Direct method
The Direct method lets you fully control the checkout and payment experience without redirecting the user to the Pomelo-hosted payment gateway. All integrations are server-side. We recommend a combination of polling (querying) and the webhook system for the most secure and fool-proof integration.
Choosing a provider
In the API request, set the provider field to the payment method the user selected on your site:
| Provider | Description |
|---|---|
alipay | QR-code payments through Alipay |
wechatpay | QR-code payments through WeChat Pay |
debit_credit_card | Card payments |
crypto | Cryptocurrency payments |
For card payments, unless you're using Client-side tokenization, you still need to redirect the user to securely capture card details — the Direct method by itself does not handle PCI-scope card capture.
The fields returned in the response depend on the provider:
| Provider | Field | Description |
|---|---|---|
alipay | vendorQrCode | Encode this data string into a QR code and display it to the user |
wechatpay | vendorQrCode | Encode this data string into a QR code and display it to the user |
crypto | vendorUrl | URL to redirect the user to |
You can also pass customer details and other transaction parameters so the user doesn't have to fill them in.
You should specify a webhook per transaction (or set a global webhook in your merchant dashboard) so Pomelo can notify your backend when the transaction state changes. Alternatively, long-poll using the transactionId.
Example: card payment
NodeJS:
const axios = require('axios');
async function createPayment() {
const request = {
amount: 1000, // 10.00 GBP
currency: 'GBP',
provider: 'debit_credit_card',
localId: 'my-invoice-123',
webhook: 'https://yourwebsite.com/webhook-endpoint',
locale: 'en',
// ... additional parameters
};
const response = await axios.post(
'https://api.pomelopay.com/public/v2/transactions',
request,
);
// for QR-code providers, this would be the QR data string
// for cards, the response shape depends on the integration mode
return response.data;
}
PHP:
<?php
require 'vendor/autoload.php';
use GuzzleHttp\Client;
function createPayment() {
$request = [
'amount' => 1000, // 10.00 GBP
'currency' => 'GBP',
'provider' => 'debit_credit_card',
'localId' => 'my-invoice-123',
'webhook' => 'https://yourwebsite.com/webhook-endpoint',
'locale' => 'en',
// ... additional parameters
];
$client = new Client();
$response = $client->post(
'https://api.pomelopay.com/public/v2/transactions',
['json' => $request],
);
return json_decode($response->getBody(), true);
}
Webhook payload example
When the transaction state changes, Pomelo sends a POST to your webhook URL with a body like:
{
"created": "2023-06-09T06:45:18.814Z",
"updated": "2023-06-09T06:45:18.814Z",
"deleted": false,
"eventType": "NOTIFY_TRANSACTION_CHANGE",
"transactionId": "6482ca14a28d4e00084afbe6",
"state": "CONFIRMED",
"signature": "yr0gXPw/LDHXX18Nyd8Idg==",
"amount": 1000,
"amountFractional": 10,
"amountFormatted": "GBP 10.00",
"currency": "GBP",
"provider": "linepay",
"qrCode": {
"url": "https://qr.example.com/transactions/6482ca14a28d4e00084afbe6.png"
},
"originalSignature": "yr0gXPw/LDHXX18Nyd8Idg==",
"externalSource": "Pomelo Connect Gateway",
"id": "6482ca7e2881b800082c2a20"
}
See the Webhooks guide for full webhook setup, signature verification, and processing recommendations.