Forced or voluntary
When you create a payment form, you will see the option Force Sessions. This is a way to ensure that the payment form can only be accessed using a session. If you leave this option unchecked, it will be possible to access the form both using sessions and without.Workflow
In order to create a session, you need to callCreateSession
in the Web API. This requires a Payment Form permission for the access token. You should only call this method from your own server side and never directly from the application. If you do the latter, the user can get hold of the access token and create a session that has price set to zero and thus be able to execute the requests that should only be called upon a successful transaction.
To open a payment form using a session, you only need to provide the sessionId that you received using CreateSession
method.