The URL returned by Trustly's API must be accessed using HTTPS GET (but the JSON-RPC calls to Trustly's API should be sent using HTTPS POST).
A merchant can display the Trustly URL to the end-users in a few different ways:
- Load the Trustly URL in an iframe or lightbox
- Make a redirect to the Trustly URL
- Use a webpage designed by the merchant but hosted by Trustly (TemplateURL)
iframe with sandbox attribute
If the Trustly URL is loaded in an iframe with the "sandbox" attribute set, please note that you need to set "allow-popups-to-escape-sandbox".
In order to offer the best experience and safety, Trustly works best in the newest and prior 2 versions of these browsers. Browsers that are no longer maintained are kept out of this list.
- iOS Safari
- Chrome for Android
- Samsung Internet
- Microsoft Edge
Trustly could still function together with browsers and versions that are not listed here, despite us not including them in our quality assurance checks.
Pay by link
For merchants that want to send payment links to their customers via SMS or email, please note that the link must point to a merchant-hosted page. Once the customer visits this page, the merchant should send the API call to Trustly.
It's important that the API call is not sent before the customer clicks on the link, since the Trustly URL will only be valid for 10-30 minutes before a timeout is reached.
There are different requirements for desktop, mobile, and native app implementations.
For more information, please see our Service Presentation Guidelines.
Updated 10 months ago