Payment gateway integration
Payment gateway and PSP integration for fintech and banking platforms. We design the integration, build it inside your stack, and hand it back tested, reconciled and documented.
Results from work we have shipped
What we integrate
Authorisation, capture, partial capture, void, refund and chargeback flows against your acquirer or PSP - with the settlement and payout side wired in, not only the checkout.
Apple Pay, Google Pay and the alternative methods your market actually uses, behind one internal payment interface so the next one is configuration rather than a rebuild.
Payment initiation over open banking and A2A rails where they beat card economics, including the consent and status-polling flows cards do not have.
SCA-compliant authentication with exemptions applied deliberately, so approval rates do not quietly drop when a scheme rule or a regulation moves.
Card data tokenised at the provider or in a dedicated vault, so your systems never hold a PAN and your PCI DSS scope stays as small as the architecture allows.
Settlement files parsed, matched against your transactions and posted to your ledger, with a break report a human can actually act on.
Payment middleware and SDKs on the device itself, for businesses that take money at a counter as well as online.
See the serviceOne gateway standing between you and revenue?
Send us the provider and the flow. We will tell you what the integration really involves, and where it usually breaks.
How we deliver a payment gateway integration?
The same delivery discipline on every engagement - from the first map to a handover your team runs.
We map the money: every state a payment can reach, who owns it, what the provider promises and where your ledger has to agree. The map is the scope, and it is what we hold ourselves to.
We work in your repository, your CI and your identity provider. The integration is a part of your platform from the first commit, not a parallel project that has to be merged later.
Duplicate webhooks, late webhooks, partial captures, refunds after settlement, provider downtime. We test the paths that cost money, not only the happy path a demo shows.
Tests, runbooks, dashboards and a reconciliation process your team runs without us. The source and the mapping logic stay with you.
What shapes the work
Connecting to a payment gateway is not the hard part. The provider's sandbox will take your first authorisation inside a day, and that is usually the moment a team calls the integration done. Everything that decides whether it survives production comes after: the capture that succeeds while the webhook never arrives, the customer who taps twice, the refund that lands against a settlement which has already closed.
We treat a payment gateway integration as finished when the money reconciles - when the transactions in your database, the provider's settlement file and your ledger agree at month end, and a break in any of the three is visible to you before finance finds it.
That is a wider scope than a working checkout, and it is the scope we quote. It means idempotency on every write path, signed webhooks with replay handling, a reconciliation job with a defined break process, and enough observability that support can answer "where is my money" without opening a database console.
The failures that reach a board meeting are rarely exotic. In our experience they cluster in a short list, and each one has a known answer that has to be designed in rather than patched on.
- Webhooks that arrive twice, out of order, or not at all. Without idempotency keys and a reconciliation sweep, a retried webhook double-credits a customer and a lost one silently strands a payment.
- Optimistic status handling. Treating an authorisation as revenue is how a platform books money it never captures. The state machine has to model authorised, captured, settled and refunded as separate facts.
- Refunds and chargebacks bolted on late. They touch the ledger, the settlement file and the customer record at once, so retrofitting them is far more expensive than designing them in.
- Reconciliation left to finance and a spreadsheet. It works until volume grows, then it becomes the reason nobody trusts the numbers.
None of this is provider-specific. It is the difference between an integration that passes a demo and one that runs at GBP 10M+ in daily transactions.
Most platforms start with a single provider and a single method, and the integration is written straight into the checkout. The second method - a wallet, a local scheme, an A2A rail - is where the cost appears, because the first integration made assumptions the second one breaks.
We put an internal payment interface between your product and the providers from the start: one contract your application speaks, adapters behind it per provider and per method. Adding a wallet becomes an adapter and a configuration change instead of a second checkout.
That interface is also what makes a provider swap survivable later, and it is the foundation the payment orchestration layer sits on if you eventually run more than one acquirer.
The cheapest way to pass a PCI DSS assessment is to have nothing in scope. Wherever the architecture allows, we keep card data out of your systems entirely: the PAN is captured by the provider's hosted fields or SDK and your platform only ever holds a token.
