet services to let your shoppers pay in store, in-app and online without the hassle of remembering their PIN or passwords.

Alternative payment methods

Use our alternative payment methods to engage with shoppers worldwide, increasing your sales and revenue. We classify alternative payment methods as:

  • eWallets, such as PayPal and WebMoney

  • Bank transfers, such as iDEAL and SOFORT Banking

  • Direct debits, such as SEPA

  • Post-pay vouchers, such as Boleto Bancario

  • Local payment cards, such as Carte Bancaire

For more information about the alternative payment methods we offer, see the Alternative Payment Methods guide.

Worldpay fraud detection services

We offer several ways of dealing with risk, both in terms of preventing it, and managing fraud when it happens:

  • Risk Guardian is a sophisticated decisioning engine which uses a wealth of technology to detect and prevent fraudulent transactions in real time.

  • The Risk Management Module, appropriate to medium-risk merchants, is a highly effective fraud screening system comprising a series of automated risk checks applied to each transaction process.


We'd really appreciate your feedback on this guide. If you have any comments or suggestions, please let us know.

You can email us at: