Integration Overview

  1. Three Step Redirect API
    1. Documentation
      1. Methodology
      2. Transaction Operations
        1. Step 1
        2. Step 2
        3. Step 3
        4. Transaction Operations
      3. Recurring Operations
        1. Step 1
        2. Step 2
        3. Step 3
        4. Additional Operations
      4. Customer Vault Operations
        1. Step 1
        2. Step 2
        3. Step 3
        4. Additional Operations
      5. Testing Information
      6. Appendices
        1. Appendix 1
        2. Appendix 2
        3. Appendix 3
    2. Examples
      1. C#
      2. PHP
      3. PHP - Customer Vault
    3. Download Documentation
  2. Direct Post API
    1. Documentation
      1. Methodology
      2. Transaction Types
      3. Transaction Variables
      4. Recurring Variables
      5. Invoicing Variables
      6. Customer Vault Variables
      7. Retail Data
      8. Apple Pay
        1. Documentation
        2. Download Example Project
      9. Partial Payment Information
      10. Credential on File Information
      11. Transaction Response Variables
      12. Testing Information
      13. Appendices
        1. Appendix 1
        2. Appendix 2
        3. Appendix 3
    2. Examples
      1. ASP
      2. C#
      3. ColdFusion
      4. Java
      5. Node
      6. PHP
      7. Phyton
      8. Ruby
    3. Download Documentation
  3. Collect.js
    1. Documentation
      1. Methodology
      2. The Payment Token
      3. Integration Types
      4. Integration Options
        1. Lightbox Integration
          1. Simple Implementation
          2. Advanced Implementation
          3. Expert Implementation
        2. Inline Integration
          1. Simple Implementation
          2. Advanced Implementation
          3. Expert Implementation
          4. Inline Integration Tips
    2. Examples
      1. See a React example on Github
      2. Lightbox Integration
        1. Simple Example
        2. Advanced HTML Example
        3. Advanced JavaScript Example
        4. Expert Example
      3. Inline Integration
        1. Simple Example
        2. Advanced HTML Example
        3. Advanced JavaScript Example
        4. Expert Example
    3. Download Documentation
  4. Query API
    1. Documentation
      1. Methodology
      2. Variables
      3. Sample Response
    2. Examples
      1. PHP
      2. Node
    3. Download Documentation
  5. ChipDNA Mobile EMV SDK
    1. Documentation
  6. Mobile SDK
    1. Documentation
      1. Methodology
      2. Android
        1. Using the Library
        2. End-to-End Encryption
        3. Swipe Devices
        4. Classes Overview
      3. iOS
        1. Using the Library
        2. End-to-End Encryption
        3. Swipe Devices
        4. Classes Overview
    2. Supported Devices
    3. Download SDKs
    4. Download Documentation
  7. ChipDNA Win/Lin EMV SDK
    1. Documentation
  8. QuickClick Shopping Cart
    1. Documentation
      1. Methodology
      2. Variables
      3. Finish Methods
      4. Button Generator Fields
      5. Customization
      6. Example Response
      7. Testing Information
    2. Examples
      1. Hashing - PHP
      2. Hashing - ASP
    3. Button Generator
    4. Download Documentation
  9. Third Party Shopping Carts
    1. Gateway Emulator

Three Step Redirect API

Integration Overview

There are multiple ways to incorporate the payment gateway within a website or mobile device. These options vary based upon ease of integration, required resources, features, and additional security.

Transaction Request APIs

Three-Step Redirect API

  • The Three Step Redirect is the preferred API for customized web-based payment processing. Using this integration method significantly reduces a merchant’s PCI footprint without sacrificing end-user look and feel. This method is required when using Verified by Visa/Mastercard SecureCode (Payer Authentication).

Direct Post API

  • The Direct Post method is the simplest integration method for both web-based and non web-based payment applications, however, merchants using this integration method should have passed a PCI vulnerability scan before use.

Collect.js

  • Collect.js provides access to a popup form which securely captures payment data and generates a “token”. The token is then used with the Direct Post API instead of raw credit card or bank account data. The popup form is technically a seperate page hosted by the gateway, so no payment information touches the merchant’s site. This allows merchants to minimize their PCI-compliance footprint, with minimal changes to the customer experience.

Mobile SDK

  • The Mobile SDK supports iOS and Android based devices. These SDKs include a mobile card reader library which simplifies integrations for applications requiring encrypted mobile card readers. Additionally, an end-to-end encryption library is included, allowing merchants to send both swiped and keyed-in payment information without ever touching any sensitive data.

EMV Chip Card SDK

  • The EMV Chip Card SDK is a Windows-based software development kit that abstracts the complexities of interfacing directly with hardware terminals.

Transaction Retrieval API

Query API

  • The Query API allows merchants to download a detailed stream of transaction data. This dataset can then be used to create in-house reports and analytics.

Turnkey Shopping Carts

QuickClick Shopping Cart

  • QuickClick is a great option for e-commerce merchants who do not have an IT team or developer on staff. A button-generator is included, which allows merchants to create website links to products and services without any previous development experience.

Third Party Shopping Carts

  • There are a number of third party shopping carts that have integrated to the payment gateway. This is the best option for merchants who need a full featured turn-key shopping cart out of the box.

Documentation

Methodology

Methodology
Three-Step

Method Overview

  • Step One:
    Submit all transaction details to the Payment Gateway except the customer’s sensitive payment information. The Payment Gateway will return a variable form-url.

  • Step Two:
    Create an HTML form that collects the customer’s sensitive payment information and use the form-url that the Payment Gateway returns as the submit action in that form.

  • Step Three:
    Once the customer has been redirected, obtain the token-id and complete the transaction through an HTTPS POST including the token-id which abstracts the sensitive payment information that was collected directly by the Payment Gateway.

Detailed Explanation

To start step one, your payment application will submit a behind-the-scenes HTTPS direct POST that includes transaction variables, including an additional variable redirect-url, which is a URL that must exist on your web server that handles a future browser redirect. Sensitive payment information such as cc-number, cc-exp, and cvv cannot be submitted during step one. The Payment Gateway will generate and return the form-url variable containing a unique URL to be used in Step 2.

Next, during step two, you must develop an HTML form that collects at least the customer’s sensitive payment information such as cc-number, cc-exp, and cvv. You must use the form-url obtained in step one as the action in the HTML of your payment form. When the customer submits the form, the customer’s browser will transparently POST the contents of the payment form directly to the Payment Gateway. This methodology keeps your web server and payment application from seeing or transmitting any credit card data or other sensitive data. Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will be instructed to return to the redirect-url on your web server. Furthermore, the Payment Gateway will generate and append a unique variable named token-id to the redirect-url in the GET query string. This token-id is an abstraction of the customer’s sensitive payment information that the Payment Gateway collected. Your redirect-url script must parse the token-id for use in step three.

To complete the transaction, you will submit another behind-the-scenes HTTPS direct POST including only the token-id and api-key. This token-id is used to “tie” together the initial customer information with the sensitive payment information that the payment gateway collected directly.

