The NMI gateway accepts online payments through three integration styles: a hosted checkout page, the Collect.js client-side tokenization library, and direct-post / three-step server APIs for custom builds. All three feed the Customer Vault, so an online store can tokenize cards for card-on-file and recurring billing. The right choice depends on how much of the payment flow you want to control versus how little PCI scope you want to carry.
The three integration methods
Hosted checkout
Redirect to an NMI-hosted payment page. Lowest PCI scope, least customisation, fastest to launch.
Collect.js
Secure iframe fields embedded in your own checkout. Native look, tokenized data, low PCI scope.
Direct-post / 3-step API
Full server-side control for custom flows. More PCI responsibility, maximum flexibility.
People also ask about NMI e-commerce payments
What is Collect.js?
Collect.js is NMI's JavaScript library that renders card fields as secure iframes hosted by the gateway. The shopper types their card into NMI's iframe, not the merchant's form, and the merchant's server receives only a payment token. Because raw card data never touches the merchant site, Collect.js dramatically reduces PCI scope while keeping the checkout visually native to the store.
Does NMI work with my shopping cart?
NMI integrates with many carts and platforms via plugins and via its APIs. Whether a ready-made plugin exists for your specific platform depends on the platform and on the reseller that provisioned your gateway — some resellers maintain their own connectors. For custom platforms, the direct-post and three-step APIs cover anything a plugin would.
Can I take recurring online payments?
Yes. Tokenize the card once into the Customer Vault at checkout, then schedule recurring charges against the token — the standard pattern for subscriptions, memberships, and installment plans. See the gateway overview.
PCI scope — the deciding factor
The more card data your servers touch, the larger your PCI assessment. Hosted checkout and Collect.js keep the card on NMI's side, qualifying most merchants for the lighter SAQ A or SAQ A-EP. A full server-side direct-post integration that handles raw card data pushes you toward the heavier SAQ D. For most online stores, Collect.js is the sweet spot between control and compliance burden.
FAQ
How does NMI handle online payments?
Through hosted checkout, the Collect.js tokenization library, and direct-post/three-step APIs — all feeding the Customer Vault for card-on-file and recurring billing.
What is Collect.js?
A JavaScript library that captures cards in secure iframes and returns a token, keeping card data off your servers and reducing PCI scope.
Will it work with my cart?
Often via a plugin, always via the API. Plugin availability depends on the platform and your reseller.
Can I do subscriptions?
Yes — tokenize once, then schedule recurring charges against the token.