the payment layer between your platform and every PSP
Vermilion is not a payment service provider. Licensed PSPs process your payments — we give you one API, one dashboard and central control over all of them. Your money never touches our books.
what's in the box
Unified Payment API
Create, capture, void and refund payments through one REST API with idempotency on every call. PSP differences — statuses, decline codes, quirks — are normalized away before they reach your code.
Smart routing & fallback
Priority-ordered rules match on payment method, currency and amount, each with its own PSP chain. Technical failures fall through to the next provider automatically; declines never do. Health checks pull unhealthy PSPs out of rotation.
Token vault (abstraction)
One platform token per stored card, mapped to references at every PSP that tokenized it. Charge recurring and off-session payments on whichever provider your rules pick — no re-tokenization when you switch.
Webhook normalization
Every PSP notification becomes one event format: verified at ingress, deduplicated, applied idempotently, then delivered to your endpoints HMAC-signed with retries and a re-drivable delivery log.
Dashboard & analytics
Approval rates, per-PSP performance and failure reasons at a glance; a full routing timeline on every payment; rule builder, connection management, API keys, audit trail — with role-based access and 2FA.
Sandbox environment
A deterministic test PSP with scripted outcomes (success, declines, 3DS, timeouts) plus real Stripe and Adyen test modes — so your team can test routing and fallback without spending a cent.
who it's for
SaaS platforms
Give every merchant on your platform resilient payments without marrying a single PSP. Route each merchant by their own rules and credentials.
Marketplaces
Keep authorization rates high across countries by routing each payment to the acquirer that performs best for that currency and card origin.
Ticketing & booking
On-sale spikes are exactly when a PSP fails. Automatic fallback keeps selling while your primary provider recovers.
European & CEE merchants
Combine global PSPs with the local providers your customers expect — one integration, one dashboard, EU data residency.
security by architecture
- Card data goes straight to the PSP's hosted fields — raw card numbers never touch Vermilion, keeping your PCI scope minimal.
- PSP credentials are encrypted at rest and referenced, never returned; production runs on Azure with managed-identity secret access.
- Every sensitive action — key changes, routing changes, refunds — lands in an append-only audit trail.
- API authentication with scoped keys per environment, IP allowlists, and idempotency enforced on every mutating request.