Transaction Operations

Step 1

Step One
Three-Step: Transactions

Sale/Auth/Credit/Validate/Offline XML Request

XML Element Description
<sale|auth|credit|validate|offline> Type of transaction to perform.
api-key* api-key is obtained in the security keys section of the control panel settings.
redirect-url* A URL on your web server that the gateway will redirect your customer to after sensitive data collection.
amount* Total amount to be charged (For “validate” actions, amount must be 0.00 or omitted).
surcharge-amount Surcharge amount.
Format: x.xx
authorization-code** Specify authorization code. For use with “offline” action only.
ip-address Cardholder’s IP address.
Format: xxx.xxx.xxx.xxx
industry Specify industry classification of transaction.
Values: ‘ecommerce’, ‘moto’, or ‘retail’
billing-method Set additional billing indicators.
Values: ‘recurring’ or ‘installment’
billing-number Specify installment billing number, on supported processors. For use when “billing-method” is set to installment.
Values: 0-99
billing-total Specify installment billing total on supported processors. For use when “billing-method” is set to installment.
processor-id If using multiple processors, route to specified processor. Obtained under Settings->Transaction Routing in the merchant control panel.
sec-code ACH standard entry class codes.
Values: ‘PPD’, ‘WEB’, ‘TEL’, ‘CCD’, ‘POP’, or ‘ARC’
descriptor Set payment descriptor on supported processors.
descriptor-phone Set payment descriptor phone on supported processors.
descriptor-address Set payment descriptor address on supported processors.
descriptor-city Set payment descriptor city on supported processors.
descriptor-state Set payment descriptor state on supported processors.
descriptor-postal Set payment descriptor postal code on supported processors.
descriptor-country Set payment descriptor country on supported processors.
descriptor-mcc Set payment descriptor mcc on supported processors.
descriptor-merchant-id Set payment descriptor merchant id on supported processors.
descriptor-url Set payment descriptor url on supported processors.
currency Set transaction currency.
Format: ISO 4217
order-description Order description.
customer-id Customer identification.
customer-vault-id Load customer details from an existing customer vault record. If set, no payment information is required during step two.
merchant-receipt-email Send merchant receipt to email
customer-receipt Send receipt if billing email included.
Values: ‘true’ or ‘false’
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
tracking-number Shipping tracking number.
shipping-carrier Shipping carrier.
Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’
order-id*** Order id.
signature-image Cardholder signature image. For use with “sale” and “auth” actions only.
Format: base64 encoded raw PNG image. (16kiB maximum)
po-number*** Cardholder’s purchase order number.
tax-amount*** The sales tax included in the transaction amount associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exempt from sales tax.
Default: ‘0.00’
Format: x.xx
shipping-amount*** Total shipping amount.
ship-from-postal**** Postal/ZIP code of the address from where purchased goods are being shipped. Defaults to merchant profile postal code.
summary-commodity-code**** A code representing the type of commodity being purchased. The acquirer or processor will provide a list of current codes.
duty-amount Amount included in the transaction amount associated with the import of the purchased goods.
Default: ‘0.00’
discount-amount Amount included in the transaction amount of any discount applied to the complete order by the merchant.
Default: ‘0.00’
national-tax-amount The national tax amount included in the transaction amount.
Default: ‘0.00’
alternate-tax-amount Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases.
Default: ‘0.00’
alternate-tax-id Tax identification number of the merchant that reported the alternate tax amount.
vat-tax-amount Contains the amount of any value added taxes which can be associated with the purchased item.
Default: ‘0.00’
vat-tax-rate Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, ie 1% = 1.00.
Default: ‘0.00’
vat-invoice-reference-number Invoice number that is associated with the VAT invoice.
customer-vat-registration Value added tax registration number supplied by the cardholder.
merchant-vat-registration Government assigned tax identification number of the merchant from whom the goods or services were purchased.
order-date Purchase order date. Defaults to the date of the transaction.
Format: YYMMDD
skip-3ds Skip over 3DS authentication process for this specific transaction.
Values: “true” or “false”
cardholder-auth Set 3D Secure condition.
Values: ‘verified’ or ‘attempted’
eci E-commerce indicator.
Values: ‘0’, ‘1’, ‘2’, ‘5’, ‘6’, or ‘7’
cavv Cardholder authentication verification value.
Format: base64 encoded
xid Cardholder authentication transaction id.
Format: base64 encoded
three-ds-version 3DSecure version.
Examples: “1.0.2” or “2.0”
directory-server-id Directory Server Transaction ID. May be provided as part of 3DSecure 2.0 authentication.
Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
initiated-by Who initiated the transaction.
Values: ‘customer’ or ‘merchant’
initial-transaction-id Original payment gateway transaction id.
stored-credential-indicator The indicator of the stored credential.
Values: ‘stored’ or ‘used’
Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system.
Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method.
dup-seconds Override duplicate transaction detection time in seconds.
avs-reject The transaction is rejected if the address verification result is a code in this list. Values are letters obtained under Settings->Address Verification in the control panel.
Format: x|x|x|x…
cvv-reject The transaction is rejected if the card ID verification result is a code in this list. Values are letters obtained under Settings->Card ID Verification in the control panel.
Format: x|x|x|x…
<billing> The customer’s billing information
billing-id Specify billing id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
account-type§ The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type§ The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
</billing>
<shipping> The customer’s shipping information.
shipping-id Specify shipping id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done.
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping billing address.
city Shipping city.
state Shipping state/province.
Format: CC
postal**** Shipping postal code.
country**** Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
</shipping>
<product> Product line item detail. Multiple product elements are allowed.
product-code****¶ Merchant defined description code of the item being purchased.
description**** Description of the item(s) being supplied.
commodity-code**** International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes.
unit-of-measure**** Code for units of measurement as used in international trade.
Default: ‘EACH’
unit-cost**** Unit cost of item purchased. May contain up to 4 decimal places.
quantity**** Quantity of the item(s) being purchased.
Default: ‘1’
total-amount**** Purchase amount associated with the item. Default to ‘unit-cost’ x ‘quantity’ rounded to the nearest penny.
tax-amount**** Amount of tax on specific item. Amount should not be included in item-total-amount.
Default: ‘0.00’
tax-rate**** Percentage representing the value-added tax applied. 1% = 1.00.
Default: ‘0.00’
discount-amount Discount amount which can have been applied by the merchant on the sale of the specific item. Amount should not be included in ‘item-total-amount’.
discount-rate Discount rate for the line item. 1% = 1.00.
Default: ‘0.00’
tax-type Type of value-added taxes that are being used.
alternate-tax-id Tax identification number of the merchant that reported the alternate tax amount.
</product>
<add-subscription> Perform a simultaneous ‘hybrid’ recurring action while processing a transaction.
start-date The first day that the customer will be charged. Format: YYYYMMDD
<plan>
plan-id The unique plan ID that references only this recurring plan.
payments The number of payments before the recurring plan is complete.
Note: Use ‘0’ for ‘until canceled’
amount The plan amount to be charged each billing cycle.
Format: x.xx
day-frequency How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’.
month-frequency How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’.
Values: 1 through 24
day-of-month The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’.
Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day
</plan>
</add-subscription>
<add-customer|update-customer> Perform a simultaneous ‘hybrid’ customer vault action while processing a transaction. This tag can be blank if submitting an ‘add-customer’ without specifying a ‘customer-vault-id’.
customer-vault-id Specify customer vault id. If omitted, will be auto-generated and returned in response. Required for ‘update-customer’.
</add-customer|update-customer>
partial-payments†† Specify whether a partial amount or full amount of the transaction should be settled.
Format: ‘settle_partial’ or ‘payment_in_full’
partial-payment-id†† Specify a partial payment ID. Required to collect an additional amount associated with an existing Partial Payment Transaction. Do not use on initial transaction.
</sale|auth|credit|validate|offline>
* Always required
** Required for offline transactions
*** Required for Level 2 and Level 3 transactions
**** Required for Level 3 transactions
Required for 3D-Secure transactions
Required for Override transactions
†† Required for Partial Payment Transactions
§ Required for ACH transactions
Required for Line Item Reporting

Sale/Auth/Credit/Validate/Offline XML Response

XML Element Description
<response>
result 1=Approved
2=Declined
3=Error in transaction data or system error
result-text Textual response.
transaction-id Payment Gateway transaction id.
result-code Numeric mapping of processor responses (See Appendix 3).
form-url URL used as the action of the HTML form in step two.
</response>

Step 2

Step Two
Three-Step: Transactions

HTML Form Fields Request

HTML Form Fields Description
billing-cc-number* Credit card number.
billing-cc-exp* Credit card expiration.
Format: MMYY
billing-cvv Card security code.
billing-account-name** The name on the customer’s ACH Account.
billing-account-number** The customer’s bank account number.
billing-routing-number** The customer’s bank routing number.
billing-account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
billing-entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
billing-micr Physical check’s Magnetic ink strip, on supported check processors. For use with ‘POP’ or ‘ARC’ sec-code.
billing-track-1*** Raw magnetic stripe data, track 1.
billing-track-2*** Raw magnetic stripe data, track 2.
billing-track-3*** Raw magnetic stripe data, track 3.
billing-magnesafe-track-1*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-track-2*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-track-3*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-ksn*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-magneprint*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-magneprint-status*** Raw MagTek Magensa encrypted reader data.
billing-social-security-number**** Customer’s social security number, checked against bad check writers database if check verification is enabled.
billing-drivers-license-number**** Driver’s license number, checked against bad check writers’ database if check verification is enabled.
billing-drivers-license-dob**** Driver’s license date of birth.
billing-drivers-license-state**** Customer’s driver’s license state.
Format: CC
billing-first-name Cardholder’s first name. Overwrites value if passed during step one.
billing-last-name Cardholder’s last name. Overwrites value if passed during step one..
billing-address1 Cardholder’s billing address. Overwrites value if passed during step one.
billing-city Card billing city. Overwrites value if passed during step one.
billing-state Card billing state/province. Overwrites value if passed during step one.
Format: CC
billing-postal Card billing postal code. Overwrites value if passed during step one.
billing-country Card billing country code. Overwrites value if passed during step one.
Format: CC/ISO 3166
billing-phone Billing phone number. Overwrites value if passed during step one.
billing-email Billing email address. Overwrites value if passed during step one.
billing-company Cardholder’s company. Overwrites value if passed during step one.
billing-address2 Card billing address, line 2. Overwrites value if passed during step one.
billing-fax Billing fax number. Overwrites value if passed during step one.
shipping-first-name Shipping first name. Overwrites value if passed during step one.
shipping-last-name Shipping last name. Overwrites value if passed during step one.
shipping-address1 Shipping billing address. Overwrites value if passed during step one.
shipping-city Shipping city. Overwrites value if passed during step one.
shipping-state Shipping state/province. Overwrites value if passed during step one.
shipping-postal Shipping postal code. Overwrites value if passed during step one.
shipping-country Shipping country code. Overwrites value if passed during step one.
shipping-phone Shipping phone number. Overwrites value if passed during step one.
shipping-email Shipping email address. Overwrites value if passed during step one.
shipping-company Shipping company. Overwrites value if passed during step one.
shipping-address2 Shipping address, line 2. Overwrites value if passed during step one.
shipping-fax Shipping fax number. Overwrites value if passed during step one.
* Required for keyed credit card transactions.
** Required for ACH transactions.
*** Used for retail transactions. Variables used dependent on swipe device.
**** Required for check verification.
Required for check scanning.

