Migrating from Trust Payments
A practical guide for travel businesses migrating from Trust Payments (formerly Secure Trading) to Felloh. This covers concept mapping, code migration patterns, and a step-by-step migration plan so you can move with confidence.
Trust Payments has been a popular choice for UK travel businesses, particularly those needing trust account support. However, its API is showing its age — XML-based request formats, complex site reference authentication, and limited tooling for modern agent-based workflows. Felloh provides a modern JSON REST API with native booking management, scheduled payments, and AI agent integration via MCP.
Concept mapping
Understand how Trust Payments concepts translate to Felloh before writing any code.
Direct equivalents
| Trust Payments | Felloh | Notes |
|---|---|---|
| Customer (billing details) | Customer | Trust Payments embeds customer details in each request. Felloh has a dedicated customer resource. |
Refund (REFUND request type) | Refund | Felloh uses a two-stage process — refunds require separate authorisation. |
| URL Notification | Webhook | Same concept. Trust Payments posts to a notification URL configured in MyST. Felloh webhooks use HMAC-SHA256 signatures and are configured via the API. |
| Payment Pages (STPP) | Payment Link | Trust Payments' hosted payment pages require MyST template configuration. Felloh payment links are a single API call. |
Different concepts
| Trust Payments | Felloh | How it differs |
|---|---|---|
AUTH request (authorisation) | Payment Link / Ecommerce / Scheduled Payment | Trust Payments has a single AUTH request type. Felloh splits payment collection into three tools — see choosing a payment method. |
| Transaction (settled auth) | Transaction | A Felloh Transaction represents a completed payment. It's always linked to a Booking. |
ACCOUNTCHECK + stored credentials | Tokenised Card | In Trust Payments, you run an ACCOUNTCHECK to verify and store card details, receiving a transactionreference for future charges. In Felloh, cards are automatically tokenised when a customer pays. |
Subscription (SUBSCRIPTION request) | Scheduled Payment | Trust Payments subscriptions repeat at fixed intervals. Felloh scheduled payments charge a specific amount on a specific date — more flexible for travel installment patterns. |
| Payment Pages templates (MyST) | Ecommerce + Felloh SDK | Trust Payments' customisable payment pages are configured in the MyST portal. Felloh ecommerce sessions provide embedded payment forms via the SDK. |
| Fraud control (site-level rules in MyST) | Fraud Shield | Trust Payments configures fraud rules in the MyST portal. Felloh Fraud Shield provides configurable rules — 3DS, card, customer, device, location, and velocity checks — via the Dashboard. |
| MOTO (mail order / telephone order) | Terminal | Felloh supports in-person and MOTO payments via terminals. Speak to your account manager to get set up. |
Felloh concepts with no Trust Payments equivalent
These are features you gain by moving to Felloh.
| Felloh feature | What it does |
|---|---|
| Booking | A container linking a customer's trip to all their payments, refunds, payment links, and scheduled payments. Replaces the custom booking-to-payment mapping you built around Trust Payments. |
| Payment Link | Generate a shareable payment URL with a single API call. No portal template configuration required. |
| Disbursements | Pay suppliers directly from trust accounts. Replaces manual bank transfers. |
| Beneficiaries | Manage supplier bank details for disbursements. |
| Credit Notes | Track credits and adjustments against bookings. |
| MCP Server | Connect AI agents and editors to Felloh for conversational payment management. |
| Open banking | Accept bank transfer payments alongside card payments on every payment link and ecommerce session. |
| Trust accounts | Felloh manages ATOL/ABTA-compliant trust accounts natively. |
| Automatic reconciliation | Every payment — cards, open banking, and bank transfers — is automatically matched to its booking using 3-point verification. Eliminates manual spreadsheet reconciliation. |
| Automatic surcharging | Detects corporate and international cards at the point of payment and applies compliant surcharges in real time. Protects margins without manual fee calculations. |
No Felloh equivalent
| Trust Payments feature | What to do |
|---|---|
RISKDEC (standalone risk decision) | Felloh Fraud Shield runs automatically on every payment — no separate risk decision call needed. |
WALLETVERIFY / Apple Pay direct | Felloh handles wallet payments via payment links and ecommerce sessions. |
CURRENCYRATE (DCC) | Handle currency conversion in your own system. Felloh supports GBX, USX, and EUX. |
The booking model
The biggest conceptual shift is that every payment in Felloh is tied to a Booking. In Trust Payments, you submit an AUTH request with an orderreference — the gateway has no concept of what the payment is for. In Felloh, you create a booking first, then collect payments against it.
