surfboard_white
Sign in →Book a demo
Developers Guides Server-to-Server API

Server-to-Server API

Process online payments entirely from your backend with Merchant Initiated Transactions. Full control over recurring payments, subscriptions, and tokenized card flows.

Online API Server-to-Server MIT Tokenization

Overview

Merchant Initiated Transactions (MIT) allow you to initiate payments on behalf of customers entirely from your backend. This is the foundation for subscription billing, recurring charges, and any scenario where you need to charge a stored card without the customer being present.

The flow has two stages: the customer completes an initial payment (which tokenizes their card), then you use the stored token for subsequent charges.

Prerequisites

  1. Create a developer account at the Developer Portal
  2. Complete onboarding (merchant and store setup)
  3. Register two terminals:
    • A PaymentPage or SelfHostedPage terminal for the initial customer payment
    • A MerchantInitiated terminal for subsequent server-to-server payments

Stage 1: Initial Customer Payment

The first payment must be initiated by the customer. This step collects and tokenizes the card details.

Step 1: Create Order with Tokenization

Use the Create Order API with enforceTokenization set to true:

POST /merchants/:merchantId/orders
{
  "terminal$id": "YOUR_PAYMENT_PAGE_TERMINAL_ID",
  "orderLines": [
    {
      "id": "SUB-001",
      "name": "Monthly Subscription",
      "quantity": 1,
      "amount": {
        "total": 29900,
        "currency": "752"
      }
    }
  ],
  "controlFunctions": {
    "enforceTokenization": true,
    "initiatePaymentsOptions": {
      "paymentMethod": "CARD",
      "amount": 29900
    }
  }
}

Step 2: Customer Completes Payment

The customer enters their card details on the payment page or your self-hosted checkout. Once payment completes, the card is tokenized and saved against the order.

Step 3: Retrieve the Token

After the payment completes, call the Fetch Tokens from Orders API to retrieve the tokenId and card information:

GET /merchants/:merchantId/orders/:orderId/tokens

Store the tokenId securely against the customer in your system. You will use it for all future charges.

Warning: Store tokens securely on your backend. Never expose token IDs to the client or include them in frontend code.

Stage 2: Merchant Initiated Payments

With the tokenId stored, you can now charge the customer from your backend at any time.

Step 1: Create an Order

Create a new order using the MerchantInitiated terminal:

POST /merchants/:merchantId/orders
{
  "terminal$id": "YOUR_MIT_TERMINAL_ID",
  "orderLines": [
    {
      "id": "SUB-002",
      "name": "Monthly Subscription - February",
      "quantity": 1,
      "amount": {
        "total": 29900,
        "currency": "752"
      }
    }
  ]
}

Step 2: Initiate Payment with Token

Use the Initiate Payment API with the stored tokenId:

curl -X POST YOUR_API_URL/payments \
  -H 'Content-Type: application/json' \
  -H 'API-KEY: YOUR_API_KEY' \
  -H 'API-SECRET: YOUR_API_SECRET' \
  -H 'MERCHANT-ID: YOUR_MERCHANT_ID' \
  -d '{
    "orderId": "YOUR_ORDER_ID",
    "paymentMethod": "CTOKEN",
    "tokenId": "YOUR_TOKEN_ID"
  }'

Step 3: Check Order Status

Verify the payment result using the Fetch Order Status API:

GET /merchants/:merchantId/orders/:orderId/status

The status will be PAYMENT_COMPLETED on success or PAYMENT_CANCELLED / PAYMENT_FAILED otherwise. You can also receive real-time updates via webhooks.

