It is not entirely clear what this API is called. It operates as a RESTful API, and can operate entirely direct server-to-server.
There is also a sagepay.js script that allows a temporary card token to be generated from the user's browser. That would be the most common use-case for this API, and lowers the PCI requirements considerably. However, using the JavaScript on the front end is not mandatory nor a necessity.
It is not entirely clear what this API is called. It operates as a RESTful API, and can operate entirely direct server-to-server.
There is also a
sagepay.js
script that allows a temporary card token to be generated from the user's browser. That would be the most common use-case for this API, and lowers the PCI requirements considerably. However, using the JavaScript on the front end is not mandatory nor a necessity.