Trust Payments flow:
orderreference → AUTH request → Settlement
(you maintain the link to your booking system)
Felloh flow:
Customer → Booking → Payment Link / Ecommerce / Scheduled Payment → Transaction
(booking is a first-class object — payments are linked automatically)
This means you can remove any custom code that links Trust Payments transaction references to your booking system. Felloh handles this relationship natively.
If you currently use Trust Payments' orderreference to link payments to booking references, Felloh replaces that pattern. The booking reference is a first-class field on the booking object, and all transactions are linked automatically.
Choosing a payment method
In Trust Payments, you submit an AUTH request (direct API) or redirect to Payment Pages. In Felloh, you choose based on the scenario:
| Scenario | Trust Payments | Felloh |
|---|---|---|
| Send customer a link to pay | Payment Pages (STPP redirect) | create-payment-link |
| Embed payment in your app | Payment Pages iframe / JS Library | create-ecommerce + Felloh SDK |
| Charge a saved card later | AUTH with parenttransactionreference + cron | create-scheduled-payment |
| Charge a saved card now | AUTH with parenttransactionreference | create-scheduled-payment with today's date |
Code migration
Authentication
Trust Payments uses a site reference, username, and JWT (or the older XML-based authentication with site reference and security code). Felloh uses a public/private key pair to generate a bearer token.
Authentication
import axios from 'axios';
import jwt from 'jsonwebtoken';
// Trust Payments — generate JWT for Webservices API
const payload = {
iss: 'jwt.user@example.com', // JWT username
iat: Math.floor(Date.now() / 1000),
payload: {
requesttypedescriptions: ['AUTH'],
sitereference: 'your_site_reference',
// ... payment details ...
},
};
const token = jwt.sign(payload, 'your-jwt-secret-key');
const response = await axios({
method: 'post',
url: 'https://webservices.securetrading.net/jwt/',
headers: { 'Content-Type': 'application/json' },
data: { jwt: token },
});
Felloh tokens are valid for a limited time. Cache and refresh them as needed. See the Authentication guide for full details.
Creating a customer
Trust Payments doesn't have a dedicated customer creation API — billing details are passed with each payment request. Felloh has a dedicated customer resource.
Create a customer
// Trust Payments — customer details embedded in the AUTH request
const payload = {
requesttypedescriptions: ['AUTH'],
sitereference: 'your_site_reference',
billingemail: 'sarah@example.com',
billingfirstname: 'Sarah',
billinglastname: 'Jones',
billingstreet: '10 Downing Street',
billingtown: 'London',
billingpostcode: 'SW1A 2AA',
billingcountryiso2a: 'GB',
// ... payment details ...
};
Creating a booking (new concept)
This has no Trust Payments equivalent — it's the step that replaces your custom booking-to-payment mapping.
Create a booking
const response = await axios({
method: 'post',
url: 'https://api.felloh.com/agent/bookings',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${token}`,
},
data: {
organisation: 'your-organisation-id',
booking_reference: 'TRIP-2026-001',
gross: 150000, // £1,500.00 in pence
currency: 'GBX',
customer_email: 'sarah@example.com',
customer_name: 'Sarah Jones',
departure_date: '2026-08-15',
return_date: '2026-08-22',
},
});
Collecting a payment
Collect a payment
import jwt from 'jsonwebtoken';
const payload = {
iss: 'jwt.user@example.com',
iat: Math.floor(Date.now() / 1000),
payload: {
requesttypedescriptions: ['AUTH'],
sitereference: 'your_site_reference',
accounttypedescription: 'ECOM',
currencyiso3a: 'GBP',
baseamount: 50000, // £500.00 in pence
orderreference: 'TRIP-2026-001-DEP',
billingemail: 'sarah@example.com',
billingfirstname: 'Sarah',
billinglastname: 'Jones',
// Card details collected via JS Library or Payment Pages
},
};
const jwtToken = jwt.sign(payload, 'your-jwt-secret-key');
const response = await axios.post(
'https://webservices.securetrading.net/jwt/',
{ jwt: jwtToken }
);
Processing a refund
Process a refund
const payload = {
iss: 'jwt.user@example.com',
iat: Math.floor(Date.now() / 1000),
payload: {
requesttypedescriptions: ['REFUND'],
sitereference: 'your_site_reference',
parenttransactionreference: 'original-transaction-reference',
baseamount: 20000, // £200.00 partial refund
},
};
const jwtToken = jwt.sign(payload, 'your-jwt-secret-key');
const response = await axios.post(
'https://webservices.securetrading.net/jwt/',
{ jwt: jwtToken }
);
// Refund is processed immediately
Trust Payments processes refunds immediately with a single request. Felloh adds an explicit authorisation step — this prevents accidental refunds and supports compliance workflows. If you want to auto-authorise, call both endpoints sequentially.