HTML Form Fields Response

Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will immediately be redirected back to the redirect-url on your web server. A variable named token-id will be appended to the redirect-url in the GET query string as described below:

https://redirect-url/?token-id=[token]

Step 3

Step Three
Three-Step: Transactions

Complete Transaction XML Request

XML Element Description
<complete-action>
api-key* api-key is obtained in the security keys section of the control panel settings.
token-id* Customer payment token returned during step two.
</complete-action>
* Required

Complete Transaction XML Response

XML Element Description
<response>
result 1=Transaction Approved
2=Transaction Declined
3=Error in transaction data or system error
result-text Textual response.
transaction-id Payment Gateway transaction ID
result-code Numeric mapping of processor responses. (See Appendix 3)
authorization-code Transaction authorization code.
avs-result AVS response code. (See Appendix 1)
cvv-result CVV response code. (See Appendix 2)
action-type Action type that was initially specified.
Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’
amount Total amount charged.
Format: x.xx
amount-authorized Returns the amount authorized.
Format: x.xx
ip-address Cardholder’s IP address.
Format: xxx.xxx.xxx.xxx
industry Industry classification of transaction.
Values: ‘ecommerce’, ‘moto’, or ‘retail’
billing-method Billing indicators used.
Values: ‘recurring’ or ‘installment’
processor-id Processor transaction was made through.
sec-code ACH standard entry class codes.
Values: ‘PPD’, ‘WEB’, ‘TEL’, ‘CCD’, ‘POP’, or \ARC’
descriptor Payment descriptor.
descriptor-phone Payment descriptor phone.
descriptor-address Set payment descriptor address on supported processors.
descriptor-city Set payment descriptor city on supported processors.
descriptor-state Set payment descriptor state on supported processors.
descriptor-postal Set payment descriptor postal code on supported processors.
descriptor-country Set payment descriptor country on supported processors.
descriptor-mcc Set payment descriptor mcc on supported processors.
descriptor-merchant-id Set payment descriptor merchant id on supported processors.
descriptor-url Set payment descriptor url on supported processors.
currency Transaction currency used. (Table 1.b)
order-description Order description.
customer-id Customer identification.
customer-vault-id Customer vault id used or created during action.
merchant-receipt-email Merchant receipt email.
customer-receipt Customer email receipt sent.
Values: ‘true’ or ‘false’
partial-payment-balance Returns the payment’s remaining balance.
partial-payment-id Numeric identifier used to submit subsequent partial payment transactions.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
tracking-number Shipping tracking number.
shipping-carrier Shipping carrier.
Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’
order-id Order id.
po-number Cardholder’s purchase order number.
tax-amount The sales tax included in the transaction amount associated with the purchase.
Format: x.xx
shipping-amount Total shipping amount.
Format: x.xx
ship-from-postal Postal/ZIP code of the address from where purchased goods are being shipped.
summary-commodity-code A code representing the type of commodity being purchased. The acquirer or processor will provide a list of current codes.
duty-amount Amount included in the transaction amount associated with the import of the purchased goods.
Format: x.xx
discount-amount Amount included in the transaction amount of any discount applied to the complete order by the merchant.
Format: x.xx
national-tax-amount The national tax amount included in the transaction amount.
Format: x.xx
alternate-tax-amount Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases.
Default: ‘0.00’
Format: x.xx
alternate-tax-id Tax identification number of the merchant that reported the alternate tax amount.
vat-tax-amount Contains the amount of any value added taxes which can be associated with the purchased item.
Format: x.xx
vat-tax-rate Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, ie 1% = 1.00.
Format: x.xx
vat-invoice-reference-number Invoice number that is associated with the VAT invoice.
customer-vat-registration Value added tax registration number supplied by the cardholder.
merchant-vat-registration Government assigned tax identification number of the merchant from whom the goods or services were purchased.
order-date Purchase order date.
Format: YYMMDD
cardholder-auth 3D Secure condition.
Values: ‘verified’ or ‘attempted’
eci E-commerce indicator.
Values: ‘0’, ‘1’, ‘2’, ‘5’,
‘6’, or ‘7’
cavv Cardholder authentication verification value.
Format: base64 encoded
xid Cardholder authentication transaction id.
Format: base64 encoded
three-ds-version 3DSecure version.
Examples: “1.0.2” or “2.0”
directory-server-id Directory Server Transaction ID. May be provided as part of 3DSecure 2.0 authentication.
Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
dup-seconds Override duplicate transaction detection checking in seconds.
avs-reject Values are letters obtained under Settings->Address Verification in the control panel.
cvv-reject Values are letters obtained under Settings->Card ID Verification in the control panel.
<billing> The customer’s billing information
billing-id Billing id used or created for this action.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
social-security-number Customer’s social security number
drivers-license-number Driver’s license number.
drivers-license-dob Driver’s license date of birth.
drivers-license-state Customer’s driver’s license state.
Format: CC
cc-number Masked credit card number.
Format: XXXXXX********XXXX
cc-exp Credit card expiration
Format: MMYY
account-name The name on the customer’s bank account.
account-number Masked bank account number.
Format: X****XXXX
routing-number Masked bank routing number.
Format: X****XXXX
account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
priority Billing id priority.
Format: Numeric, 1-255
</billing>
<shipping> The customer’s shipping information.
shipping-id Shipping id used or created for this action. Recommended when using customer vault hybrid action; will be ignored if no hybrid add/update-customer is done.
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping billing address.
city Shipping city.
state Shipping state/province.
Format: CC
postal Shipping postal code.
country Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
priority Shipping id priority.
Format: Numeric, 1-255
</shipping>
<product> Product line item detail. Multiple product elements are allowed.
product-code Merchant defined description code of the item being purchased.
description Description of the item(s) being supplied.
commodity-code International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes.
unit-of-measure Code for unites of measurement as used in international trade.
unit-cost Unit cost of item purchased. May contain up to 4 decimal places.
quantity Quantity of the item(s) being purchased.
total-amount Purchase amount associated with the item.
Format: x.xx
tax-amount Amount of tax on specific item. Amount should not be included in item-total-amount.
Format: x.xx
tax-rate Percentage representing the value-added tax applied. 1% = 1.00.
Format: x.xx
discount-amount Discount amount which can have been applied by the merchant on the sale of the specific item.
Format: x.xx
discount-rate Discount rate for the line item. 1% = 1.00
Format: x.xx
tax-type Type of value-added taxes that are being used.
alternate-tax-id Tax identification number of the merchant that reported the alternate tax amount.
</product>
</response>

Additional Operations

Additional Operations
Three-Step: Transactions

Capture XML Request

Element Description
<capture>
api-key* api-key is obtained in the security keys section of the control panel settings.
transaction-id* Original Payment Gateway transaction id.
amount Total amount to be settled, this amount may be equal to or less than the authorized amount.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
tracking-number Shipping tracking number.
shipping-carrier Shipping carrier used.
Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’
order-id Order ID.
signature-image Cardholder signature image.
Format: base64 encoded raw PNG image. (16kiB maximum)
</capture>
* Required

Void XML Request

Element Description
<void>
api-key* api-key is obtained in the security keys section of the control panel settings.
transaction-id* Original Payment Gateway transaction id.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
</void>
* Required

Refund XML Request

Element Description
<refund>
api-key* api-key is obtained in the security keys section of the control panel settings.
transaction-id* Original Payment Gateway transaction id.
amount Total amount to be refunded. This amount may be equal to or less than the settled amount. Setting the amount to 0.00 will refund the entire amount.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
</refund>
* Required

Update XML Request

Element Description
<update>
api-key* api-key is obtained in the security keys section of the control panel settings.
transaction-id* Original Payment Gateway transaction id.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
tracking-number Shipping tracking number.
shipping-carrier Shipping carrier used.
Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’
order-id Order ID.
signature-image Cardholder signature image.
Format: base64 encoded raw PNG image. (16kiB maximum)
</update>
* Required

Complete Partial Payment XML Request

Element Description
<complete-partial-payment>
api-key* api-key is obtained in the security keys section of the control panel settings.
partial-payment-id* Specify a partial payment ID. Required to collect an additional amount associated with an existing Partial Payment Transaction. Do not use on initial transaction.
</complete-partial-payment>
* Required

Recurring Operations

Step 1

Step One
Three-Step: Recurring

Add Subscription to an Existing Plan

Element Description
<add-subscription> Associate payment information with a recurring plan.
api-key* api-key is obtained in the Security Keys section of the Control Panel Settings.
redirect-url* A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required when sensitive data is not presented.
Example: Adding a Subscription using a Customer Vault ID.
customer-vault-id Load customer details from an existing customer vault record. If set, no payment information is required during step two.
start-date The first day that the customer will be charged.
Format: YYYYMMDD
order-id Order id.
po-number Cardholder’s purchase order number.
order-description Order description.
currency Set transaction currency.
Format: ISO 4217
tax-amount The sales tax included in the transaction amount associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exampt from sales tax.
Default: 0.00′
Format: x.xx
shipping-amount Total shipping amount.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
source-transaction-id Specifies a payment gateway transaction id in order to associate payment information with a Subscription record.
<plan>
plan-id* The unique plan ID that references only this recurring plan.
</plan>
<billing> The customer’s billing information
billing-id Specify billing id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
account-type** The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type** The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
</billing>
<shipping> The customer’s shipping information.
shipping-id Specify shipping id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done.
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping address.
city Shipping city.
state Shipping state/province.
Format: CC
postal Shipping postal code.
country Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
</shipping>
</add-subscription>
* Always required
** Required for ACH transactions

