Skip to content
Swft Docs

Connecting NomuPay (Total Processing)

NomuPay is the payment processor behind Total Processing’s OPPWA platform. It’s widely used by UK competition, lottery, and prize-draw merchants. Swft renders a custom card form using OPPWA’s hosted fields (so card data never touches your server — you stay in PCI SAQ-A scope) and also surfaces Apple Pay and Google Pay through the same gateway. Swft collects a 2% platform fee, billed monthly.

When to use NomuPay

Section titled “When to use NomuPay”

Use NomuPay if you already have an account with NomuPay / Total Processing — typically because you run a competition, lottery, or other high-risk vertical that processors like Stripe won’t underwrite.

For most general retail, Stripe is simpler. NomuPay shines specifically when:

  • Your existing PSP relationship is with Total Processing
  • You need card payments for verticals that other PSPs decline
  • You want Apple Pay / Google Pay through NomuPay rather than Stripe

You can run NomuPay alongside Stripe — both render in the checkout and the shopper picks one.

Prerequisites

Section titled “Prerequisites”
  • A NomuPay / Total Processing merchant account
  • The WooCommerce NomuPay plugin installed and configured on your WordPress site (required for refunds — see below)
  • Your Swft API key already saved in Settings → Swft Checkout

Get your OPPWA credentials

Section titled “Get your OPPWA credentials”

NomuPay issues credentials per environment (sandbox + production):

  • EntityID — a 32-character identifier per payment brand / channel.
  • Access Token — Bearer token used to authenticate API calls.
  • Webhook Secret — a 64-character hex string used to verify incoming webhooks.

Sandbox credentials are not self-serve — request them from NomuPay support at [email protected]. Production credentials come with your merchant onboarding pack.

If you already use the WooCommerce NomuPay plugin, you’ll have these in your NomuPay merchant dashboard under API access.

Connect NomuPay in Swft

Section titled “Connect NomuPay in Swft”
  1. Go to your Swft DashboardSettings → Payments.
  2. Find the NomuPay card.
  3. Fill in:
    • Test EntityID + Test Access Token (sandbox)
    • Live EntityID + Live Access Token (production)
    • Webhook Secret (64-char hex)
  4. Pick the Payment brands you want to accept: VISA, MASTER, AMEX, plus optionally APPLEPAY and GOOGLEPAY.
  5. If you’re testing, leave Live mode OFF. Switch ON for production.
  6. Tick Enable saved cards if you want returning shoppers to re-use stored card tokens.
  7. Tick Enable NomuPay.
  8. Click Save.

The NomuPay card form now appears in your checkout’s payment section.

Set up the OPPWA webhook

Section titled “Set up the OPPWA webhook”

NomuPay confirms successful payments via a server-to-server push webhook (this is the canonical settlement source — the browser redirect is best-effort).

  1. In the NomuPay merchant portal, go to Webhooks (sometimes under Server-to-Server notifications).
  2. Add a new webhook:
    • URL: https://api.swft.co.uk/webhooks/nomupay
    • Events: PAYMENT (at minimum); REGISTRATION and RISK if you want them for telemetry.
    • Secret: paste the same 64-char hex you entered in Swft.
  3. Save.

Swft verifies every webhook payload using AES-256-GCM (OPPWA’s documented scheme). Tampered payloads are rejected with a 400; replays are idempotent.

Set up Apple Pay (optional)

Section titled “Set up Apple Pay (optional)”

If you enabled APPLEPAY in your payment brands:

  1. In the NomuPay portal, add the domain checkout.swft.co.uk to your Apple Pay domains list.
  2. NomuPay gives you a verification string. Send it to Swft support and we’ll deploy it to https://checkout.swft.co.uk/.well-known/apple-developer-merchantid-domain-association (Apple requires this file to live on the same origin that hosts the checkout).
  3. Once verified, the Apple Pay button appears automatically inside the NomuPay card form on supported devices (Safari + Touch ID / Face ID).

If you also use a Swft custom domain, repeat the domain registration for that origin too.

Google Pay works out of the box once you’ve enabled the GOOGLEPAY brand — no domain verification step required.

How payments work

Section titled “How payments work”

When a shopper enters their card in the NomuPay form:

  1. OPPWA’s paymentWidgets.js tokenises the card inside per-field iframes — the raw PAN never reaches your server.
  2. OPPWA processes the payment, including 3D Secure 2 challenges where required.
  3. The shopper is redirected to https://checkout.swft.co.uk/return/nomupay?session=...&resourcePath=....
  4. The Swft return page calls our API, which fetches the canonical result from OPPWA and:
    • Marks the session complete on success.
    • Records the platform fee event.
    • Creates a paid WooCommerce order tagged for the WC NomuPay plugin to handle refunds.
  5. Shopper sees the order confirmation page.

If the OPPWA result is asynchronous (rare), the return page shows a “confirming with your bank” message and the OPPWA webhook completes the session out-of-band — the shopper gets an email receipt once settled.

Saved cards

Section titled “Saved cards”

If Enable saved cards is ticked, OPPWA stores a tokenised reference (an OPPWA “registration”) after the shopper’s first successful payment. On returning visits with the same email, the saved card option appears alongside the new-card form.

Stored cards are scoped per merchant: a card stored for merchant A is never visible to merchant B. Tokens are revocable — shoppers can remove saved cards from the dashboard (or by emailing your support).

Platform fee

Section titled “Platform fee”

Swft’s 2% platform fee on NomuPay transactions is billed monthly via Stripe Billing, against the card you have on file. OPPWA doesn’t support marketplace-style fee skims at the gateway layer.

You’ll see a single Swft invoice each month covering accumulated fees from all out-of-band gateways (PayPal, Klyme, NomuPay).

Refunds

Section titled “Refunds”

Refunds happen in WooCommerce, not in Swft. This is by design — we don’t get involved in money movement.

For this to work, you need both plugins installed and active:

  1. Swft Checkout plugin (handles checkout itself)
  2. NomuPay Payment Gateway for WooCommerce (handles refunds via NomuPay’s API)

Swft-created NomuPay orders are tagged with _payment_method = wc_tp_cardsv3 plus the meta (_transaction_id, platformBase, paymentType) that the WC NomuPay plugin’s refund handler expects. The standard Refund button in WC → Orders works without further setup.

Configure both plugins with the same NomuPay credentials. If they diverge, the Swft side may create an order against one OPPWA account while the WC plugin tries to refund against another — and the refund will fail.

Test mode

Section titled “Test mode”

To test without real money:

  1. Request sandbox credentials from [email protected].
  2. Paste them as Test EntityID + Test Access Token in Swft, with Live mode OFF.
  3. Run a checkout. Use OPPWA’s test card numbers (NomuPay support provides the current list; commonly 4200 0000 0000 0000 for Visa with any future expiry and CVV).

Sandbox payments appear in your NomuPay test dashboard, not the live one.

Disconnecting NomuPay

Section titled “Disconnecting NomuPay”

In Settings → Payments, uncheck Enable NomuPay. The NomuPay form disappears from the checkout immediately. Existing pending payments continue to settle via the webhook.

To fully remove credentials, blank out the EntityID, Access Token, and Webhook Secret fields and save again. Also delete the webhook in the NomuPay merchant portal.