Scheduling a future payment
Trust Payments supports subscriptions for recurring payments, but they use fixed intervals (daily, weekly, monthly). Travel installments need specific dates. With Trust Payments, you typically store the transactionreference from an initial payment and run your own cron job.
Schedule a future payment
// Step 1: Initial payment stores the card via ACCOUNTCHECK or AUTH
const initialPayload = {
requesttypedescriptions: ['AUTH'],
sitereference: 'your_site_reference',
credentialsonfile: 1, // Store credentials for future use
// ... card and payment details ...
};
// Step 2: Store the transactionreference in your database
// Step 3: Build a cron job to charge on the right date
// When cron triggers, submit AUTH with stored reference:
const recurringPayload = {
requesttypedescriptions: ['AUTH'],
sitereference: 'your_site_reference',
parenttransactionreference: 'stored-transaction-reference',
baseamount: 100000, // £1,000.00
currencyiso3a: 'GBP',
credentialsonfile: 2, // Merchant-initiated transaction
orderreference: 'TRIP-2026-001-BAL',
};
Currency mapping
Trust Payments uses ISO 4217 currency codes with amounts in minor units (baseamount). Felloh uses minor-unit currency codes. The numeric values are the same — only the code changes.
| Trust Payments | Felloh | Unit |
|---|---|---|
GBP | GBX | Pence |
USD | USX | Cents |
EUR | EUX | Euro cents |
Currency conversion helper
const TP_TO_FELLOH_CURRENCY = {
GBP: 'GBX',
USD: 'USX',
EUR: 'EUX',
};
function convertCurrency(tpCurrency) {
const fellohCurrency = TP_TO_FELLOH_CURRENCY[tpCurrency.toUpperCase()];
if (!fellohCurrency) {
throw new Error(`Unsupported currency: ${tpCurrency}`);
}
return fellohCurrency;
}
// Amount values stay the same — both use minor units
// Trust Payments: { baseamount: 150000, currencyiso3a: 'GBP' }
// Felloh: { amount: 150000, currency: 'GBX' }
Webhook event mapping
Trust Payments uses URL notifications configured in the MyST portal. Felloh uses standard webhooks with HMAC-SHA256 signatures configured via the API.
| Trust Payments notification | Felloh event | Notes |
|---|---|---|
AUTH (settle status 0 — pending) | — | Felloh handles authorisation internally |
AUTH (settle status 100 — settled) | transaction.completed | Payment has been settled |
AUTH (error code non-zero) | transaction.failed | Payment was declined |
REFUND (settled) | refund.completed | Refund has been processed |
| Chargeback notification | chargeback.created | Customer disputed the charge |
SUBSCRIPTION renewal | — | No equivalent — Felloh scheduled payments are explicit per-charge |
Trust Payments uses settlestatus values (0 = pending, 100 = settled) to indicate payment state. Felloh uses distinct event types — transaction.completed for successful payments, transaction.failed for failures.
Migrating a notification handler
Notification handler migration
app.post('/notifications/trustpayments', express.urlencoded({ extended: true }), (req, res) => {
// Trust Payments sends form-encoded POST notifications
// Verify using the notification hash (configured in MyST)
const {
transactionreference,
settlestatus,
errorcode,
orderreference,
notificationreference,
responsesitesecurity,
} = req.body;
// Validate site security hash
// (hash algorithm configured in MyST portal)
if (errorcode === '0' && settlestatus === '100') {
handlePaymentSuccess(orderreference, transactionreference);
} else if (errorcode !== '0') {
handlePaymentFailure(orderreference, errorcode);
}
res.send('OK');
});
Trust Payments sends form-encoded POST notifications with a site security hash configured in MyST. Felloh sends JSON webhooks with HMAC-SHA256 signatures — a more standard and easier-to-verify approach.