Add Subscription to a Custom Plan

Element Description
<add-subscription> Associate payment information with a recurring plan.
api-key* api-key is obtained in the Security Keys section of the Control Panel Settings.
redirect-url* A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required when sensitive data is not presented.
Example: Adding a Subscription using a Customer Vault ID.
customer-vault-id Load customer details from an existing customer vault record. If set, no payment information is required during step two.
start-date The first day that the customer will be charged.
Format: YYYYMMDD
order-id Order id.
po-number Cardholder’s purchase order number.
order-description Order description.
currency Set transaction currency.
Format: ISO 4217
tax-amount The sales tax included in the transaction amount associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exampt from sales tax.
Default: ‘0.00’
Format: x.xx
shipping-amount Total shipping amount.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
source-transaction-id Specifies a payment gateway transaction id in order to associate payment information with a Subscription record.
<plan>
payments* The number of payments before the recurring plan is complete.
Notes: ‘0’ for until canceled
amount* The plan amount to be charged each billing cycle.
Format: x.xx
day-frequency*** How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’.
month-frequency**** How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’.
Values: 1 through 24
day-of-month**** The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’.
Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day
</plan>
<billing> The customer’s biling information
billing-id Specify billing id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
account-type** The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type** The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
</billing>
<shipping> The customer’s shipping information.
shipping-id Specify shipping id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done.
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping address.
city Shipping city.
state Shipping state/province.
Format: CC
postal Shipping postal code.
country Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
</shipping>
</add-subscription>
* Always required
** Required for ACH transactions
*** Required unless ‘month-frequency’ and ‘day-of-month’ is set.
**** Required unless ‘day-frequency’ is set.

Update Subscription Information

Element Description
<update-subscription> Update Customer’s information for a subscription.
api-key* api-key is obtained in the Security Keys section of the Control Panel Settings.
redirect-url* A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required when sensitive data is not presented.
Example: Updating a Subscription using a Customer Vault ID.
subscription-id* The subscription that will be updated.
order-id Order id.
po-number Cardholder’s purchase order number.
order-description Order description.
currency Set transaction currency.
Format: ISO 4217
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
<billing> The customer’s billing information
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
account-type** The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type** The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
</billing>
<shipping> The customer’s shipping information.
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping address.
city Shipping city.
state Shipping state/province.
Format: CC
postal Shipping postal code.
country Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
</shipping>
</update-subscription>
* Always Required.
** Required for ACH subscriptions.

Step 2

Step Two
Three-Step: Recurring

HTML Form Fields Request

HTML Form Fields Description
billing-cc-number* Credit card number.
billing-cc-exp* Credit card expiration.
Format: MMYY
billing-cvv Card security code.
billing-account-name** The name on the customer’s ACH Account.
billing-account-number** The customer’s bank account number.
billing-routing-number** The customer’s bank routing number.
billing-account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
billing-entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
billing-micr Physical check’s Magnetic ink strip, on supported check processors. For use with ‘POP’ or ‘ARC’ sec-code.
billing-track-1*** Raw magnetic stripe data, track 1.
billing-track-2*** Raw magnetic stripe data, track 2.
billing-track-3*** Raw magnetic stripe data, track 3.
billing-magnesafe-track-1*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-track-2*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-track-3*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-ksn*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-magneprint-status*** Raw MagTek Magensa encrypted reader data.
billing-social-security-number**** Customer’s social security number, checked against bad check writers database if check verification is enabled.
billing-drivers-license-number**** Drivers license number, checked against bad check writers database if check verification is enabled.
billing-drivers-license-dob**** Drivers license date of birth.
billing-drivers-license-state**** Customer’s drivers license state.
Format: CC
billing-first-name Cardholder’s first name. Overwrites value if passed during step one.
billing-last-name Cardholder’s last name. Overwrites value if passed during step one.
billing-address1 Cardholder’s billing address. Overwrites value if passed during step one.
billing-city Card billing city. Overwrites value if passed during step one.
billing-state Card billing state/province. Overwrites value if passed during step one.
Format: CC
billing-postal Card billing postal code. Overwrites value if passed during step one.
billing-country Card billing country code. Overwrites value if passed during step one.
Format: CC/ISO 3166
billing-phone Billing phone number. Overwrites value if passed during step one.
billing-email Billing email address. Overwrites value if passed during step one.
billing-company Cardholder’s company. Overwrites value if passed during step one.
billing-address2 Card billing address, line 2. Overwrites value if passed during step one.
billing-fax Billing fax number. Overwrites value if passed during step one.
shipping-first-name Shipping first name. Overwrites value if passed during step one.
shipping-last-name Shipping last name. Overwrites value if passed during step one.
shipping-address1 Shipping address. Overwrites value if passed during step one.
shipping-city Shipping city. Overwrites value if passed during step one.
shipping-state Shipping state/province. Overwrites value if passed during step one.
shipping-postal Shipping postal code. Overwrites value if passed during step one.
shipping-country Shipping country code. Overwrites value if passed during step one.
shipping-phone Shipping phone number. Overwrites value if passed during step one.
shipping-email Shipping email address. Overwrites value if passed during step one.
shipping-company Shipping company. Overwrites value if passed during step one.
shipping-address2 Shipping address, line 2. Overwrites value if passed during step one.
shipping-fax Shipping fax number. Overwrites value if passed during step one.
* Required for keyed credit card transactions.
** Required for ACH transactions.
*** Used for retail transactions. Variables used dependant on swipe device.
**** Required for check verification.
Required for check scanning.

HTML Form Fields Response

Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will immediately be redirected back to the redirect-url on your web server. A variable named token-id will be appended to the redirect-url in the GET query string as described below:

https://redirect-url/?token-id=[token]

Step 3

Step Three
Three-Step: Recurring

Complete Action XML Request

XML Element Description
<complete-action>
api-key* api-key is obtained in the security keys section of the control panel settings.
token-id* Customer payment token returned during step two.
</complete-action>
* Required

Complete Action XML Response

XML Element Description
response
result 1=Transaction Approved
2=Transction Declined
3=Error in transaction data or system error
result-text Textual response.
result-code Numeric mapping of processor responses. (See Appendix 3)
action-type Action type that was initially specified.
Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’
subscription-id Subscription ID used or created during action.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
<plan>
payments The number of payments before the recurring plan is complete.
Notes: ‘0’ for until canceled
amount The plan amount to be charged each billing cycle.
Format: x.xx
name The display name of the plan.
plan-id The plan ID that is associated with this subscription.
day-frequency How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’.
month-frequency How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’.
Values: 1 through 24
day-of-month The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’.
Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day
</plan>
<billing> The customer’s billing information.
billing-id Billing id used or created for this action.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
social-security-number Customer’s social security number
drivers-license-number Drivers license number.
drivers-license-dob Drivers license date of birth.
drivers-license-state Customer’s drivers license state.
Format: CC
cc-number Masked credit card number.
Format: XXXXXX********XXXX
cc-exp Credit card expiration.
Format: MMYY
account-name The name on the customer’s bank account.
account-number Masked bank account number.
Format: X****XXXX
routing-number Masked bank routing number.
Format: X****XXXX
account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
priority Billing id priority.
Format: Numeric, 1-255
</billing>
<shipping> The customer’s shipping information.
shipping-id Shipping id used or created during action.
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping address.
city Shipping city.
state Shipping state/province.
Format: CC
postal Shipping postal code.
country Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
priority Shipping id priority.
Format: Numeric, 1-255
</shipping>
</response>

Additional Operations

Additional Operations
Three-Step: Recurring

Add Plan XML Request

Element Description
<add-plan> Add a recurring plan that subscriptions can be added to in the future.
api-key* api-key is obtained in the Security Keys section of the Control Panel Settings.
<plan>
payments* The number of payments before the recurring plan is complete.
Notes: ‘0’ for until canceled
amount* The plan amount to be charged each billing cycle.
Format: x.xx
name* The display name of the plan.
plan-id* The unique plan ID that references only this recurring plan.
day-frequency** How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’.
month-frequency*** How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’.
Values: 1 through 24
day-of-month*** The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’.
Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day
</plan>
</add-plan>
* Always required
** Required unless ‘month-frequency’ and ‘day-of-month’ is set.
*** Required unless ‘day-frequency’ is set.

