pelecard-payment-gateway
Pelecard Payment Gateway
Problem
Pelecard is a Payment Service Provider (PSP) and one of the largest Israeli card-acquiring aggregators, but its public documentation is scattered across a Postman workspace, a sandbox UI, a WordPress plugin listing, and third-party PHP libraries, with no single canonical reference. Agents that try to integrate Pelecard end up confusing the legacy gateway20 host with the production gateway21, picking the wrong ActionType (which silently changes whether money actually moves), or trusting a browser-side ConfirmationKey instead of re-verifying server-side. Each of those mistakes leaks revenue or, worse, ships an exploitable "free order" path to production.
Overview
Pelecard is a Payment Service Provider (PSP) and one of the largest Israeli card-acquiring aggregators. Card transactions are cleared on the Israeli Shva network (https://www.shva.co.il/, שב"א, Automated Banking Services); Pelecard handles merchant onboarding, the iframe payment surface, tokenization, and reconciliation on top of that.
Pelecard's dominant integration is an iframe payment page: your server posts a credentials triple (terminal + user + password) plus the transaction parameters to Pelecard, gets back a URL and a ConfirmationKey, and either redirects the user there or embeds the URL as an iframe. After the customer pays, Pelecard calls your server-side feedback URL with a PelecardStatusCode and ConfirmationKey. Store the Phase-1 ConfirmationKey server-side keyed by your order, then on the callback you MUST (a) match the callback ConfirmationKey byte-for-byte to the stored value and (b) re-call PaymentGW/GetTransaction to confirm DebitTotal and PelecardTransactionId before treating the order as paid.
This skill is for developers, product engineers, and Israeli small-business owners integrating Pelecard for the first time. It walks through the iframe flow, server-side validation, tashlumim (installments), tokenization, recurring billing on stored tokens, refunds, 3D Secure 2, and the Bit wallet's quirks (no installments, low per-transaction cap).
The newer "Match API" REST surface at match-api.pelecard.biz exists, but its public docs were not retrievable during research -- treat it as the modern path and verify the endpoint shape directly with Pelecard before relying on it.