Payment Gateways

Exp:resso Store comes with many different payment gateways for you to choose from. Our payment processing is based on the open source Omnipay library, which supports dozens of existing payment gateways, and is used on thousands of websites worldwide.

In general, payment gateways fall into one of two categories: external (off-site) gateways and merchant-hosted (on-site) gateways. Merchant hosted gateways allow you to collect the customer’s credit card details directly on your site, but have much stricter requirements, such as an SSL certificate for your server. You will also be subject to much more rigorous security requirements under the PCI DSS (Payment Card Industry Data Security Standard).

Payment gateways must be enabled under Store » Settings » Payment Methods. You can then use them in your site, either by adding the payment_method="" parameter to the Checkout Tag or Payment Tag, or by submitting a payment_method form field.

Using the payment_method parameter:

{exp:store:checkout payment_method="PayPal_Express" return="store/order/ORDER_HASH"}

Under the hood, this simply adds a hidden field to your page:

<input type="hidden" name="payment_method" value="PayPal_Express" />

Using the payment_method form field:

<select name="payment_method">
    <option value="Stripe">Credit Card</option>
    <option value="Manual">Bank Transfer</option>

For on-site payment gateways, you will need to collect customer credit card details in your Checkout or Payment form. Below you will find a list of required parameters for each gateway. You can submit these parameters using regular HTML form inputs:

<input type="text" name="payment[card_no]" value="" />

Note that the name="" parameter must be specified as payment[card_no] rather than simply card_no. For a full example, see the sample template under store_example/checkout3.

If you require a payment gateway which is not yet supported, you can either develop it yourself (requires PHP experience), or we can develop it for you. If you wish to develop your own gateway, start by checking out the Omnipay library, and the store_check example extension. If you wish to receive a quote for us to develop the gateway, simply email [email protected] with the name of the gateway, and a link to (or copy of) the documentation.



The Dummy payment gateway is only to be used in demonstration and testing scenarios. Any card number ending in an even number will be authorized (e.g. ‘4242424242424242’). Any card number ending in an odd number will be declined. (e.g. ‘4111111111111111’).

The following fields must be submitted:

  • name
  • card_no
  • exp_month
  • exp_year
  • csc



The manual payment gateway serves a special purpose in Store. When you need to accept cheque or bank deposit payments, you should use the manual payment gateway. The gateway simply authorizes all payments, allowing the order to proceed. You may then manually mark the payment as “captured” in the Store control panel when payment is received.

If you wish to have more than one manual payment gateway available to your customers, you can create additional gateways using the extension hooks. For an example, see the store_check extension.



Stripe is an on-site payment gateway. However, it is much easier to set up than most on-site payment gateways, because it uses Elements, Stripe’s Javascript library to convert credit card details into a secure token, before sending data to your server. This means that you don’t have to worry about the usual PCI DSS requirements for handling sensitive credit card details, since they are never sent to your server.

Because the card details are not submitted to your server, you should not give them name="" parameters as necessary with other payment gateway providers. Instead, you should create form inputs like the attributes below, so that Stripe’s javascript library can find them. You can also find a sample of this in the templates/checkout-stripe.html template.

    <div class="control-group">
        <label for="card-number-element">Card Number</label>
        <div id="card-number-element" class="checkout-stripe-input"></div> <!-- A Stripe Element will be inserted here. -->
        <div id="card-number-errors" role="alert"></div> <!-- Used to display Element errors. -->

    <div class="control-group">
        <label for="card-cvv-element">Card CVV</label>
        <div id="card-cvv-element" class="checkout-stripe-input"></div>
        <div id="card-cvv-errors" role="alert"></div>

    <div class="control-group">
        <label for="card-expiry-element">Card Expiry</label>
        <div id="card-expiry-element" class="checkout-stripe-input"></div>
        <div id="card-expiry-errors" role="alert"></div>

Stripe requires some extra Javascript to be added to your Checkout or Payment form.

  • There is a convenient module tag that can be added to your checkout page to easily set up what you need.
    {exp:store:stripe_js} This tag accepts a single argument publishable_api_key which will contain your public Stripe key. Example: {exp:store:stripe_js publishable_api_key="pk_test_stripe_key"}

  • You can also choose to customize your markup and manually add the Javascript needed to collect card information, please see the Stripe Documentation. By default, Store only provides the minimum fields required for a Stripe payment to be processed. Store is not opinionated about the end users implementation or what additional fields are collected during checkout (such as name, address, etc.). If you opt to customize your markup, this may mean that you won’t be able to apply the example {exp:store:stripe_js} tag mentioned above.

If you decide to customize your checkout process and utilize your own Javascript instead of the {exp:store:stripe_js} tag provided, then a hidden field will need to be added to the last {exp:store:checkout} tag when your payment is submitted.

  • <input type="hidden" name="commit" value="commit" />

####Stripe Multilingual notes Stripe Elements will accept a two letter language abbreviation if you need to change the English language default. Stripe’s current supported values are: ar, da, de, en, es, fi, fr, he, it, ja, lt, ms, nl, no, pl, ru, sv, zh

If you opted to use the {exp:store:stripe_js} template tag solution, there is a language parameter available if you’d like to specify a different language. As an example, if you have specified a language in a global variable, such as $assign_to_config['global_vars']['language'] = "de";, then you could call the template tag like {exp:store:stripe_js publishable_api_key="pk_test_stripe_key" language="{language}"}. Similarly, if you have enabled other third party multilingual extensions, you could pass in options such as {transcribe:language_abbreviation} or {publisher:current_language_code} to the language parameter to change the default.

Sage Pay Direct


Sage Pay Direct is an on-site payment gateway. The following fields must be submitted:

  • name
  • card_no
  • exp_month
  • exp_year
  • csc

Be sure to set the correct currency code and currency symbol under Expresso Store General Settings. If your Sage Pay provider isn’t set up to accept the currency you provided, then a Credit Card processing error will be returned during checkout.

Sage Pay Server


Sage Pay Server is an off-site payment gateway. No extra configuration is necessary.

Be sure to set the correct currency code and currency symbol under Expresso Store General Settings. If your Sage Pay provider isn’t set up to accept the currency you provided, then a Credit Card processing error will be returned during checkout.

PayPal Express


PayPal Express Checkout is an off-site payment gateway. PayPal is probably the most well-known and easy to set up payment gateway.

PayPal Express Checkout requires an API Username, Password, and Signature. These are different from your PayPal account details. You can obtain your API details by logging in to your PayPal account, and clicking Profile > My Selling Tools > API Access > Request/View API Credentials > Request API Signature.



Mollie is an off-site payment gateway available in the Netherlands, which supports iDEAL. No extra configuration is necessary.