What you can remove
Migrating from Trust Payments to Felloh lets you remove significant custom code.
| Custom code you built | Felloh replacement |
|---|---|
| Booking-to-payment mapping (orderreference tracking, reconciliation) | Felloh bookings link payments automatically |
| Settlement reconciliation (MyST reports, manual matching of payouts to bookings) | Felloh automatic reconciliation — every payment is matched to its booking via 3-point verification |
| Manual surcharge calculations (spreadsheets, card type identification, compliance checks) | Felloh automatic surcharging — card type detected and surcharge applied in real time |
| Payment scheduling (cron jobs, stored transaction references, MIT flags) | Felloh scheduled payments |
Card credential storage and credentialsonfile management | Felloh automatic card tokenisation |
| JWT generation and signing for each API request | Bearer token (generated once, cached) |
| Payment Pages template configuration (MyST portal) | Felloh payment links (single API call) |
| Site security hash verification logic | Standard HMAC-SHA256 verification |
Settle status interpretation (0, 1, 2, 10, 100) | Clear event types (transaction.completed, transaction.failed) |
| Trust account management and reconciliation | Felloh managed trust accounts |
| Supplier payment processing | Felloh disbursements |
| MyST portal-based fraud rule configuration | Felloh Fraud Shield via Dashboard |
Migration plan
A step-by-step approach to moving from Trust Payments to Felloh.
Phase 1 — Set up and validate
- Create a Felloh account and generate sandbox API keys from the Sandbox Registration Form
- Set up authentication — implement token generation and caching
- Create a test booking and payment link to verify your integration works
- Connect the MCP server (optional) — useful for exploring the API interactively during migration
Phase 2 — Audit and plan
- Identify your Trust Payments integration type — Webservices API (JWT), Payment Pages (STPP redirect), JS Library, or a combination
- List all payment flows — initial AUTH, stored credential charges, subscriptions, MOTO
- Review MyST configuration — note any fraud rules, notification URLs, and payment page templates that need to be recreated in Felloh
- Create customers in Felloh — pull customer data from your booking system
- Create bookings for any active reservations
Phase 3 — Migrate payment flows
- Replace Payment Pages (STPP) with Felloh payment links
- Replace JS Library integration with Felloh ecommerce sessions and the Felloh SDK
- Replace stored credential charges (cron jobs with
parenttransactionreference) with Felloh scheduled payments - Replace
REFUNDrequests with Felloh's two-stage refund process - Replace URL notification handlers with Felloh webhook handlers
- Remove JWT generation code — Felloh uses a simpler bearer token
- Remove settle status parsing — Felloh uses clear event types
Phase 4 — Test in sandbox
- Run through every payment flow in the Felloh sandbox
- Test edge cases: declined payments, partial refunds, expired tokens
- Verify webhook delivery and handling
- Confirm customer-facing payment pages work correctly
Phase 5 — Go live
- Switch to production API keys
- Run Trust Payments and Felloh in parallel for a transition period — new bookings go through Felloh, existing Trust Payments subscriptions and scheduled charges complete naturally
- Monitor the Felloh Dashboard for transaction status
- Decommission Trust Payments integration and remove legacy code
- Close MyST portal configuration (notification URLs, fraud rules — now in Felloh)
You don't need to migrate historical transaction data. Trust Payments retains your historical records via MyST. Felloh starts fresh with new bookings.
Common migration questions
Can I run Trust Payments and Felloh in parallel? Yes. Route new bookings to Felloh and let existing Trust Payments subscriptions and scheduled charges complete. There's no conflict between the two.
Do I need to re-collect card details?
Yes, for new payments. Trust Payments stored credentials (transactionreference tokens) are not transferable to Felloh. Customers will enter their card details on their first Felloh payment, and the card is automatically tokenised for future use.
What about PCI compliance? Felloh handles PCI compliance the same way — card details are collected via Felloh's hosted payment pages or SDK, never touching your servers. If you were using Trust Payments' JS Library for card tokenisation, the Felloh SDK provides equivalent security.
I use Trust Payments subscriptions. How do they translate? Trust Payments subscriptions repeat at fixed intervals (daily, weekly, monthly). Felloh scheduled payments are more flexible — each one has a specific date and amount. For a travel installment plan, create individual scheduled payments rather than a subscription. This gives you full control over amounts and timing.
I have fraud rules configured in MyST. Can I replicate them? Yes. Felloh Fraud Shield supports 3DS rules, card rules, customer rules, device fingerprinting, location checks, and velocity limits. Configure them in the Felloh Dashboard. Most MyST fraud rules have a direct equivalent in Fraud Shield.
What about 3DS (Strong Customer Authentication)? Felloh handles 3DS automatically on payment links and ecommerce sessions. You can configure 3DS rules in Fraud Shield — for example, setting velocity thresholds for when 3DS challenges are triggered. No more manual 3DS configuration in MyST.
Can I use the Felloh MCP server during migration? Absolutely. Connect the MCP server to your AI editor and use it to explore the API, create test bookings, and debug your integration interactively.