Where a token vault genuinely is needed - typically to keep card-on-file portable across providers - we design it as a narrow, isolated service with its own access control and audit trail, rather than letting card data spread through the platform.
Your security team is right to treat a new payment provider as part of the attack surface. We document what the integration sends, what it stores, which keys exist and who can rotate them, so the review is a conversation about evidence rather than assurances.
Price follows scope, and in a gateway integration the scope drivers are concrete: how many providers and methods are in scope, whether refunds and chargebacks are included, whether settlement reconciliation is in scope, and whether the flow touches a terminal as well as a browser.
We will tell you which shape fits on the first call. A single provider with cards, refunds and reconciliation is a well-understood piece of work; the same integration plus a wallet, an A2A rail and a POS SDK is a different engagement and we will say so rather than discovering it in month two.
The reference points are real: an Android payment SDK for payabl. reached production in one month, and a credit PWA for $lana (Monetech) went live with two KYC providers and full reporting in five months. Your numbers depend on your scope, which is what discovery exists to pin down.
Working with WislaCode Solutions has been a great experience! We needed an Android SDK developed under a tight timeline, and their team delivered a flexible, user-friendly solution that integrated seamlessly into our ecosystem. Their transparent approach, proactive communication, and commitment to quality made the collaboration smooth...
What is included in a gateway integration engagement
A gateway integration buys a production capability, not a set of working endpoints. Every engagement ends with the same things in your hands:
The integration running in production, inside your repository and your CI.
The full payment state machine - authorise, capture, refund, chargeback - with idempotency on every write path.
Signed webhook handling with replay and out-of-order protection.
A reconciliation job against the provider's settlement file, with a break report and a defined process for working it.
Dashboards and alerts on the flows that carry money, so a failure is noticed by you and not by a customer.
Tests covering the failure paths, a runbook for the on-call engineer, and a documented handover to your team.
How long does a payment gateway integration take?
Scope sets it: the number of providers and methods, whether refunds, chargebacks and settlement reconciliation are included, and whether a terminal is involved. As a reference point from our own work, an Android payment SDK for payabl. reached production in one month, and a credit PWA for $lana (Monetech) went live with two KYC providers and full reporting in five months. Discovery exists to turn your scope into a dated plan before you commit.
Can you integrate the payment provider we already use?
Yes, and it is usually the right call. We work with the acquirer, PSP or gateway you already operate and build inside your existing architecture. If the provider is genuinely the constraint - on cost, on approval rates or on a market it cannot reach - we will say so, and an orchestration layer is often the answer rather than a rip-and-replace.
How do you handle PCI DSS and card data?
By keeping card data out of your systems wherever the architecture allows: the PAN is captured by the provider's hosted fields or SDK, and your platform holds only a token. That keeps your PCI DSS scope as small as possible. Where a token vault is genuinely required, we isolate it as a narrow service with its own access control and audit trail, and document exactly what is stored and who can reach it.

A consumer banking super app in a regulated market had to launch at scale inside a fixed regulatory and competitive window. We owned the integration architecture and mobile delivery.
View case
$lana (Monetech), a regulated multi-country consumer credit platform, needed its compliance and data integrations online inside a tight regulatory window. We owned the integration architecture and delivered.
View case
PushMaster is an enterprise-grade push notification server for reliable, multi-channel message delivery across web and mobile.
View caseThis was a very task-heavy project, mostly exploration and R&D-driven. However, by the end of WislaCode, we were left with a detailed roadmap consisting of clear milestones - able to be converted into tangible KPIs - and some neat ideas of what actionable are next. Integrating...
We collaborated with WislaCode on a product strategy development project and gave the highest marks for this contractor. The WislaCode team delivered on time and with outstanding quality.
We collaborated with WislaCode on a route-to-market optimisation project. Working with WislaCode was effective, transparent and predictable, which is especially critical for AI and ML projects. We provided them with six months of anonymised data, and within just three weeks...
Need a payment gateway integrated properly?
Thirty minutes with the engineers who would build it - the flow, the edge cases and what it takes to reconcile.