Delete a Subscription

Element Description
<delete-subscription> Delete the subscription. Customer will no longer be charged.
api-key* api-key is obtained in the Security Keys section of the Control Panel Settings.
subscription-id* The subscription ID that will be deleted.
</delete-subscription>
* Always required

Customer Vault Operations

Step 1

Step One
Three-Step: Customer Vault

Add/Update Customer XML Request

XML Element Description
<add-customer|update-customer> Type of transaction to perform.
api-key* api-key is obtained in the security keys section of the control panel settings.
redirect-url* A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required for ‘update-customer’ requests when sensitive data is not being presented.
Example: Updating an address or zip code only.
customer-vault-id Load customer details from an existing customer vault record. If set, no payment information is required during step two.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
source-transaction-id Specifies a payment gateway transaction id in order to associate payment information with a Customer Vault record.
<billing> The customer’s billing information
billing-id Specify billing id. Required for ‘update-customer’ if multiple billing-ids exist, optional for ‘add-billing’.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
priority Specify priority (If omitted, will be auto-generated and returned in response).
Format: Numeric, 1-255
</billing>
<shipping> The customer’s shipping information.
shipping-id Specify shipping id (Required for update-customer if multiple shipping-ids exist. Optional for add-billing).
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping billing address.
city Shipping city.
state Shipping state/province.
Format: CC
postal Shipping postal code.
country Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
priority Specify priority, if omitted, will be auto-generated and returned in response.
Format: Numeric, 1-255
</shipping>
</add-customer|update-customer>
* Required

XML Response

XML Element Description
<response>
result 1=Approved
2=Declined
3=Error in transaction data or system error
result-text Textual response.
result-code Numeric mapping of processor responses. (See Appendix 3)
form-url URL used as the action of the HTML form in step two.
</response>

Step 2

Step Two
Three-Step: Customer Vault

HTML Form Fields Request

HTML Form Fields Description
billing-cc-number* Credit card number.
billing-cc-exp* Credit card expiration.
Format: MMYY
billing-cvv Card security code.
billing-account-name** The name on the customer’s ACH Account.
billing-account-number** The customer’s bank account number.
billing-routing-number** The customer’s bank routing number.
billing-account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
billing-entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
billing-micr Physical check’s Magnetic ink strip, on supported check processors. For use with ‘POP’ or ‘ARC’ sec-code.
billing-track-1*** Raw magnetic stripe data, track 1.
billing-track-2*** Raw magnetic stripe data, track 2.
billing-track-3*** Raw magnetic stripe data, track 3.
billing-magnesafe-track-1*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-track-2*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-track-3*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-ksn*** Raw MagTek Magensa encrypted reader data.
billing-magnesafe-magneprint-status*** Raw MagTek Magensa encrypted reader data.
billing-social-security-number**** Customer’s social security number (Checked against bad check writers database if check verification is enabled).
billing-drivers-license-number**** Driver’s license number (Checked against bad check writers database if check verification is enabled).
billing-drivers-license-dob**** Driver’s license date of birth.
billing-drivers-license-state**** Customer’s driver’s license state.
Format: CC
billing-first-name Cardholder’s first name, overwrites value if passed during step one.
billing-last-name Cardholder’s last name, overwrites value if passed during step one.
billing-address1 Cardholder’s billing address, overwrites value if passed during step one.
billing-city Card billing city, overwrites value if passed during step one.
billing-state Card billing state/province, overwrites value if passed during step one.
Format: CC
billing-postal Card billing postal code, overwrites value if passed during step one.
billing-country Card billing country code, overwrites value if passed during step one.
Format: CC/ISO 3166
billing-phone Billing phone number, overwrites value if passed during step one.
billing-email Billing email address, overwrites value if passed during step one.
billing-company Cardholder’s company, overwrites value if passed during step one.
billing-address2 Card billing address, line 2, overwrites value if passed during step one.
billing-fax Billing fax number, overwrites value if passed during step one.
shipping-first-name Shipping first name, overwrites value if passed during step one.
shipping-last-name Shipping last name, overwrites value if passed during step one.
shipping-address1 Shipping billing address, overwrites value if passed during step one.
shipping-city Shipping city, overwrites value if passed during step one.
shipping-state Shipping state/province, overwrites value if passed during step one.
Format: CC
shipping-postal Shipping postal code, overwrites value if passed during step one.
shipping-country Shipping country code, overwrites value if passed during step one.
Format: CC/ISO 3166
shipping-phone Shipping phone number, overwrites value if passed during step one.
shipping-email Shipping email address, overwrites value if passed during step one.
shipping-company Shipping company, overwrites value if passed during step one.
shipping-address2 Shipping address, line 2, overwrites value if passed during step one.
shipping-fax Shipping fax number, overwrites value if passed during step one.
* Required for keyed credit card transactions.
** Required for ACH transactions.
*** Used for retail transactions. Variables used dependent on swipe device.
**** Required for check verification.
Required for check scanning.

HTML Form Fields Response

Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will immediately be redirected back to the redirect-url on your web server. A variable named token-id will be appended to the redirect-url in the GET query string as described below:

https://redirect-url/?token-id=[token]

Step 3

Step Three
Three-Step: Customer Vault

Complete Action XML Request

XML Element Description
<complete-action>
api-key* api-key is obtained in the security keys section of the control panel settings.
token-id* Customer payment token returned during step two.
</complete-action>
* Required

Complete Action XML Response

XML Element Description
<response>
result 1=Transaction Approved
2=Transaction Declined
3=Error in transaction data or system error
result-text Textual response.
result-code Numeric mapping of processor responses. (See Appendix 3)
action-type Action type that was initially specified.
Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’
customer-vault-id Customer vault id used or created during action.
merchant-defined-field-# Merchant specified custom fields.
Format: <merchant-defined-field-1>Value</merchant-defined-field-1>
<billing> The customer’s billing information.
billing-id Billing id used or created for this action.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
social-security-number Customer’s social security number
drivers-license-number Driver’s license number.
drivers-license-dob Driver’s license date of birth.
drivers-license-state Customer’s driver’s license state.
Format: CC
cc-number Masked credit card number.
Format: XXXXXX********XXXX
cc-exp Credit card expiration.
Format: MMYY
account-name The name on the customer’s bank account.
account-number Masked bank account number.
Format: X****XXXX
routing-number Masked bank routing number.
Format: X****XXXX
account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
priority Billing id priority.
Format: Numeric, 1-255
</billing>
<shipping> The customer’s shipping information.
shipping-id Shipping id used or created during action.
first-name Shipping first name.
last-name Shipping last name.
address1 Shipping billing address.
city Shipping city.
state Shipping state/province.
Format: CC
postal Shipping postal code.
country Shipping country code.
Format: CC/ISO 3166
phone Shipping phone number.
email Shipping email address.
company Shipping company.
address2 Shipping address, line 2.
fax Shipping fax number.
priority Shipping id priority.
Format: Numeric, 1-255
</shipping>
</response>

Additional Operations

Additional Operations
Three-Step: Customer Vault

Add/Update Billing Request (Step 1)

XML Element Description
<add-billing|update-billing> Type of transaction to perform.
api-key* api-key is obtained in the security keys section of the control panel settings.
redirect-url* A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required for ‘update-billing’ requests when sensitive data is not presented.
Example: Updating an address or zip code only.
customer-vault-id* Load customer details from an existing customer vault record. If set, no payment information is required during step two.
<billing> The customer’s billing information
billing-id Specify billing id. Required for update-customer if multiple billing ids exist, optional for add-billing.
first-name Cardholder’s first name.
last-name Cardholder’s last name.
address1 Cardholder’s billing address.
city Card billing city.
state Card billing state/province.
Format: CC
postal Card billing postal code.
country Card billing country code.
Format: CC/ISO 3166
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
account-type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
entity-type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
priority Specify priority (If omitted, will be auto-generated and returned in response.)
Format: Numeric, 1-255
</billing>
</add-billing|update-billing>
* Required

Customer Vault initiated Sale/Auth/Credit/Validate/Offline XML Request

Element Description
<sale|auth|credit|validate|offline> Any and all optional fields described here can be appended to this request.
api-key* api-key is obtained in the security keys section of the control panel settings.
amount* Total amount to be charged (For “validate” actions, amount must be 0.00 or omitted).
Format: x.xx
surcharge-amount Surcharge amount.
Format: x.xx
authorization-code Specify authorization code. For use with “offline” action only.
processor-id If using multiple MIDs, route to this processor. The values for ‘processor-id’ are obtained under ‘Settings’->’Transaction Routing’ in the Control Panel.
customer-vault-id* Load Customer details from an existing Customer Vault record.
signature-image Cardholder signature image. For use with “sale” and “auth” actions only.
Format: base64 encoded raw PNG image. (16kiB maximum)
<billing> The customer’s billing information.
billing-id Load Billing ID details from an existing Billing record. If not set, the billing-id with the highest priority will be used by default.
</billing>
<shipping> The customer’s shipping information.
shipping-id Load shipping id details from an existing shipping record. If unset, the shipping-id with the highest priority will be used by default.
</shipping>
</sale|auth|credit|validate|offline>
* Required

Delete Customer XML Request

Element Description
<delete-customer>
api-key* api-key is obtained in the security keys section of the control panel settings.
customer-vault-id* Specify customer to be deleted.
</delete-customer>
* Required

Delete Billing XML Request

Element Description
<delete-billing>
api-key* api-key is obtained in the security keys section of the control panel settings.
customer-vault-id* Load customer details from an existing customer vault record. If set, no payment information is required during step two.
<billing>
billing-id* Specify billing id to delete.
</billing>
</delete-billing>
* Required

Add/Update/Delete Shipping XML Request

These requests can be made the by replacing the billing section with shipping

Testing Information

Testing Information
Three-Step

Transaction Testing Credentials

Transactions can be tested using one of two methods. First, transactions can be submitted to any merchant account that is in test mode. Keep in mind that if an account is in test mode, all valid credit cards will be approved but no charges will actually be processed.

