Choosing Your Integration

Exirom offers three integration methods. Each trades off control, compliance burden, and time to integrate.

Integration	Description
Card API (S2S)	Server-to-server integration for card payments. You build the checkout UI and handle raw card data.
APM API	Server-to-server integration for 50+ alternative payment methods (e-wallets, bank transfers, QR, vouchers).
Hosted Payment Page (HPP)	Exirom-hosted checkout page that supports cards and all enabled APMs with minimal integration effort.

#Comparison

Feature	Card API (S2S)	APM API	Hosted Payment Page (HPP)
PCI DSS Required	Yes (Level 1 SAQ-D)	No	No
Card data on your server	Yes	No	No
Payment methods	Cards only	50+ APMs (e-wallets, bank transfers, QR, vouchers)	Cards + all enabled APMs
3D Secure handling	You implement redirect/iframe	N/A	Handled by Exirom
UI Control	Full (your checkout)	Full (your checkout, redirect/QR per method)	Limited (Exirom-hosted page)
Customization	Complete	Complete	Domain URL + enabled payment methods only (for full branding use Cashier SDK — separate docs)
Tokenization & Recurring	Yes	No	No
Time to integrate	Days	Hours	Minutes
Complexity	High	Medium	Low

#PCI DSS Compliance

This section is critical. Read it before choosing an integration.

The Card API is a server-to-server integration where raw card data (PAN, CVV) passes through your servers. This requires PCI DSS Level 1 compliance — the most stringent level. Certification is expensive, time-consuming, and requires annual audits.

If you cannot prove PCI DSS compliance, you cannot use the Card S2S API. Use HPP instead — card data never touches your servers.

APM payments do not involve card data, so no PCI certification is needed regardless of integration method.

#Decision Tree

#What's Next

Choose your path and follow the quick-start guide:

Card API — Quick Start: Card Payment
APM API — Quick Start: APM Payment
HPP — Quick Start: Hosted Payment Page