Frequently Asked Questions

Common questions and answers for Cyrexa Host-to-Host payment integration.

Getting Started

Q: How do I get API keys for testing?

A: Sign up for a Cyrexa merchant account and access your dashboard to retrieve sandbox API keys. Production keys are available after account verification.

Q: What’s the difference between sandbox and production?

A:
  • Sandbox: Testing environment with simulated responses, test cards, and fake transactions
  • Production: Live environment processing real payments with actual money

Q: How long does account verification take?

A: Typically 1-3 business days. You can start testing with sandbox immediately while verification is in progress.

Integration

Q: Which programming languages are supported?

A: Cyrexa H2H is a REST API that works with any language that can make HTTP requests. We provide examples in:
  • JavaScript/Node.js
  • Python
  • PHP
  • cURL

Q: Do I need to store card details?

A: No, Cyrexa H2H is designed for server-to-server payments without storing sensitive card data on your servers. Card details are handled securely by our payment processors.

Q: Can I use H2H for mobile apps?

A: H2H is designed for server-to-server communication. For mobile apps, use our mobile SDKs or implement H2H on your backend server.

Payment Methods

Q: Which payment methods are supported?

A:
  • Credit/Debit Cards (Visa, Mastercard, Amex, Discover)
  • UPI (India)
  • Google Pay
  • Apple Pay
  • Alternative payments (bank transfers, BNPL)

Q: How do I add new payment methods?

A: Contact our support team to enable additional payment methods for your account. Some methods may require additional verification.

Q: Are there country restrictions?

A: Payment method availability varies by country. Check our payment methods guide for specific regional support.

Webhooks

Q: Are webhooks required?

A: While not mandatory, webhooks are strongly recommended for real-time payment status updates and better user experience.

Q: What happens if my webhook endpoint is down?

A: We retry webhook deliveries with exponential backoff for up to 24 hours. You can also poll the payment status endpoint.

Q: How do I verify webhook authenticity?

A: Use HMAC SHA512 signature verification with your webhook secret: 
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha512', secret)
    .update(payload)
    .digest('hex');
  return signature === expectedSignature;
}

Security

Q: How secure is the H2H API?

A:
  • PCI DSS Level 1 compliant
  • TLS 1.2+ encryption
  • API key authentication
  • Webhook signature verification
  • Fraud detection and prevention

Q: Should I validate payments on my server?

A: Yes, always verify payment status using our API or webhooks. Never rely solely on client-side confirmation.

Q: How do I handle sensitive data?

A:
  • Never log API keys or webhook secrets
  • Use environment variables for credentials
  • Implement proper access controls
  • Follow PCI DSS guidelines

Testing

Q: What test cards should I use?

A: Use our provided test cards:
  • Success: 4111111111111111
  • Declined: 4000000000000002
  • 3DS Required: 4000000000003220
See our Testing Guide for complete test data.

Q: How do I test webhooks locally?

A: Use ngrok to expose your local server: 
ngrok http 3000
# Use the HTTPS URL as your webhook endpoint

Q: Can I test 3D Secure flows?

A: Yes, use specific test cards that trigger 3DS authentication in sandbox mode.

Errors & Troubleshooting

Q: Why am I getting 401 Unauthorized?

A: Check that:
  • API key is correct
  • X-API-Key header is included
  • Using the right environment (sandbox/production)

Q: Payment shows as pending but never completes

A:
  • Check webhook delivery
  • Verify webhook signature handling
  • Poll payment status endpoint
  • Review error logs

Q: How do I handle rate limits?

A: Implement exponential backoff and respect the Retry-After header: 
async function retryWithBackoff(fn, maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      return await fn();
    } catch (error) {
      if (error.status === 429 && i < maxRetries - 1) {
        const delay = Math.pow(2, i) * 1000;
        await new Promise(resolve => setTimeout(resolve, delay));
        continue;
      }
      throw error;
    }
  }
}

Payments & Transactions

Q: What’s the maximum transaction amount?

A: Limits vary by payment method and region:
  • Credit Cards: Typically $10,000 USD
  • UPI: ₹1,00,000 INR per transaction
  • Contact support for higher limits

Q: How long do payments take to process?

A:
  • Credit Cards: Instant (few seconds)
  • UPI: Instant
  • Bank transfers: 1-3 business days
  • Alternative payments: Varies by method

Q: Can I refund payments?

A: Yes, use the refund endpoint or contact support. Refund availability depends on the payment method and processor.

Q: How do I handle partial payments?

A: H2H processes full amounts only. For partial payments, create multiple payment requests or implement split payments in your application logic.

Business & Billing

Q: What are the transaction fees?

A: Fees vary by payment method, transaction volume, and region. Contact our sales team for detailed pricing.

Q: When do I get paid?

A: Settlement schedules depend on your merchant agreement, typically:
  • Daily settlements for established merchants
  • Weekly settlements for new merchants

Q: Can I use multiple currencies?

A: Yes, we support multiple currencies. Available currencies depend on your account configuration and payment methods.

Development

Q: Is there a Postman collection?

A: Yes, we provide a Postman collection with pre-configured requests and environments. Contact support for access.

Q: How do I handle timeouts?

A: Set appropriate timeouts and implement retry logic: 
const axios = require('axios');

const client = axios.create({
  timeout: 30000, // 30 seconds
  retry: 3,
  retryDelay: 1000
});

Q: Can I customize the payment flow?

A: H2H provides server-to-server payment processing. For custom UI flows, combine H2H with our frontend SDKs or build your own interface.

Q: How do I migrate from another payment provider?

A:
  1. Set up Cyrexa account and test integration
  2. Run parallel processing during transition
  3. Gradually migrate traffic
  4. Contact our migration team for assistance

Support

Q: How do I contact support?

A:

Q: What information should I include in support requests?

A:
  • Error codes and messages
  • Request IDs
  • Timestamps
  • Steps to reproduce
  • Code samples (remove sensitive data)

Q: Do you offer implementation support?

A: Yes, we provide technical support during integration. Premium support packages are available for complex implementations.

Compliance

Q: Are you PCI compliant?

A: Yes, Cyrexa is PCI DSS Level 1 compliant. Your H2H integration doesn’t handle card data directly, reducing your PCI scope.

Q: What about GDPR compliance?

A: We’re GDPR compliant and provide data processing agreements. Ensure your implementation follows GDPR requirements for customer data.

Q: Do you support Strong Customer Authentication (SCA)?

A: Yes, we support 3D Secure 2.0 for SCA compliance in European markets.

Still Have Questions?

Contact Support

Get help from our technical team

Error Guide

Troubleshoot common issues

Testing Guide

Test your integration

API Reference

Complete API documentation