Hosted Payment Page

If you want control over the experience of your entire checkout flow, without a full API integration, you can use our Hosted Payment Page. This involves embedding a ‘piece of a payment page’ (iFrame) which contains the card data capture fields. Since the iFrame is hosted by FirstGiving, you can avoid PCI headaches while maintaining a fully customizable payment page within your own website.


To access the page, use an URL in the following format:


There are two different environment URLs that can be used:

Example URL

Here is an example of a functional staging URL:


Charity UUID
The charity UUID to donate to is the last portion of the URL before the query parameters. An example charity UUID looks like this: e9262f62-e209-11df-8a5c-12313b100879. Refer to the Charity Search API documentation for information on how to find the UUID’s for the charities you wish to support. The Nonprofit Search plugin can also optionally be integrated to provide a UI for end users to select the destination charity themselves.

Required URL Parameters
There are three required URL parameters:

Optional URL Parameters
There are also these additional optional URL parameters which when provided will prepopulate those corresponding form fields:

And additional parameters which allow you to control the look and feel of the iFrame

Optional callback URL (See next section):

You’ll want to use a height of 710px and a width of 660px to accommodate the error labels. This is based on the standard styles, and might change if you’re using custom CSS.


_cb_success and _cb_error are server-side callbacks.  The FG app server calls these urls and the client is never exposed to them.  Their purpose is only to notify the affiliate’s server that a donation succeeded or failed. _pb_success is a client side redirect.  The browser is sent to this location after the donation has been successfully processed.  This feature only exists for the CC collection page where there is no other thank you page like for the Donate Button. I would use this for any app functionality. The ‘postback’ is called first then the ‘callback’ is called in the code if the URL parameters are set/passed in the iframe URL After a successful donation has been completed, the page redirects to the URL specified by the _pb_success parameter. When this URL is invoked it will include additional parameters about the donation appended to the end of it. These parameters are described in the Donation Button Callbacks documentation. Since the _pb_success URL is invoked by the client, it is not possible to verify that those requests have been legitimately called by the FirstGiving application. The extra information passed through that URL should not be trusted as authoritative information about donations that have been processed by the page. Instead, the _cb_success parameter should be used to provide an additional callback URL. It should be encoded in the same way as the _pb_success parameter. This URL will be called directly from the FirstGiving servers after a successful donation with the additional parameters passed to it. To verify the callback authenticity the callback also generates a signature for the request which can be verified to ensure the received message originated from FG.  This signature exists in the request header ‘Fg-Popup-Signature‘ and can be confirmed by calling the URL{Fg-Popup-Signature}?payload={Base64 encoded GET request received, including FQDN} The signature verification service will return either a 200 OK on success, or a 404 on verification failure. When the donation API responds with an error processing the transaction, if a _cb_error parameter has been provided, then the content of the error response will be POSTed to that URL. The content of the POST body will contain two fields: ‘target’ indicating the error target and ‘message’ with the verbose error message.

FrontStream Holdings LLC is a registered ISO of Elavon, Inc. Georgia, Chase Paymentech Solutions, LLC, First National Bank of Omaha, Omaha, NE, BMO Harris Bank, N.A., Chicago, IL, Deutsche Bank, USA, New York, NY and Wells Fargo Bank, N.A., Walnut Creek, CA.