Pine LabsDOCS
Create Account

iFrame checkout FAQs

Frequently asked questions about Pine Labs iFrame checkout — embedding, browser compatibility, mobile support, security, callbacks, and troubleshooting.

View as MarkdownOpen in ChatGPTOpen in ClaudeOpen in Perplexity

Common questions about Pine Labs iFrame checkout.

General

What is iFrame checkout? iFrame checkout embeds the Pine Labs hosted checkout page inside an iFrame on your website. The customer stays on your page and completes payment within the embedded checkout, without a full-page redirect.

How is iFrame checkout different from Hosted (redirect) checkout? The only difference is how the checkout is displayed. iFrame checkout embeds the page on your site. Redirect checkout navigates the customer to a full-page Pine Labs checkout. Both use the same API — Generate Checkout Link — with a different integration_mode value (IFRAME vs REDIRECT).

Do I need PCI compliance for iFrame checkout? No. Pine Labs handles all payment data collection inside the iFrame. You never touch sensitive card data.

What payment methods does iFrame checkout support? All the same methods as Hosted checkout: Cards, UPI (Collect and Intent), Net Banking, Wallets, Credit EMI, Debit EMI, BNPL, and Reward Points.

Is iFrame checkout the same as Custom (Seamless) checkout? No. iFrame checkout uses the Pine Labs hosted UI inside an iFrame. Custom checkout means you build your own payment UI and call Pine Labs APIs directly. iFrame requires no PCI compliance; Custom requires PCI compliance.

Integration

What API do I use? The same Generate Checkout Link API used for Hosted checkout. Set integration_mode to IFRAME.

How do I embed the checkout? Use an HTML <iframe> tag with the redirect_url from the API response as the src attribute:

HTML
<iframe src="{redirect_url}" width="100%" height="700" frameBorder="0"></iframe>

What dimensions should I use for the iFrame? Recommended: 500–600px width on desktop, 100% on mobile, 700px height. Test across devices to ensure proper display.

Can I dynamically create and destroy the iFrame? Yes. Create the iFrame via JavaScript when the customer clicks "Pay" and remove it after the callback is handled. See Integration steps for JavaScript examples.

How do I handle the callback inside the iFrame? The callback redirect happens inside the iFrame. Use window.parent.postMessage or redirect the parent window from the callback page. See Integration steps for implementation patterns.

Browser compatibility

Which browsers support iFrame checkout? All modern browsers: Chrome, Firefox, Safari, Edge. Test on your target browsers and devices.

Do pop-up blockers affect iFrame checkout? Pop-up blockers typically don't block iFrames. However, some strict browser security policies or extensions may interfere. Test with common browser configurations.

Are there cross-origin restrictions? The iFrame content is served from the Pine Labs domain. Standard cross-origin policies apply. Use window.postMessage with proper origin checking for communication between the iFrame and parent page.

Does iFrame checkout work with Content Security Policy (CSP)? You may need to add the Pine Labs domain to your frame-src or Content-Security-Policy header:

Code
Content-Security-Policy: frame-src https://pluraluat.v2.pinepg.in https://api.pluralonline.com;

Mobile

Does iFrame checkout work on mobile devices? Yes, but test thoroughly. Ensure the iFrame is responsive (width: 100%) and the height is sufficient for the payment form.

Are there any mobile-specific issues? Some mobile browsers handle iFrames differently:

  • Keyboard input may not work correctly on some Android browsers
  • Safari on iOS may have scrolling issues inside iFrames
  • UPI Intent (deep linking to UPI apps) may behave differently inside an iFrame

If you encounter mobile issues, consider using Redirect mode for mobile users.

Security

Is the iFrame checkout secure? Yes. The checkout page is served over HTTPS from Pine Labs' PCI-compliant infrastructure. Payment data never passes through your server or DOM.

Can I access the iFrame content from my page? No. Same-origin policy prevents your JavaScript from accessing the iFrame content. This is a security feature that protects payment data.

How do I verify the payment is authentic? Verify the SHA256 HMAC signature on the callback server-side, and check the order status using Get Order by Order ID. See Signature Verification.

Callbacks and webhooks

How do callbacks work with iFrame checkout? After payment, Pine Labs redirects to your callback_url inside the iFrame. You need to handle this in the callback page by either:

  1. Redirecting the parent window: window.parent.location.href = '/confirmation'
  2. Using postMessage to notify the parent page

Should I use webhooks with iFrame checkout? Yes. Webhooks are the most reliable mechanism for payment confirmation. Configure webhooks as your primary confirmation method.

What if the callback doesn't fire? If the customer closes the browser or the iFrame has issues, the callback may not reach your page. Webhooks handle this case — they fire server-to-server regardless of browser behavior.

Troubleshooting

The iFrame is blank or not loading. Check: (1) The redirect_url is valid, (2) No CSP headers blocking the Pine Labs domain, (3) No ad blockers or browser extensions interfering, (4) HTTPS is used on both your page and the iFrame.

The checkout is cut off or scrolling doesn't work. Increase the iFrame height. 700px is the minimum recommended height. On mobile, ensure the container allows scrolling.

The callback redirect isn't reaching the parent page. The callback happens inside the iFrame. You must implement window.parent.location.href or postMessage in your callback page to update the parent. See Integration steps.

Payment succeeded but my page doesn't update. This is a callback handling issue. Ensure: (1) Your callback page has the parent redirect logic, (2) Webhooks are configured as a fallback, (3) You check order status server-side.

The iFrame works on desktop but not mobile. Consider UPI Intent deep linking issues and mobile keyboard behavior. Test on actual devices. If mobile issues persist, use Redirect mode for mobile and iFrame for desktop.

How do I contact support? Integration support: pgintegration@pinelabs.com. General support: pgsupport@pinelabs.com.

Related pages

iFrame checkout — Overview Features and when to choose iFrame checkout.

iFrame checkout — Integration steps Step-by-step integration guide with code examples.

Choose the right checkout Compare iFrame with Hosted and Custom checkout.

PreviousiFrame Checkout Integration StepsNextPayment Lifecycle
New chat
Responses are generated using AI and may contain mistakes.
Hi! I'm Pine, your AI developer assistant. Ask me anything about Pine Labs APIs, integrations, or troubleshooting.

Tip: you can create a new chat with + E