Quickstart The Allpay payment API documentation is adapted for AI understanding.
To get started, simply create a new integration in Allpay, provide your AI service with the API login and API key of that integration, share the API documentation link , and ask it to implement the integration strictly according to the documentation.
Detailed instructions and prompt examples are provided below.
General recommendations Before integrating payments, make sure the core functionality of your website is ready. For example, if you are building an online store, the following should already be implemented: product pages, checkout flow, customer account for order tracking, shipping methods and pricing etc.
Start by integrating standard payments and fully testing them. Only after that should you move on to enhancements such as discounts, installments, on-site payment and other features.
Always ask the AI to perform one task at a time. Do not combine multiple actions in a single prompt, and do not move on to the next step until the current one is completed and verified.
Allpay Payment API integration guide <span class="u-richtext-counter">1</span> In Allpay, go to <span class="u-richtext-element">Settings</span> → <span class="u-richtext-element">Integrations</span> → <span class="u-richtext-element">My sites</span>, enter the name of your AI platform, and generate an API login and API key.
<span class="u-richtext-counter">2</span> Find where your AI platform stores secrets (environment variables).
You may ask the platform where exactly the API key should be stored, but never send the API key in plain text in the chat. <span class="u-richtext-counter">3</span> Use the prompt below to integrate payments. Insert your API login and the name of the variable where the API key is stored. Adapt the prompt to your project’s logic if needed.
Prompt template for Allpay API integration Integrate the Allpay payment system strictly in accordance with the official API documentation:
https: //www.allpay.co.il/api-reference
Mandatory rules
- Apply the documentation literally, without interpretation.
- Do not invent parameters, fields, variables, transformations, or algorithms.
- The Allpay documentation is the only canonical and authoritative source of truth.
Request and webhook signature (critical)
- Use only the signature algorithm described in the Signature section of the Allpay documentation.
- Do not describe, modify, optimize, or reinterpret the signature algorithm.
The same algorithm must be used for :
- signing payment creation requests;
- verifying webhook signatures after a successful payment.
Important clarification regarding webhook data
- Webhook signature verification must be performed exactly on the data received from Allpay.
- Do not make assumptions about data types (string / number / object) and do not change the algorithm because of them.
- If parameter values arrive as numbers, objects, or JSON strings, process them exactly as specified in the documentation, without any independent “logic fixes”.
It is strictly forbidden to:
- change the signature algorithm based on data types;
- add transformations not described in the documentation;
- make assumptions about Allpay’s internal implementation.
Documentation priority
For any of my subsequent requests related to:
- payments,
- order statuses,
- webhooks,
- discounts,
- Hosted Fields,
- redirect-based payments,
always consult the Allpay documentation first.
If my instructions or any previous answers contradict the documentation, follow the documentation.
Integration data
API login: [insert your API login]
API key is stored in an environment variable: [insert the variable name]
<span class="u-richtext-counter">4</span> Enable test mode for the integration in Allpay and use test card data to verify payments. Make sure to disable test mode before going live.
A video walkthrough of payment integration with Lovable
Troubleshooting tips If you encounter issues:
insist on strict adherence to the API documentation and share the documentation link; publish the project after executing a prompt before running the next test; ask the AI to output console errors and share screenshots of those errors for fixing (press F12 in the browser) verify that the API login and API key are copied correctly. Helpful prompts Hiding the Teudat Zehut field The Teudat Zehut (Israeli ID) field can be hidden on the payment page when payers are located outside Israel.
Based on the Allpay API documentation, configure Allpay so that the payment page does not request the customer’s Teudat Zehut number. Documentation: https: //www.allpay.co.il/api-reference
Implementing Hosted Fields Hosted Fields are used to accept payments directly on the website without redirection. They should be implemented only after redirect-based payments have been successfully set up and verified to work correctly. After that, you can ask to replace the redirect flow with Hosted Fields.
Note that some payment methods may not support Hosted Fields. Implement Allpay Hosted Fields according to this documentation: https: //www.allpay.co.il/en/help/hosted-fields
Modify the checkout logic so that after the customer enters their name and email, the iframe with card input fields appears on the same page and the payment is completed without redirection.
In Allpay you need to do 2 things to make Hosted Fields work:
<span class="u-richtext-counter">1</span> Switch the integration setting from redirect mode to Hosted Fields:
<span class="u-richtext-counter">2</span> Add your site domain in Hosted Fields settings:
Token-based recurring charges First, implement standard payments and make sure they work correctly. Then use the prompt below to implement the following logic:
<span class="u-richtext-counter">1</span> For each successful payment, you can request a token — an encrypted card fingerprint used for that payment.
<span class="u-richtext-counter">2</span> Save the received token.
<span class="u-richtext-counter">3</span> When it is time for the next charge, initiate a payment by sending Allpay the saved card token.
Use the UI recommendations for working with recurring payments.
You are responsible for ensuring that the customer has given you clear and explicit consent to recurring charges. Update the existing logic: add recurring payments to standard payments using Allpay tokens, strictly following the official Allpay documentation.
Key change: instead of re-entering card details, use token-based charges via the allpay_token parameter.
Payment flow logic
1 ) First payment (initial charge)
The customer’s first payment is processed as a regular Payment request in Allpay, according to the documentation.
2 ) Token request and storage
After a successful payment, request a card token according to the documentation:
https: //www.allpay.co.il/api-reference#tokens
Parameter: allpay_token.
Save the received allpay_token and link it to:
the user,
the subscription,
the payment method.
The allpay_token is stored as the primary payment identifier for the card and fully replaces the card for all future charges.
3 ) Recurrent (recurring) charges
When it is time for the next charge, create a new Payment request in Allpay according to the documentation:
https: //www.allpay.co.il/api-reference#payment-protocol
In the request:
pass the saved token in the allpay_token parameter,
pass all other required parameters described in the Payment request section.
If the allpay_token parameter is provided:
Allpay will process the charge automatically,
the response will contain the result — successful or failed charge.
4 ) Handling the Allpay response
If the charge is successful:
mark the payment as succeeded,
update the total charged amount for the subscription,
calculate and store the next charge date.
If the charge fails:
mark the payment as failed,
store the error reason from the Allpay response,
do not automatically change the subscription status (unless required by the site’s logic).
5 ) Subscription logic
Each subscription must have one valid allpay_token.
All subsequent charges for the subscription are performed only using this token.
A subscription cannot be created if the first payment was not successful and no token was obtained.
If a customer creates a new subscription and pays with a new card, you must request and store a new allpay_token. In this case , the database may store multiple cards for the same customer — one token per card.
For debugging and implementation, strictly follow the Allpay documentation:
https: //www.allpay.co.il/api-reference
Summary
The customer completes the first payment manually.
Upon successful payment, an allpay_token is requested and stored.
All subsequent automatic charges are performed using the token only.
When paying with a new card, a separate token is requested and stored for that card.
