Skip to main content

Gateway Basics

On this page
Prerequisites

Before understanding gateways, understand:

A gateway connects your website to a processor. It doesn't move money. If your "processor" has a JavaScript snippet you embed on checkout, that's the gateway part.

Gateway vs. Processor vs. Acquirer

These terms get confused constantly. Here's the difference:

ComponentWhat It DoesHandles Money?
GatewaySecurely transmits payment data to processorNo
ProcessorRoutes transactions, communicates with networksNo (facilitates)
AcquirerHolds your merchant account, settles fundsYes

Analogy

  • Gateway = The secure mailroom that receives packages and sends them to the right office
  • Processor = The logistics company that routes packages between locations
  • Acquirer = The bank that actually holds and deposits your money

What Gateways Actually Do

Core Functions

FunctionWhat It Means
Secure data captureCollects card numbers without touching your servers (PCI scope reduction)
EncryptionEncrypts card data for transmission
TokenizationReplaces card numbers with tokens for storage
API interfaceProvides developer-friendly APIs for integration
Transaction routingSends transactions to the right processor

Common Features

FeatureWhat It Does
Hosted checkoutPre-built checkout pages you redirect to
Embedded formsJavaScript forms that run on your site
Mobile SDKsNative iOS/Android payment integration
WebhooksNotifications when transactions complete
DashboardTransaction reporting and management
Fraud toolsBasic fraud screening (rules, velocity)

When You Need a Separate Gateway

You Don't Need a Separate Gateway When:

You use a PayFac like Stripe, Square, or PayPal

These combine gateway + processor + acquirer into one service:

  • Stripe = Gateway + Processor + Acquirer relationship
  • Square = Gateway + Processor + Acquirer relationship
  • PayPal = Gateway + Processor + Acquirer relationship

You sign up, integrate their JavaScript, and start processing. One contract, one dashboard.

You Need a Separate Gateway When:

ScenarioWhy
Multi-processor strategyGateway routes to different processors for failover or optimization
Existing acquirer relationshipYou have a merchant account but need modern APIs
Processor doesn't have good APIsLegacy processor with outdated integration
Custom integration needsSpecific features not available from PayFacs
International routingNeed to route to local acquirers in different countries

Gateway-Only vs. Full-Stack

TypeWhat You GetExamples
Gateway-onlyJust the secure transmission layer. You need a separate processor/acquirer.Authorize.net, NMI, PayPal Payflow
Full-stackGateway + Processor + Acquirer bundled. All-in-one.Stripe, Square, Adyen, Braintree

Trade-offs

FactorGateway-OnlyFull-Stack
ComplexityHigher (multiple vendors)Lower (one vendor)
FlexibilityHigher (choose processor)Lower (locked in)
PricingPotentially lower (negotiate each layer)Fixed or bundled
SupportMultiple contactsSingle contact
SwitchingCan switch processor, keep gatewaySwitching is all-or-nothing

Common Gateway Configurations

Configuration 1: All-in-One (Most Common)

You → Stripe (Gateway + Processor + Acquirer relationship)

Best for: Most SMBs. Simple, fast to start, good enough pricing.

Configuration 2: Gateway + Processor

You → Authorize.net (Gateway) → First Data (Processor/Acquirer)

Best for: Existing processor relationship with outdated APIs.

Configuration 3: Multi-Processor Through Gateway

You → Spreedly (Gateway) → Processor A (primary)
                        → Processor B (failover)
                        → Processor C (international)

Best for: High-volume merchants needing redundancy or routing optimization.

Configuration 4: Payment Orchestration

You → Primer/Spreedly → Multiple processors + payment methods
                     → Routing rules
                     → Failover
                     → Analytics

Best for: Complex needs, multiple markets, high volume.

