Overview
TurnStay is a payment processing service built for the travel and hospitality industry. It provides a hosted payment page so your customers can pay by card without you ever handling sensitive card data.
How it works
Section titled “How it works”- Your server creates a Payment Intent via the API (amount, currency, reference).
- TurnStay returns a hosted payment URL.
- You redirect the customer to that URL.
- The customer pays on TurnStay’s secure, PCI-compliant page.
- TurnStay notifies your server via callback or webhook.
- The customer is redirected back to your website.
You never handle card numbers, CVCs, or any PCI-sensitive data. TurnStay is PCI DSS v4.0.1 certified and handles 3D Secure authentication automatically.
Key concepts
Section titled “Key concepts”| Concept | Description |
|---|---|
| Payment Intent | A record representing a single payment request. Contains the amount, currency, customer info, and redirect URLs. |
| Billing Amount | The amount in your account’s currency, always in minor units (cents). R1,000 = 100000. |
| Processing Currency | The currency the customer actually pays in. May differ from billing currency for foreign cards. TurnStay handles FX automatically. |
| Hosted Payment Page | A TurnStay-hosted page where the customer enters card details. You never see or handle card data. |
| Callback | A server-to-server HTTP POST from TurnStay to your server when a payment completes. |
| Merchant Reference | Your own reference ID (booking number, invoice number). Echoed back in all responses and callbacks. |
Integration options
Section titled “Integration options”| Method | Use case | PCI scope |
|---|---|---|
| Hosted Checkout | Customer-facing checkout — redirect to TurnStay’s payment page | Minimal |
| Server-to-Server (S2S) | Virtual cards, automated payments, MOTO | Higher — you handle card data server-side |