The Payment Gateway demo account can also be used for testing at any time. Please use the following api-key for testing with this account:

api-key: 2F822Rw39fx762MaV7Yy86jXGTC7sCDy

Transaction POST URL

In step one and step three, transaction details should be POST’ed using XML to the following URL:

POST URL https://secure.apsmerchantgateway.com/api/v2/three-step

Test Data

Transactions can be submitted using the following information:

Visa: 4111111111111111
MasterCard: 5431111111111111
Discover: 6011601160116611
American Express: 341111111111111
Diner’s Club: 30205252489926
JCB: 3541963594572595
Maestro: 6799990100000000019
Credit Card Expiration: 10/25
account (ACH): 123123123
routing (ACH): 123123123
amount 1.00 (Amounts under 1.00 generate failure).

Triggering Errors in Test Mode

  • To cause a declined message, pass an amount less than 1.00.
  • To trigger a fatal error message, pass an invalid card number.
  • To simulate an AVS match, pass 888 in the address1 field, 77777 for zip.
  • To simulate a CVV match, pass 999 in the cvv field.

Appendices

Appendix 1

Appendix 1
Three-Step

AVS Response Codes

X Exact match, 9-character numeric ZIP
Y Exact match, 5-character numeric ZIP
D Exact match, 5-character numeric ZIP
M Exact match, 5-character numeric ZIP
2 Exact match, 5-character numeric ZIP, customer name
6 Exact match, 5-character numeric ZIP, customer name
A Address match only
B Address match only
3 Address, customer name match only
7 Address, customer name match only
W 9-character numeric ZIP match only
Z 5-character ZIP match only
P 5-character ZIP match only
L 5-character ZIP match only
1 5-character ZIP, customer name match only
5 5-character ZIP, customer name match only
N No address or ZIP match only
C No address or ZIP match only
4 No address or ZIP or customer name match only
8 No address or ZIP or customer name match only
U Address unavailable
G Non-U.S. issuer does not participate
I Non-U.S. issuer does not participate
R Issuer system unavailable
E Not a mail/phone order
S Service not supported
0 AVS not available
O AVS not available
B AVS not available

Appendix 2

Appendix 2
Three-Step

CVV Response Codes

M CVV2/CVC2 match
N CVV2/CVC2 no match
P Not processed
S Merchant has indicated that CVV2/CVC2 is not present on card
U Issuer is not certified and/or has not provided Visa encryption keys

Appendix 3

Appendix 3
Three-Step

Result Code Table

100 Transaction was approved.
200 Transaction was declined by processor.
201 Do not honor.
202 Insufficient funds.
203 Over limit.
204 Transaction not allowed.
220 Incorrect payment information.
221 No such card issuer.
222 No card number on file with issuer.
223 Expired card.
224 Invalid expiration date.
225 Invalid card security code.
226 Invalid PIN.
240 Call issuer for further information.
250 Pick up card.
251 Lost card.
252 Stolen card.
253 Fraudulent card.
260 Declined with further instructions available. (See response text)
261 Declined-Stop all recurring payments.
262 Declined-Stop this recurring program.
263 Declined-Update cardholder data available.
264 Declined-Retry in a few days.
300 Transaction was rejected by gateway.
400 Transaction error returned by processor.
410 Invalid merchant configuration.
411 Merchant account is inactive.
420 Communication error.
421 Communication error with issuer.
430 Duplicate transaction at processor.
440 Processor format error.
441 Invalid transaction information.
460 Processor feature not available.
461 Unsupported card type.

Examples

C#

Download example as a ZIP file

Example Files:


Back to Top ]

c_sharp/step1.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="step1.aspx.cs" Inherits="ThreeStepExample._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
       
    <title>Collect non-sensitive Customer Info</title>
    <style type="text/css">
        .style1
        {
            margin-left: 150px;
        }
    </style>
</head>
<body>
    
        
        <form id="form1" runat="server" action="step1.aspx" >
       
            <h2>Step One: Collect non-sensitive payment information.<br /></h2>

            <h3> Customer Information</h3>
            <h4> Billing Details</h4>

              <table>
                  <tr><td>Customer Vault Id  </td><td><asp:TextBox ID="CustomerVaultId" runat="server"></asp:TextBox></td></tr>
                  <tr><td>Company</td><td><asp:TextBox ID="billingAddressCompany" runat="server">Acme, Inc.</asp:TextBox> </td></tr>
                  <tr><td>First Name </td><td><asp:TextBox ID="billingAddressFirstName" runat="server"> John</asp:TextBox></td></tr>
                  <tr><td>Last Name </td><td><asp:TextBox ID="billingAddressLastName" runat="server" value="Smith"/></td></tr>
                  <tr><td>Address </td><td><asp:TextBox ID="billingAddressAddress1" runat="server" value="1234 Main St."/></td></tr>
                  <tr><td>City </td><td><asp:TextBox ID="billingAddressCity" runat="server" value="Beverly Hills"/></td></tr>
                  <tr><td>State/Province </td><td><asp:TextBox ID="billingAddressState" runat="server" value="CA"/></td></tr>
                  <tr><td>Zip/Postal </td><td><asp:TextBox ID="billingAddressZip" runat="server" value="90210"/></td></tr>
                  <tr><td>Country </td><td><asp:TextBox ID="billingAddressCountry" runat="server" value="US"/></td></tr>
                  <tr><td>Phone Number </td><td><asp:TextBox ID="billingAddressPhone" runat="server" value="555-555-5555"/></td></tr>
                  <tr><td>Email Address </td><td><asp:TextBox ID="billingAddressEmail" runat="server" value="test@example.com"/></td></tr>

		          <tr><td><h4><br /> Shipping Details</h4> </td></tr>
                  <tr><td>First Name </td><td><asp:TextBox ID="shippingAddressFirstName" runat="server" value="Mary"/></td></tr>
                  <tr><td>Last Name </td><td><asp:TextBox ID="shippingAddressLastName" runat="server" value="Smith"/></td></tr>
                  <tr><td>Address </td><td><asp:TextBox ID="shippingAddressAddress1" runat="server" value="1234 Main St."/></td></tr>
                  <tr><td>Suite</td><td><asp:TextBox ID="shippingAddressAddress2" runat="server" value="Unit #2"/></td></tr>
                  <tr><td>City </td><td><asp:TextBox ID="shippingAddressCity"  runat ="server"    value="Beverly Hills"/></td></tr>
                   <tr><td>State/Province </td><td><asp:TextBox ID="shippingAddressState" runat="server"  value="CA"/></td></tr>
                  <tr><td>Zip/Postal </td><td><asp:TextBox ID="shippingAddressZip" runat="server" value="90210"/></td></tr>
                  <tr><td>Country</td><td><asp:TextBox ID="shippingAddressCountry" runat="server" value="US"/></td></tr>
                  <tr><td>Phone Number </td><td><asp:TextBox ID="shippingAddressPhone" runat="server" value="555-555-5555"/></td></tr>
                  <tr><td colspan="2">&nbsp;</td></tr>
	              <tr><td colspan="2" align="center">Total Amount $12.00 </td></tr>
                  <tr><td colspan="2" align="center"><asp:Button   runat="server"    Text="Submit Step One"
                           ID="submitStepOne" onclick="stepOneSubmit_Click" ></asp:Button> </td></tr>
              </table>
          
        </form>
        
        
      
    
</body>
</html>

Back to Top ]

c_sharp/step1.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Windows.Forms;
using System.Web.UI;
using System.Xml;
using System.Web.UI.WebControls;
using System.IO;
using System.Net;
using System.Text;
using System.Security.Cryptography.X509Certificates;

namespace ThreeStepExample
{
	public class Program :ICertificatePolicy {
		public bool CheckValidationResult (ServicePoint sp, 
			X509Certificate certificate, WebRequest request, int error)
		{
			return true;
		}
}
    public partial class _Default :System.Web.UI.Page 
    {
        protected void Page_Load(object sender, EventArgs e)
        {

            if (Request["token-id"] != null)
            {
                //MessageBox.Show(Request["token-id"]);
                XmlDocument xmlRequest = new XmlDocument();

                XmlDeclaration xmlDecl = xmlRequest.CreateXmlDeclaration("1.0", "UTF-8", "yes");

                XmlElement root = xmlRequest.DocumentElement;
                xmlRequest.InsertBefore(xmlDecl, root);


                XmlElement xmlCompleteTransaction = xmlRequest.CreateElement("complete-action");

                XmlElement xmlApiKey = xmlRequest.CreateElement("api-key");
				
                xmlApiKey.InnerText = "2F822Rw39fx762MaV7Yy86jXGTC7sCDy";
				
                xmlCompleteTransaction.AppendChild(xmlApiKey);


                XmlElement xmlTokenId = xmlRequest.CreateElement("token-id");
                xmlTokenId.InnerText = Request["token-id"];
                xmlCompleteTransaction.AppendChild(xmlTokenId);


                xmlRequest.AppendChild(xmlCompleteTransaction);


                string responseFromServer = this.sendXMLRequest(xmlRequest);
                XmlReader responseReader = XmlReader.Create(new StringReader(responseFromServer));


