Magento Payment Gateway: How to Accept Payments on Adobe Commerce
Magento, now Adobe Commerce, is one of the most widely deployed e-commerce platforms for mid-market and enterprise merchants. Its flexibility and extensibility make it a strong platform choice, but the payment gateway decision is separate from the platform decision and carries its own set of evaluation criteria. The right gateway for a Magento store depends on the merchant's transaction volume, supported currencies, payment methods required, and, critically, whether the merchant operates in a standard or high-risk category. This guide covers how to evaluate, integrate, and optimise a payment gateway on Magento.
Payment Gateway Options for Magento and Adobe Commerce
Magento's open architecture supports any payment gateway that provides either a Magento 2 extension or a REST API that can be integrated into the checkout flow. The platform itself does not dictate which gateway you use, which is both a strength and a challenge: you have genuine choice, but you must evaluate options rather than defaulting to a pre-selected partner.
Native Magento integrations (bundled modules) include a few gateways by default, but these are not necessarily the most competitive options commercially. The Magento Marketplace and third-party extension repositories contain hundreds of payment modules from gateway providers, each at various stages of maintenance and compatibility with current Magento versions.
For most serious Magento deployments, the gateway decision comes down to: which provider offers the best commercial terms for my transaction volume and merchant category, and which technical integration approach is most appropriate for my development resources and PCI compliance goals.
Standard vs high-risk: Merchants in standard categories (retail, electronics, clothing) have access to the full range of gateway options. Merchants in high-risk categories (adult content, gambling, forex, CBD, nutraceuticals) find that the majority of mainstream Magento payment extensions connect to gateways that will not accept their business type. They need a gateway that specialises in high-risk acquiring. A high risk payment gateway with a Magento integration is a significantly narrower market, and finding one that offers both solid Magento compatibility and genuine high-risk acquiring capability requires specific due diligence.
How to Evaluate a Magento Payment Gateway
Choosing the right gateway for your Magento store involves evaluating several dimensions beyond just the headline processing rate.
Pricing model: Blended rate pricing hides your real cost. An IC++ model shows exactly what you pay in interchange fees, card scheme fees, and the gateway's markup. For Magento merchants processing significant volume, the difference between a blended rate of 1.5% and IC++ at 0.45% markup can be thousands of euros per month. Request a detailed fee schedule before committing.
PCI DSS compliance: Confirm the gateway is PCI DSS Level 1 certified, the highest certification level. Using a Level 1 certified gateway dramatically reduces the merchant's own PCI compliance burden. With a hosted checkout or drop-in UI integration, the merchant qualifies for SAQ A, the simplest self-assessment form.
Supported payment methods: Verify the gateway supports the payment methods your customers use. For European Magento stores, this typically includes Visa, Mastercard, American Express, Apple Pay, Google Pay, and potentially open banking transfers or local payment methods specific to your target markets.
3D Secure 2 support: 3DS2 is required for most European card transactions under PSD2 Strong Customer Authentication rules. A gateway that does not properly implement 3DS2 creates both compliance risk and conversion problems as transactions decline at the 3DS authentication step.
Magento version compatibility: Confirm the gateway's Magento module is actively maintained and compatible with your specific Magento version. Abandoned modules create security risks and break with Magento updates. Check the module's update history and the provider's commitment to Magento-specific support.
Settlement timing: Settlement in 24-48 hours is standard for well-run gateways. Some providers hold funds for 3-7 days, which creates cash flow pressure for merchants with high inventory turnover.
Integration Methods for Magento: Module vs API vs Hosted Page
Magento payment integrations fall into three technical approaches, each with different implications for your development team and PCI compliance posture.
Magento module (extension): The most common approach. The gateway provides a Magento 2 module that installs via Composer. Once installed and configured with your API credentials, the module adds the gateway as a payment option in the Magento checkout. The module handles tokenisation, 3D Secure redirects, and webhook processing within the Magento framework. For merchants with standard development resources, this is the fastest path to production.
REST API integration: For merchants with custom checkout flows, headless Magento architectures, or specific requirements that a pre-built module does not satisfy, a direct REST API integration offers full control. The Magento frontend calls the gateway's API directly or via a backend service. This requires more development effort but allows complete customisation of the payment experience.
Hosted payment page: The customer is redirected to the gateway's hosted page at checkout, completes payment there, and is returned to the Magento order confirmation page via a redirect. This approach requires the least development work and the lowest PCI compliance burden, but involves the customer leaving the Magento store during payment, which can negatively affect conversion rates.
