The Australian Business Number is a unique identifier issued to businesses by the Australian Business Register, which is operated by the Australian Taxation Office.

Addresses are associated with a User and Companies. The user address is required for users that are assigned as sellers, and is optional for buyers. If the User is a principal of a Company, then the Company Address is also required.


While an Address is optional for users set as buyers, it is recommended that you capture and create all Users with an Address, as they may at some stage be a seller on your marketplace or platform.

Bank Accounts can be used as a funding source (Direct Debit/ACH) or as a Disbursement destination. Bank Accounts are associated with Users.


When creating a Bank Account, a token is returned, similar to a Credit Card token. You need to store the token (and not the bank account details) against the user on your platform. When using a Bank Account as a funding source, the relevant token is passed to the make payment Item Action. Additionally a Direct Debit Authority needs to be created in order for a Bank Account to be used as a funding source.


A Bank Account can also be set as a Disbursement destination. If set, the funds in a User’s Digital Wallet will be disbursed to the Bank Account.


A Bank Account is required for all Users set as a seller even if they wish to use a PayPal Account as their Disbursement destination.

Batch Transactions allow you to view the status of batched funds, inbound or outbound. Transactions are batched when using a Bank Account to fund an Item, or when disbursing funds to a Bank Account or PayPal Account.

Payments can be paid and received by buyers and sellers.


A buyer is an end user who purchases any assets or services via a platform.

Callbacks are a useful way of notifying you when an object changes. For example: if an Item changes state because we have processed an Direct Debit/ACH payment, we will post a JSON payload with the Item object attributes to the URL provided.


Only one Callback can be enabled for an object type (Items, Users, Companies, Addresses, Accounts, Disbursements, Transactions and Batch Transactions).


Only HTTPS URLs are supported and it requires a valid SSL certificate. Self-signed certificates are not supported. When creating a Callback the URL provided will be sent a test JSON payload and will only be successfully created if we receive a non 500 response.


json { “message”: “PromisePay callback test” }

A bank that offers and issues payment cards (such as a credit card) directly to consumers

Card Accounts can be used as a funding source. Card Accounts are associated with Users.


When creating a Card Account, a token is returned. You need to store the token (and not the credit card account details) against the user on your platform. When using a Card Account as a funding source, the token is passed to the make payment Item Action.


There are PCI requirements for protecting Credit Card Account data.

Card schemes are payment networks associated with payment cards, offered as services by banks and other financial institutions. Well-known card schemes are American Express, MasterCard and Visa.

If the seller of an item is a company, then it is important to create an associated Company. The Company allows for invoices and other emails to be tailored with Company details rather than User details. A Company will also have an associated Address.

A Direct Debit Authority needs to be created in order for a Bank Account to be used as a funding source. (Direct Debit/ACH) The Direct Debit Authority is an authorization from the user to debit their Bank Account for the Item amount or for the funding of a Wallet Account. Ensure that you actually obtain this authorization because in the event of an issue, it will be required as proof of authorization.

Applicable to the United States, an Employer Identification Number (also known as Federal Employer Identification Number) is the corporate equivalent to a Social Security number, although it is issued to anyone, including individuals, who have to pay withholding taxes on employees.

As a platform or marketplace you will want to charge your users Fees. Fees are applied to Items and will add or subtract from the amount based on the User, payment type or Disbursement account type.


Fees are disbursed when the funds are released from Escrow, or when the Express transaction completes. Fees are refunded when doing a full refund. Proportional fees, are disbursed for partial releases and also partial refunds.

An inline frame (or iFrame) is an HTML element which allows you to embed HTML content inside another HTML page. It is useful when you want to display an independent web page within another web page.

Once you have created an item you can perform actions on it. The actions that can be performed are limited by the items payment type and the items current state.


The most common escrow workflow is to request_payment, make_payment, request_release and release_payment. There are also refund actions and dispute actions.


The most common express workflow is to request_payment and make_payment. An express item releases the funds immediately to the seller.


Some item actions require parameters to be passed with the action. For example, make_payment requires the token of the payment account. More detail is found for the item action in the relevant reference guide page.

Items are the core component of your payments workflow. They connect Users, allowing them to pay and receive money for an item or service. Fees can also be set up, allowing you to collect money for various scenarios. These can be set up for buyers & sellers, payment types and payout types. Different types of Items can be created: Express, Escrow, Escrow Partial Release and Approve.


As a platform or marketplace you will want to charge your users Fees. Fees are applied to Items and will add or subtract from the amount based on the User, payment type or Disbursement account type.

Mutual authentication is a process wherein two parties, usually a client and a server, authenticate each other before any application information is exchanged. Authentication happens when both parties verify each other’s identity as a trusted source.

Utilising the PayPal service, PayPal Accounts can be used as a disbursement destination within your platform. PayPal Accounts are associated with Users.

Payments can be paid and received by buyers and sellers. A buyer is an end user who Purchases any Assets or Services via a Platform.


A seller is an end user who sells, or offers, any assets and/or services via a Platform.

Soft descriptors are the information which appear on your users’ statements after a transaction is initiated. These can be categorised into two distinctions: Dynamic Descriptors, which are Assembly’s defaults; and Custom Descriptors, which you can define for your own platform.

Secure Sockets Layer (SSL) is a standard security technology which provides a private and encrypted connection between a client and server. An SSL connection requires an SSL certificate, which contains basic information regarding the identity of a website and the company behind it.

Sites incorporating SSL display a padlock in the browser address bar.

A Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents.

Create a card token that can be used with the PromisePay.js package to securely send credit card details to Assembly.

Replacement of sensitive data with a unique identifer that cannot be reversed mathematically; commonly used in payments to replace card data

Transactions relate to Items. There are typically multiple Transactions per Item. An example: The initial funding, the release of funds, and Fees.