                XmlDocument xDoc = new XmlDocument();
                xDoc.Load(responseReader);
                XmlNodeList response = xDoc.GetElementsByTagName("result");
                XmlNodeList responseText = xDoc.GetElementsByTagName("result-text");
                
                Session["data"] = responseFromServer;
                Session["result"] = response[0].InnerText;
                Session["result-text"] = responseText[0].InnerText;

                responseReader.Close();
                Server.Transfer("step3.aspx");

            }
                      

        }

        protected void stepOneSubmit_Click(object sender, EventArgs e)
        {
          

            XmlDocument  xmlRequest = new XmlDocument();

            XmlDeclaration xmlDecl = xmlRequest.CreateXmlDeclaration("1.0","UTF-8","yes");
            
            XmlElement root = xmlRequest.DocumentElement;
            xmlRequest.InsertBefore(xmlDecl, root);


            XmlElement xmlSale = xmlRequest.CreateElement("sale");

            XmlElement xmlApiKey = xmlRequest.CreateElement("api-key");

			xmlApiKey.InnerText = "2F822Rw39fx762MaV7Yy86jXGTC7sCDy";
			
            xmlSale.AppendChild(xmlApiKey);

            XmlElement xmlRedirectUrl = xmlRequest.CreateElement("redirect-url");
            xmlRedirectUrl.InnerText = Request.ServerVariables["HTTP_REFERER"];
            xmlSale.AppendChild(xmlRedirectUrl);

            XmlElement xmlAmount = xmlRequest.CreateElement("amount");
            xmlAmount.InnerText = "12.00";
            xmlSale.AppendChild(xmlAmount);

            XmlElement xmlRemoteAddr = xmlRequest.CreateElement("ip-address");
            xmlRemoteAddr.InnerText = Request.ServerVariables["REMOTE_ADDR"];
            xmlSale.AppendChild(xmlRemoteAddr);

            XmlElement xmlCurrency = xmlRequest.CreateElement("currency");
            xmlCurrency.InnerText = "USD";
            xmlSale.AppendChild(xmlCurrency);

            XmlElement xmlOrderId = xmlRequest.CreateElement("order-id");
            xmlOrderId.InnerText = "1234";
            xmlSale.AppendChild(xmlOrderId);

            XmlElement xmlOrderDescription = xmlRequest.CreateElement("order-description");
            xmlOrderDescription.InnerText = "Small Order";
            xmlSale.AppendChild(xmlOrderDescription);

            XmlElement xmlMDF1 = xmlRequest.CreateElement("merchant-defined-field-1");
            xmlMDF1.InnerText = "Red";
            xmlSale.AppendChild(xmlMDF1);

            XmlElement xmlMDF2 = xmlRequest.CreateElement("merchant-defined-field-2");
            xmlMDF2.InnerText = "Medium";
            xmlSale.AppendChild(xmlMDF2);

            XmlElement xmlTax = xmlRequest.CreateElement("tax-amount");
            xmlTax.InnerText = "0.00";
            xmlSale.AppendChild(xmlTax);

            XmlElement xmlShipping = xmlRequest.CreateElement("shipping-amount");
            xmlShipping.InnerText = "0.00";
            xmlSale.AppendChild(xmlShipping);

            if (!(CustomerVaultId.Text.Equals("") || CustomerVaultId.Text.Equals('0')))
            {
                XmlElement xmlCustomerVaultId = xmlRequest.CreateElement("customer-vault-id");
                xmlCustomerVaultId.InnerText = CustomerVaultId.Text;
                xmlSale.AppendChild(xmlCustomerVaultId);

            }
            //To Add a customer
           /* else
            {
                XmlElement xmlAddCustomer = xmlRequest.CreateElement("add-customer");

                XmlElement xmlCustomerVaultId = xmlRequest.CreateElement("customer-vault-id");
                xmlCustomerVaultId.InnerText = "411";
                xmlAddCustomer.AppendChild(xmlCustomerVaultId);
                
                xmlSale.AppendChild(xmlAddCustomer);
            }
            */ 
    


            XmlElement xmlBillingAddress = xmlRequest.CreateElement("billing");

            XmlElement xmlFirstName = xmlRequest.CreateElement("first-name");
            xmlFirstName.InnerText = billingAddressFirstName.Text;
            xmlBillingAddress.AppendChild(xmlFirstName);

            XmlElement xmlLastName = xmlRequest.CreateElement("last-name");
            xmlLastName.InnerText = billingAddressLastName.Text;
            xmlBillingAddress.AppendChild(xmlLastName);

            XmlElement xmlAddress1 = xmlRequest.CreateElement("address1");
            xmlAddress1.InnerText = billingAddressAddress1.Text;
            xmlBillingAddress.AppendChild(xmlAddress1);

            XmlElement xmlCity = xmlRequest.CreateElement("city");
            xmlCity.InnerText = billingAddressCity.Text;
            xmlBillingAddress.AppendChild(xmlCity);

            XmlElement xmlState = xmlRequest.CreateElement("state");
            xmlState.InnerText = billingAddressState.Text;
            xmlBillingAddress.AppendChild(xmlState);

            XmlElement xmlZip = xmlRequest.CreateElement("postal");
            xmlZip.InnerText = billingAddressZip.Text;
            xmlBillingAddress.AppendChild(xmlZip);

            XmlElement xmlCountry = xmlRequest.CreateElement("country");
            xmlCountry.InnerText = billingAddressCountry.Text;
            xmlBillingAddress.AppendChild(xmlCountry);

            XmlElement xmlPhone = xmlRequest.CreateElement("phone");
            xmlPhone.InnerText = billingAddressPhone.Text;
            xmlBillingAddress.AppendChild(xmlPhone);

            XmlElement xmlCompany = xmlRequest.CreateElement("company");
            xmlCompany.InnerText = billingAddressCompany.Text;
            xmlBillingAddress.AppendChild(xmlCompany);

            XmlElement xmlAddress2 = xmlRequest.CreateElement("address2");
            xmlAddress2.InnerText = billingAddressAddress1.Text;
            xmlBillingAddress.AppendChild(xmlAddress2);

            XmlElement xmlFax = xmlRequest.CreateElement("fax");
            xmlFax.InnerText = "";
            xmlBillingAddress.AppendChild(xmlFax);

            
            xmlSale.AppendChild(xmlBillingAddress);

            //////////

            XmlElement xmlShippingAddress = xmlRequest.CreateElement("shipping");

            XmlElement xmlSFirstName = xmlRequest.CreateElement("first-name");
            xmlSFirstName.InnerText = shippingAddressFirstName.Text;
            xmlShippingAddress.AppendChild(xmlSFirstName);

            XmlElement xmlSLastName = xmlRequest.CreateElement("last-name");
            xmlSLastName.InnerText = shippingAddressLastName.Text;
            xmlShippingAddress.AppendChild(xmlSLastName);

            XmlElement xmlSAddress1 = xmlRequest.CreateElement("address1");
            xmlSAddress1.InnerText = shippingAddressAddress1.Text;
            xmlShippingAddress.AppendChild(xmlSAddress1);

            XmlElement xmlSCity = xmlRequest.CreateElement("city");
            xmlSCity.InnerText = shippingAddressCity.Text;
            xmlShippingAddress.AppendChild(xmlSCity);

            XmlElement xmlSState = xmlRequest.CreateElement("state");
            xmlSState.InnerText = shippingAddressState.Text;
            xmlShippingAddress.AppendChild(xmlSState);

            XmlElement xmlSZip = xmlRequest.CreateElement("postal");
            xmlSZip.InnerText = shippingAddressZip.Text;
            xmlShippingAddress.AppendChild(xmlSZip);

            XmlElement xmlSCountry = xmlRequest.CreateElement("country");
            xmlSCountry.InnerText = shippingAddressCountry.Text;
            xmlShippingAddress.AppendChild(xmlSCountry);

            XmlElement xmlSPhone = xmlRequest.CreateElement("phone");
            xmlSPhone.InnerText = shippingAddressPhone.Text;
            xmlShippingAddress.AppendChild(xmlSPhone);

            XmlElement xmlSCompany = xmlRequest.CreateElement("company");
            xmlSCompany.InnerText = "";
            xmlShippingAddress.AppendChild(xmlSCompany);

            XmlElement xmlSAddress2 = xmlRequest.CreateElement("address2");
            xmlSAddress2.InnerText = shippingAddressAddress1.Text;
            xmlShippingAddress.AppendChild(xmlSAddress2);

            XmlElement xmlSFax = xmlRequest.CreateElement("fax");
            xmlFax.InnerText = "";
            xmlShippingAddress.AppendChild(xmlSFax);


            xmlSale.AppendChild(xmlShippingAddress);

            ////////////////

            XmlElement xmlProduct = xmlRequest.CreateElement("product");

            XmlElement xmlSku = xmlRequest.CreateElement("product-code");
            xmlSku.InnerText = "SKU-123456";
            xmlProduct.AppendChild(xmlSku);

            XmlElement xmlDescription = xmlRequest.CreateElement("description");
            xmlDescription.InnerText = "Books";
            xmlProduct.AppendChild(xmlDescription);

