Skip to main content


Bridge provides a single unified orchestration abstraction layer for your payments, enabling smart routing to multiple Payment Service Providers.

Integration Overview

Key Definitions#

Some useful definitions for key terminology used throughout the integration documentation.


Comcarde is our company name, and we initially developed Bridge with the same name. We are now rolling out the Bridge product name, but you will still see Comcarde used in domain and SDK names until the re-branding process is complete.

Merchant Account#

You can have one or more accounts with us, each tailored to a specific use case you may have.

An account defines things such as:


Represents a request to transfer funds between accounts at banks or other financial institutions.

Payment Service Provider#

A Payment Service Provider (PSP) offers merchants online services for accepting electronic payments by a variety of payment methods (payment instruments).

PSPs process payments via connections to Acquiring Banks and payment networks.

Payment Instrument#

Electronic instrument with which end users of payment systems transfer funds between accounts at banks or other financial institutions.

3D Secure#

3D Secure provides an additional layer of cardholder authentication when making electronic payments. Cardholders benefit from reduced risk of fraudulent activity on their account, and merchants benefit from fewer fraud related chargebacks.

The original implementation (3D Secure 1.0) added an extra layer of friction to the payment process, so to address these concerns 3D Secure 2.0 was created, which introduced a frictionless flow and integrates better with smart devices for a smoother overall experience.

3D Secure 2.0 satisfies the Strong Customer Authentication (SCA) requirements coming into effect for European merchants transacting with European customers.

API Keys#

You will need appropriate keys to access our API, which can be obtained by emailing

The keys will be specific to a Merchant Account, Environment (Sandbox/Production), and grouped into two main classes based on how they will be used.

  • Server API Keys must only be used in your server, and never exposed to your client applications.
  • Client API Keys will be provided for use in client applications to support features such as Comcarde Hosted Fields, Drop-In UI, 3D Secure, etc.

Server and Client API Key overview

Payment Flows#

Payments using Comcarde can be grouped into three main flows.

All payment flows involve the use of your Server API Key to ensure there are no unauthorized payments.

Tokenized Payment Flow#

Fully outsource all your cardholder data functions to Comcarde so that your platform qualifies for the simplest SAQ-A PCI Compliance Form level. In addition to cards, this flow also supports a number of digital wallet payment instruments such as Apple Pay, Google Pay, and PayPal.

This is the default payment flow as it offers the most benefits.

Tokenized Payment Flow Diagram

  1. Your server sends a Client API Key to your client (1).
  2. Comcarde PCI-DSS SAQ-D compliant Client SDKs, and systems collect payment data and generate tokens that can be safely handled by your PCI-DSS SAQ-A platform.
  3. Your client sends the payment token to your server, along with checkout information (3).
  4. Your server creates payments using tokenized Payment Instruments (4), which routes the request to an appropriate Payment Service Provider (PSP).

3D Secure Payment Flow#

3D Secure Payment Flow Diagram

By default 3D Secure 2.0 is applied to all payment requests made by your server, which may result in a 3D Secure additional action required response.

  1. Your server receives a 3D Secure additional action required response to a payment request.
  2. Your server passes the action payload to your client.
  3. Comcarde Client SDKs provide functionality to handle the action, producing a nonce which you pass back to your server.
  4. The nonce can be used to complete the payment using a ProviderThreeDSecureNonce Payment Instrument.

Please refer to the Comcarde REST API OpenAPI Specification, or Server SDK documentation, for more details on the ProviderThreeDSecureNonce Payment Instrument.

Note: Payment Service Providers may fall back to 3D Secure 1.0 if 3D Secure 2.0 is not available when the payment is made.

Card Payment Flow#

Your server creates a payment containing cardholder data via the Comcarde REST API (2), which routes the request to an appropriate Payment Service Provider (PSP).

Card Payment Flow Diagram


If you would like to try out integrating with us, we have a public Merchant Account available which can be used in our Sandbox environment to allow you to do this. More details can be found on our Testing page. To gain access to our public Merchant Account, please contact us by emailing