Common Use Cases

Use CaseDescription
SubscriptionsCharge customers monthly/yearly on a schedule
Metered billingCharge variable amounts based on usage
Retry failed paymentsRe-attempt a charge after a soft decline
InstallmentsSplit a large payment into scheduled charges

Post-Payment Operations

Post-payment operations (refunds, receipts, reporting) work the same way as other online payment modes. Use the standard APIs:

Reference

Other Guides

in-store

Tap to Pay on iPhone SDK

Accept contactless payments directly on iPhone. Complete integration guide for Surfboard's iOS SoftPOS SDK -- from setup to production.

in-store

Android SoftPOS SDK

Turn Android devices into payment terminals with the Surfboard Android SoftPOS SDK. Complete integration guide from setup to production.

in-store

EMV Terminal Integration

Integrate traditional card-present terminals through Surfboard's unified API. From account setup to live payments in one guide.

online

Payment Page

Redirect customers to a Surfboard-hosted checkout page. The fastest way to accept online payments with minimal integration effort.

in-store

Inter-App Integration

Integrate your POS app with CheckoutX using native app switch. Register terminals, process payments, and scan NFC tags through a bi-directional deep link flow.

online

Self-Hosted Checkout

Embed a payment form directly in your web app with the Surfboard Online SDK. Full UI control with Surfboard handling PCI compliance.

online

Create an Order

Learn how to create orders with line items, tax, customer details, and control functions. The starting point for accepting payments with the Surfboard API.

online

Merchant Onboarding

Set up merchants and stores on the Surfboard platform. Walk through the full onboarding flow from merchant creation to KYB completion and store setup.

online

Payment Lifecycle

Manage the full payment lifecycle from order creation through capture, void, cancel, and refund operations using the Surfboard Payments API.

online

Capture a Payment

Finalize a previously authorized payment by capturing funds. Covers delay capture and pre-authorization flows with step-by-step API examples.

in-store

Terminal & Device Management

Manage payment terminals and devices via the Surfboard API. Register in-store and online terminals, configure settings, and handle device operations.

online

Cancel a Payment

Stop an in-progress payment before it completes. Use cancellation when a customer abandons checkout or a payment needs to be halted mid-process.

online

Webhooks & Notifications

Receive real-time event notifications via webhooks, email, Slack, and SFTP. Subscribe to payment events and settlement reports for merchants and partners.

online

Recurring Payments

Implement subscription billing and recurring charges using tokenization, recurring payment configuration, and Merchant Initiated Transactions.

online

Void a Payment

Reverse a completed payment before settlement. Voiding stops funds from transferring to the merchant's account, avoiding incorrect transactions.

in-store

Receipts

Generate, email, print, and customise receipts for in-store transactions using the Surfboard Receipts API.

online

Refund an Order

Process a full refund by creating a return order with negative quantities. Covers the complete refund flow with API examples and payment method requirements.

online

Partial Refund

Refund specific items or a reduced amount from a completed order. Process partial returns by creating a return order with only the items to be refunded.

in-store

Tips Configuration

Configure tipping on Surfboard payment terminals at the merchant, store, or terminal level using a hierarchical override model.

in-store

NFC Tag Reading

Use the NFC Reading API to create tag-reading sessions on payment terminals, scan NFC/RFID-tagged products, and retrieve scanned tag data.

online

Partial Payments

Split an order across multiple payment methods or transactions. Accept card, cash, and Swish in any combination to settle a single order.

in-store

Multi-Merchant Terminals

Set up shared payment terminals for multiple merchants using the Multi-Merchant Group API. Ideal for food courts, events, and co-located businesses.

online

Store Management

Create, update, verify, and manage in-store and online stores using the Surfboard Payments Store APIs.

online

Gift Cards & Promotions

Issue and manage gift cards, track transactions, and create marketing promotions using the Surfboard Payments APIs.

online

Product Catalog

Create and manage product catalogs, products, variants, inventory levels, and analytics through the Catalog API.

online

Settlements & Reporting

Retrieve settlement reports, view adjustments, manage merchant charges, and register customer profiles for reconciliation and billing.

online

Account & Service Provider Management

Create merchant and partner accounts, manage user roles, register service providers, and configure external notifications via the Surfboard API.

online

Payment Methods

Activate, deactivate, and list payment methods for a merchant. Manage card, Swish, Klarna, AMEX, Vipps, MobilePay, and more via the API or Partner Portal.

online

Client Auth Tokens

Generate client-side authentication tokens for secure API access from browsers and mobile apps without exposing your API key or secret.

online

Partner Branding

Configure white-label branding for terminals and payment pages. Set colors, fonts, logos, and cover images at the partner level via API or Partner Portal.

Ready to get started?

Create a sandbox account and start building your integration today.

Create Sandbox Account All Guides