Note: Disbursement transactions are shown using the Batch Transactions API calls.

Payments can be paid and received by buyers and sellers. Once a user is set up they can be associated with various objects, including Accounts, Items, Companies, and Addresses. There are a number of data requirements when creating Users, notably for sellers.

Universally unique identifier that allows for the generation of a unique 128-bit value which can be tracked across multiple indexes.

Wallet Accounts can be used as a funding source for the payment of items. They need to be funded from a Bank Account or from the proceeds of other Item transactions.


Wallet Accounts are automatically created for each User. You need to store the token against the user on your platform. When using a Wallet Account as a funding source, the relevant token is passed to the make payment Item Action.


Funds that are released from an Item to the user allocated as the seller are placed in the User’s Wallet Account.

An online marketplace (or online e-commerce marketplace) is a type of e-commerce site where product or service information is provided by multiple third parties, whereas transactions are processed by the marketplace operator.

A platform is any business that has both multiple buyers and multiple merchants interacting with one another


Assembly’s feature configurations are settings which shape how your platform behaves and handles core functions such as payments, refunds, credit card descriptors, and so on.

Feature configurations are largely handled by Assembly to maintain your platform’s integrity. If you’d like to know more about our configurations, see the API Reference or contact the Developer Team.

Risk & Fraud

3-D Secure is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions.

Card-Not-Present refers to a purchase a consumer makes without physically presenting his or her credit or debit card at the time of purchase. CNP transactions often occur online, where cards cannot be physically handled or swiped.

A DeviceID is a unique string associated with a device, generated from a combination of contributing factors, such as the device’s MAC Address, IP address and other identifying factors.

The Australian Department of Foreign Affairs and Trade is a department of the Government of Australia charged with the responsibility of advancing the interests of Australia and its citizens internationally. It manages the government’s foreign relations and trade policies.

The Financial Action Task Force (on Money Laundering), also known by its French name, Groupe d’action financière (GAFI), is an intergovernmental organization founded in 1989 on the initiative of the G7 to develop policies to combat money laundering. In 2001 the purpose expanded to act on terrorism financing.

When a consumer makes a purchase with their own credit card and then issues a chargeback through the card provider (after receiving the goods or services) to cancel the transaction and refund the money.

An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and geolocation.

Know Your Customer is the process of a business verifying the identity of its clients. The term is also used to refer to the bank regulation which governs these activities.

The Office of Foreign Assets Control of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.

A transaction enters into a payment_held state when it meets a level of criteria that has been specifically set based on historical data, through a fraud prevention engine.

When a item is in payment_held state, its corresponding payment is subject to manual review by Assembly before it is released or refunded.

Risk appetite refers to the acceptable level of risk that a company is willing to take on.

A user operating two separate profiles in order to make purchases from themselves in order to inflate their own ratings and feedback. This is similar to Shill Bidding without the fraud aspect; whilst not considered true fraud, it breaks our terms and conditions and casts doubts on the user’s true agenda.

Two-factor authentication (also known as 2FA) is a technology that provides identification of users by means of the combination of two different components, such as a username/password and a secure, authentication code.


Automated Clearing House is an electronic network for financial transactions in the United States. ACH processes large volumes of credit and debit transactions in batches. ACH credit transfers include direct deposit, payroll and vendor payments.

Bank Identifier Codes are used for transferring money overseas. They make up part of the 8-11 character identification code of a bank or financial institution.

Description of the sale or refund transaction that appears on the account holder’s account statement.

The first four to six digits of a credit card. The bank identification number identifies the institution issuing the card. It can be used to match transactions to the issuer of the card in question.

A Bank State Branch number is a numerical code that identifies an individual branch of a financial institution within Australia. This six digit number, plus your account number, is used to identify an account.

A chargeback is the return of funds to a consumer, forcibly initiated by the consumer’s issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer’s bank account, line of credit, or credit card.

Escrow works by placing money in the control of an independent and licensed third party in order to protect both the buyer and seller in a transaction. When both parties verify the transaction has been completed per terms set, the money is released.

An International Bank Account Number is used in some countries to uniquely identify a customer’s bank account. The IBAN consists of an alphabetical country code, followed by two digits, and then up to thirty five characters for the bank account number.

A merchant category code is a four-digit number assigned to a business by credit card companies (for instance American Express, MasterCard, VISA) when the business first starts accepting one of these cards as a form of payment. The MCC is used to classify the business by the type of goods or services it provides.

A merchant identification number is a unique number assigned to a merchant account to identify it throughout the course of processing activities.

A payment gateway is an e-commerce application service provider service that authorizes credit card payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. It is the equivalent of a physical point of sale terminal located in most retail outlets.

A Routing number is a nine digit code, used in the United States, which appears on the bottom of negotiable instruments such as checks to identify the financial institution on which it was drawn.

A sort code is a six-digit number, is usually formatted as three pairs of numbers, for example 12-34-56. It identifies both the bank and the branch where the account is held. In some cases, the first digit of the sort code identifies the bank itself and in other cases the first 2 digits identify the bank. This is commonly used as the routing number in the United Kingdom.

Society for Worldwide Interbank Financial Telecommunication codes are used for transferring money overseas. They make up part of the 8-11 character identification code of a bank or financial institution.

Underwriting is to sign and accept liability and guaranteeing payment in case loss or damage occurs. Underwriting is provided by a large financial service provider such as a bank, insurer or investment house.

Wire transfer or credit transfer is a method of electronic funds transfer from one person or entity to another (generally used in domestic US transactions). A wire transfer can be made from one bank account to another bank account or through a transfer of cash at a cash office.