Hosted Payment Page

You’re just a few steps away from integrating our Hosted Payment Page (HPP), offering your customers an intuitive checkout experience and a choice of payment methods.

Why will you love this solution?


Let us worry about PCI DSS SAQ A (that’s Payment Card Industry Data Security Standard Self-Assessment Questionnaire A, in case you wondered). You get the shoppers, we got your security.


There’s no need to reinvent the design wheel. Our dynamic templates adapt to your display requirements for device and screen size.


Make your Acquired HPP as handsome as the rest of your site. Upload HTML, CSS, JavaScript, image, and font files to our secure environment and watch magic happen.

Let's get started.


TYour unique HPP gets created in the Merchant section of the Acquired portal. To build or upload an HPP for a specific merchant ID (MID), go to Merchant > Company & MID > Create. Not sure if you’re in the right place? Take a look at the screenshot below:

Acquired Merchants List

It’s that easy. Now it’s time to customise your payment page. We’ve added a default template to the dashboard to get you started. Download and if you need some help, take a look here.


Access the API for your HPP using these endpoints:


This is where we tell you about the security checks in place to ensure that transactions submitted to Acquired by our merchants can be confirmed as genuine requests.

Verified Referring URL

Merchants redirect their customers to their HPP using a referring URL. We only accept requests from referring URLs whitelisted within the portal, so make sure you go to Merchant > Company & MID > HPP > Edit and let us know you’re legit.

Don't forget you must have at least one referring URL confirmed for the production environment. Referring URLs must always begin with https://.

Encrypted Tokens

We use encrypted tokens to assess the integrity of each merchant’s transaction data. If data does not pass our integrity check because the token is missing or mismatches the transaction data, we decline the transaction request. Merchant sites must submit a unique token to our API with every transaction request. Follow these steps to start generating your encrypted tokens:

  1. Sort transaction parameters - excluding your company key - alphabetically and then concatenate. Here is an example:

    amount . company_id . company_mid_id . currency_code_iso3 . merchant_order_id . transaction_type

    Take a look at Request Parameters, we’ve listed all the parameters to include with each transaction request.

  2. SHA256 encrypt the resulting string:

  3. 3. Append your company key to the string generated in step two, and SHA256 encrypt again


    Please contact to receive the company hash value.

Here is a sample of code to generate an encrypted token [IN LANGUAGE]:

"timestamp" : "20170612200234",
"company_id" : "133",
"company_pass" : " password ",
"company_mid_id" : " ",
"vt" : " ",
"useragent" : " ",
"request_hash" : "f0a18260b08a0bfacb.....",
" transaction " : {
  "merchant_order_id" : "20170612200234",
  "transaction_type" : "AUTH_ONLY",
  "subscription_type" : " ",
  "amount" : "100 ",
  "currency_code_iso3" : "GBP",
  "merchant_customer_id" : "100000087",
  "merchant_custom_1" : "C1",
  "merchant_custom_2" : " C2 ",
  "merchant_custom_3" : "C3" 
XML Code goes here...
$amount = "100.00"; 
$company_id = "133";
$company_mid_id = "1025";
$currency_code_iso3 = "GBP"
$merchant_order_id = "20160907_111"; 
$transaction_type = "AUTH_ONLY";
$company_hash = "hashcode";

$tmp = $amount . $company_id . $company_mid_id . $currency_code_iso3 . $merchant_order_id . $transaction_type . ""; 

//$tmp = 100.001331025GBP20160907_111AUTH_ONLY;

$tmp2 = hash ("256" , $tmp);

//$tmp2 = b9646f814518a42e74f0a5cc2438881ec4dfc7f6f7ce39471e13a5a1c262c262;

$tmp3 = $tmp2 . $mid_hash . "";

//$tmp3 = b9646f814518a42e74f0a5cc2438881ec4dfc7f6f7ce39471e13a5a1c262c262hashcode;

$hash = hash ("256" , $tmp3);

$hash = "6da23f6be1a2ea1d2a7687c6a84d0d7e3213c56915f9768bc5f74d5e6f968775";


END OF COPY - Request

A form with hidden html fields containing the customer order data must be integrated into the merchants referral page, i.e. the final page on the merchant's website prior to redirecting the customer to the Acquired environment. This order data is then submitted via a POST to Acquired, the payment page is then loaded and the customer will be prompted to enter their sensitive cardholder data. Please see the example below:

Request Parameters

Although there are limited mandatory fields required in order to process a HPP transaction, we recommend supplying additional information as part of the request in order to fulfil additional security checks such as AVS (where available).

Parameter Format Length Description
int 1-4 API Company ID issued by Acquired to the merchant.
int 1-11 API MID ID issued by Acquired to the merchant.
string 65 Security hash value. Please see here.
vt boolean 1 Additional parameter to flag a transaction as MOTO. Should be included if process payments over the phone or via an IVR solution.
string 1-50 The unique ID used by the merchant to identify the transaction.
string 1-20 The transaction type being performed.
string 3 The ISO 4217 3-digit currency code of the currency used in the transaction.
int 1-11 The amount of the transaction.
boolean 1 Flag to enable 3-D Secure authentication check.
merchant_customer_id string 0-50 The unique customer ID used by the merchant to identify the customer.
merchant_custom_1 string 0-50 Merchant custom data.

For merchants categorised as MCC 6012, the customer_lname, customer_dob and billing_zipcode parameters must be submitted in the request to comply with Scheme Mandates. If you are unsure of your MCC classification please contact