Full-Stack (Gateway + Processor)

GatewayBest ForNotes
StripeMost online businessesBest APIs, good global coverage, 2.9% + $0.30
SquareRetail + online hybridStrong POS, simpler than Stripe, 2.9% + $0.30
BraintreePayPal integrationOwned by PayPal, good for marketplaces
AdyenEnterprise, globalPowerful, complex, enterprise pricing
Checkout.comMid-market to enterpriseStrong in Europe, competitive pricing

Gateway-Only

GatewayBest ForNotes
Authorize.netLegacy integrationWidely supported, older technology
NMIISOs and resellersWhite-label friendly
PayPal PayflowPayPal + other processorsConnects to various processors

Payment Orchestration

PlatformBest ForNotes
SpreedlyMulti-processor routingVault + routing + analytics
PrimerModern orchestrationVisual workflow builder
PayrailsGlobal optimizationRouting optimization focus

Gateway Fees

What gateways charge varies by model:

Full-Stack Pricing

Typically bundled:

  • Per-transaction: 2.9% + $0.30 (US domestic cards)
  • International: +1-1.5%
  • Monthly fee: Usually $0 for small merchants

Gateway-Only Pricing

Separate from processor fees:

  • Per-transaction: $0.05-$0.15
  • Monthly fee: $10-$50
  • Setup fee: $0-$200

Total cost = Gateway fee + Processor fee + Interchange

Integration Considerations

PCI Scope Reduction

Gateways reduce your PCI compliance burden by handling card data:

Integration TypeCard Data Touches Your Server?PCI Level
Redirect to hosted pageNoSAQ A (simplest)
Embedded iframeNoSAQ A-EP
JavaScript tokenizationNoSAQ A-EP
Direct API (cards)YesSAQ D (hardest)

Recommendation: Use embedded forms or hosted pages unless you have a specific reason to handle cards directly.

API Quality Matters

Gateway API quality varies dramatically:

FactorGood GatewayPoor Gateway
DocumentationClear, complete, examplesSparse, outdated
SDKsMultiple languages, maintainedLimited, stale
SandboxFull-featured test environmentLimited or broken
WebhooksReliable, retries, loggingUnreliable, no retries
Error messagesSpecific, actionableGeneric, unhelpful

Switching Gateways

What breaks when you switch:

ElementImpact
TokensOld tokens don't work with new gateway
Saved cardsMust re-collect or migrate
Integration codeNeeds rewriting
WebhooksDifferent format/structure
ReportingDifferent dashboard/exports

Mitigation: Some orchestration layers (Spreedly) can vault tokens and abstract gateway changes.

Test to Run

Gateway evaluation checklist:

□ Do they support your current processor (if keeping it)?
□ API documentation quality - can a dev understand it?
□ Sandbox available and functional?
□ What's their uptime SLA?
□ Webhook reliability and retry logic?
□ What happens to tokens if you switch away?
□ Support quality (test with pre-sales question)
□ Pricing for your volume and average ticket?

Scale Callout

VolumeRecommendation
Under $100k/moFull-stack (Stripe, Square). Don't overcomplicate.
$100k-$500k/moStill fine with full-stack. Evaluate if specific needs arise.
$500k-$2M/moConsider if multi-processor or custom routing would help.
Over $2M/moEvaluate orchestration. Multi-processor redundancy matters.

Where This Breaks

  1. Token portability. Tokens from one gateway don't work at another. Switching means re-collecting cards or complex migration.

  2. Feature assumptions. Not all gateways support all features. Check: partial captures, auth holds, 3DS2, network tokens.

  3. International support. "Global coverage" varies. Check specific countries and payment methods you need.

  4. Downtime cascades. If your full-stack provider goes down, you can't process. Multi-processor setups need orchestration to failover.

Next Steps

Just starting out?

  1. Pick a full-stack provider → Buying Payments
  2. Integrate embedded forms → Reduces PCI scope
  3. Don't overthink it → Switch later if needed

Evaluating gateways?

  1. List your requirements → Features, countries, payment methods
  2. Test the sandbox → Before you commit
  3. Check pricing at your volume → May vary significantly

Already have a gateway?

  1. Map your stack → Payment Ecosystem
  2. Evaluate if it's still right → Volume changed? Needs changed?
  3. Consider orchestration → If multi-processor makes sense

See Also