For most production Magento deployments, the module approach with a drop-in UI (iFrame-based card entry within the native checkout) offers the best balance of development effort, PCI compliance simplicity, and checkout conversion performance. Full API documentation is available at app.roxpay.eu/api/v4/docs.
High Risk Merchants on Magento: What You Need to Know
Merchants in categories considered high risk by acquiring banks face a specific challenge on Magento: the majority of available payment modules connect to gateways that will not process their transactions. Attempting to onboard with a standard gateway while operating a high-risk business typically results in account termination after the underwriting review completes, leaving the merchant with an integrated but non-functional payment system.
Categories requiring a specialist gateway: Adult content, online gambling and gaming, forex trading platforms, CBD and hemp products, nutraceuticals with unverified health claims, subscription businesses with high chargeback histories, and businesses selling in markets with elevated fraud rates all fall into high-risk categories that require a specialist acquiring relationship.
What high-risk Magento merchants need: A gateway with genuine high-risk acquiring relationships (not a standard gateway that claims to accept high-risk merchants as a marketing statement), a Magento module or documented API integration, and a support team familiar with the specific compliance requirements of the merchant's vertical.
Chargeback management: High-risk merchants typically operate under stricter chargeback thresholds and may be required to maintain a rolling reserve. Integrating 3D Secure, implementing fraud velocity rules, and using clear billing descriptors are particularly important in high-risk categories to keep chargeback rates within acceptable ranges.
Underwriting timeline: High-risk merchant account applications require more documentation and a more thorough underwriting review than standard accounts. Merchants should factor 5-15 business days into their launch timeline for the underwriting process, even with a provider that specialises in rapid approvals.
Connecting RoxPay to Your Magento Store
RoxPay integrates with Magento via the REST API, allowing Magento merchants to use RoxPay's payment processing infrastructure within the native Magento checkout experience. The integration supports the full range of RoxPay payment methods including Visa, Mastercard, American Express, Apple Pay, Google Pay, and 40+ additional circuits.
Integration approach: RoxPay provides REST API documentation at app.roxpay.eu/api/v4/docs. For Magento-specific integration, a custom module can be built using the API documentation as the basis, or an existing Magento payment module framework can be adapted. The integration follows the payment intent pattern: create an intent on your server, mount the drop-in UI in the Magento checkout, handle the result via webhook.
High-risk capability: RoxPay specialises in high-risk payment processing, making it one of the few gateway options that both integrates with Magento and accepts merchants in adult content, gambling, forex, CBD, and other regulated categories.
Pricing: RoxPay uses IC++ pricing from 0.45% markup, settlement in 24-48 hours to any SEPA bank, and 99.9% uptime SLA. PCI DSS Level 1 certified (certificate QS83A47X629) and ISO 27001 certified.
To start your RoxPay application for a Magento integration, complete the online onboarding form indicating your e-commerce platform and merchant category. The partner team can advise on the most appropriate technical integration approach for your specific Magento setup and provide sandbox credentials for testing before the account goes live.
Frequently Asked Questions
Does RoxPay have a native Magento 2 module?
RoxPay integrates with Magento via its REST API. Merchants can build a custom Magento 2 module using the REST API documentation, or adapt an existing payment module framework. The RoxPay technical team can advise on the integration approach most appropriate for your specific Magento version and customisation requirements.
Can a high-risk merchant use Magento with RoxPay?
Yes. RoxPay specialises in high-risk payment processing and can serve Magento merchants in categories including adult content, gambling, forex, and CBD, which most standard gateway providers decline. The merchant account application for high-risk categories requires additional documentation and a more thorough underwriting review, but RoxPay's acquiring relationships are specifically structured to support these verticals.
What happens to my Magento integration if RoxPay updates its API?
RoxPay maintains versioned API endpoints. The current production API is at v4. When new API versions are released, prior versions are maintained for a defined deprecation period with advance notice to merchants. Your integration continues to function on the version it was built against until you choose to upgrade to the new version.
You might also like
High Risk Payment Gateway
Secure payment processing for high-risk industries with multi-acquirer routing and chargeback protection.
Small Business Payment Solutions
Transparent IC++ pricing, free Smart POS terminal, and 24-hour activation for small businesses.
E-commerce Payment Integrations
One-click plugins for Shopify, WooCommerce, Magento, and PrestaShop with full API access.
Optimize your payments today
RoxPay supports Magento merchants via REST API with IC++ pricing from 0.45%, high-risk category acceptance, and settlement to any SEPA bank in 24-48 hours. PCI DSS Level 1 certified.
✓ No monthly fixed costs · ✓ Activation in 24 hours · ✓ Dedicated technical support
