Hosted payment form
Overview
Section titled “Overview”The hosted payment form lets you redirect a customer to a Tilt-hosted page for card entry. Tilt handles the card capture, tokenization, and charge. Your application never touches card data.
- Your server creates an order via
POST /pos/v1/orderswithreturn_urlandcancel_url - The response includes a
hosted_checkout_url(time-bounded, single-use) - You redirect the customer’s browser to
hosted_checkout_url - Customer enters their card on the Tilt-hosted page
- On success: browser is redirected to
return_url?order_id=…&status=paid - On cancel: browser is redirected to
cancel_url - Your server also receives a
payment.approvedwebhook event
Create an order with a hosted checkout URL
Section titled “Create an order with a hosted checkout URL”POST /pos/v1/orders{ "location_id": "uuid", "total_cents": 5000, "description": "Fleet service — INV-001", "external_reference": "INV-001", "return_url": "https://yourapp.example.com/orders/INV-001/success", "cancel_url": "https://yourapp.example.com/orders/INV-001/cancel", "level3": { ... }}Response:
{ "order_id": "uuid", "status": "open", "hosted_checkout_url": "https://pos.dev.apps.myfinterra.com/checkout?token=eyJ…", "expires_at": "2024-01-15T10:35:00Z"}The hosted_checkout_url is valid for 5 minutes and can only be used once.
Brand customisation
Section titled “Brand customisation”The hosted page renders with your partner’s brand configuration (logo, primary colour, button style) set in the admin portal → Brand settings. No additional parameters needed.
return_url parameters
Section titled “return_url parameters”On successful payment the customer is redirected to:
{return_url}?order_id=<uuid>&status=paidOn failed payment they remain on the hosted page to retry.
Security
Section titled “Security”- The checkout URL contains a short-lived signed token — treat it as a secret and do not log or expose it
- The URL is single-use — a second visit after payment returns
410 Gone - No card data ever touches your servers