            XmlElement xmlQuantity = xmlRequest.CreateElement("quantity");
            xmlQuantity.InnerText = "1";
            xmlProduct.AppendChild(xmlQuantity);

            XmlElement xmlUnit = xmlRequest.CreateElement("unit-of-measure");
            xmlUnit.InnerText = "1";
            xmlProduct.AppendChild(xmlUnit);

           
            XmlElement xmlUnitAmount = xmlRequest.CreateElement("total-amount");
            xmlUnitAmount.InnerText = "1";
            xmlProduct.AppendChild(xmlUnitAmount);

            XmlElement xmlUnitDiscount = xmlRequest.CreateElement("discount-amount");
            xmlUnitDiscount.InnerText = "0.00";
            xmlProduct.AppendChild(xmlUnitDiscount);


            XmlElement xmlUnitTax = xmlRequest.CreateElement("tax-amount");
            xmlUnitTax.InnerText = "0.00";
            xmlProduct.AppendChild(xmlUnitTax);


            XmlElement xmlTaxRate = xmlRequest.CreateElement("tax-rate");
            xmlTaxRate.InnerText = "0.01";
            xmlProduct.AppendChild(xmlTaxRate);



            xmlSale.AppendChild(xmlProduct);
            ///////////////

            XmlElement xmlProduct2 = xmlRequest.CreateElement("product");

            XmlElement xmlSku2 = xmlRequest.CreateElement("product-code");
            xmlSku2.InnerText = "SKU-654321";
            xmlProduct2.AppendChild(xmlSku2);

            XmlElement xmlDescription2 = xmlRequest.CreateElement("description");
            xmlDescription2.InnerText = "Videos";
            xmlProduct2.AppendChild(xmlDescription2);

            XmlElement xmlQuantity2 = xmlRequest.CreateElement("quantity");
            xmlQuantity2.InnerText = "1";
            xmlProduct2.AppendChild(xmlQuantity2);

            XmlElement xmlUnit2 = xmlRequest.CreateElement("unit-of-measure");
            xmlUnit2.InnerText = "";
            xmlProduct2.AppendChild(xmlUnit2);



            XmlElement xmlUnitAmount2 = xmlRequest.CreateElement("total-amount");
            xmlUnitAmount2.InnerText = "2";
            xmlProduct2.AppendChild(xmlUnitAmount2);

            XmlElement xmlUnitDiscount2 = xmlRequest.CreateElement("discount-amount");
            xmlUnitDiscount2.InnerText = "0.00";
            xmlProduct2.AppendChild(xmlUnitDiscount2);


            XmlElement xmlUnitTax2 = xmlRequest.CreateElement("tax-amount");
            xmlUnitTax2.InnerText = "0.00";
            xmlProduct2.AppendChild(xmlUnitTax2);


            XmlElement xmlTaxRate2 = xmlRequest.CreateElement("tax-rate");
            xmlTaxRate2.InnerText = "0.01";
            xmlProduct2.AppendChild(xmlTaxRate2);



            xmlSale.AppendChild(xmlProduct2);


            xmlRequest.AppendChild(xmlSale);


            string responseFromServer = this.sendXMLRequest(xmlRequest);

            
            XmlReader responseReader = XmlReader.Create(new StringReader(responseFromServer));
        

            XmlDocument xDoc = new XmlDocument();
            xDoc.Load(responseReader);
            XmlNodeList response = xDoc.GetElementsByTagName("result");
            if (response[0].InnerText.Equals("1"))
            {
                XmlNodeList formUrl = xDoc.GetElementsByTagName("form-url");
                Session["formURL"] = "";
                Session["formURL"] =  formUrl[0].InnerText;
                responseReader.Close();
                Server.Transfer("step2.aspx");

            }
        }
	
        protected string sendXMLRequest(XmlDocument xmlRequest)
        {
		ServicePointManager.CertificatePolicy = new Program ();
            string uri = "https://secure.apsmerchantgateway.com/api/v2/three-step";
			
            WebRequest req = WebRequest.Create(uri);
            //req.Proxy = WebProxy.GetDefaultProxy(); // Enable if using proxy
            req.Method = "POST";        // Post method
            req.ContentType = "text/xml";     // content type
            // Wrap the request stream with a text-based writer
            StreamWriter writer = new StreamWriter(req.GetRequestStream());
            // Write the XML text into the stream
            
            xmlRequest.Save(writer);
            
            writer.Close();
            // Send the data to the webserver
            WebResponse rsp = req.GetResponse();

            Stream dataStream = rsp.GetResponseStream();
            // Open the stream using a StreamReader 
            StreamReader reader = new StreamReader(dataStream);
            // Read the content.
            string responseFromServer = reader.ReadToEnd();

            // int index = responseFromServer.IndexOf("<?");
            //string substr = responseFromServer.Substring(index);
            // Display the content.
            //MessageBox.Show(responseFromServer);
            // Clean up the streams.

            reader.Close();
            dataStream.Close();
            rsp.Close();

            return responseFromServer;

        }
       
      
    }

    


}


Back to Top ]

c_sharp/step1.aspx.designer.cs

// ------------------------------------------------------------------------------
//  <autogenerated>
//      This code was generated by a tool.
//      Mono Runtime Version: 4.0.30319.1
// 
//      Changes to this file may cause incorrect behavior and will be lost if 
//      the code is regenerated.
//  </autogenerated>
// ------------------------------------------------------------------------------

namespace ThreeStepExample {
	
	
	public partial class _Default {
		
		protected System.Web.UI.HtmlControls.HtmlForm form1;
		
		protected System.Web.UI.WebControls.TextBox CustomerVaultId;
		
		protected System.Web.UI.WebControls.TextBox billingAddressCompany;
		
		protected System.Web.UI.WebControls.TextBox billingAddressFirstName;
		
		protected System.Web.UI.WebControls.TextBox billingAddressLastName;
		
		protected System.Web.UI.WebControls.TextBox billingAddressAddress1;
		
		protected System.Web.UI.WebControls.TextBox billingAddressCity;
		
		protected System.Web.UI.WebControls.TextBox billingAddressState;
		
		protected System.Web.UI.WebControls.TextBox billingAddressZip;
		
		protected System.Web.UI.WebControls.TextBox billingAddressCountry;
		
		protected System.Web.UI.WebControls.TextBox billingAddressPhone;
		
		protected System.Web.UI.WebControls.TextBox billingAddressEmail;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressFirstName;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressLastName;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressAddress1;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressAddress2;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressCity;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressState;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressZip;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressCountry;
		
		protected System.Web.UI.WebControls.TextBox shippingAddressPhone;
		
		protected System.Web.UI.WebControls.Button submitStepOne;
	}
}

Back to Top ]

c_sharp/step2.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="step2.aspx.cs" Inherits="ThreeStepExample.WebForm1" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title></title>
</head>
<body>
     <form id="form1"  runat="server" action="step2.aspx" >
       
            <h2>Step Two: Collect sensitive payment information and POST directly to payment gateway<br /></h2>

            <h3> Payment Information</h3>
            

              <table>
                  <tr><td>Credit Card Number  </td><td><asp:TextBox ID="cc_number" name="cc_number" runat="server" >4111111111111111</asp:TextBox></td></tr>
                  <tr><td>Expiration Date</td><td><asp:TextBox ID="cc_exp"  name="cc_exp" runat="server">1012</asp:TextBox> </td></tr>
                  <tr><td>CVV </td><td><asp:TextBox ID="cvv" name="cvv" runat="server"> </asp:TextBox></td></tr>
                  <tr><td colspan="2">&nbsp;</td></tr>
	              <tr><td colspan="2" align="center">Total Amount $12.00 </td></tr>
                  <tr><td colspan="2" align="center"><asp:Button   runat="server"    Text="Submit Step Two"
                           ID="submitStepTwo"></asp:Button> </td></tr>
              </table>
          
        </form>
        
</body>
</html>

Back to Top ]

c_sharp/step2.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Windows.Forms;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace ThreeStepExample
{
    public partial class WebForm1 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            form1.Action = (string)Session["formUrl"];
            
        }
        
    }
}

Back to Top ]

c_sharp/step2.aspx.designer.cs

// ------------------------------------------------------------------------------
//  <autogenerated>
//      This code was generated by a tool.
//      Mono Runtime Version: 4.0.30319.1
// 
//      Changes to this file may cause incorrect behavior and will be lost if 
//      the code is regenerated.
//  </autogenerated>
// ------------------------------------------------------------------------------

namespace ThreeStepExample {
	
	
	public partial class WebForm1 {
		
		protected System.Web.UI.HtmlControls.HtmlForm form1;
		
		protected System.Web.UI.WebControls.TextBox cc_number;
		
		protected System.Web.UI.WebControls.TextBox cc_exp;
		
		protected System.Web.UI.WebControls.TextBox cvv;
		
		protected System.Web.UI.WebControls.Button submitStepTwo;
	}
}

Back to Top ]

c_sharp/step3.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="step3.aspx.cs" Inherits="ThreeStepExample.step3" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
   <title>Step Three - Complete Transaciton</title>
</head>
<body>
   
       
   
    <form id="form1" runat="server">
    <pre>
    <p><h2>Step Three: Script automatically completes the transaction </h2></p>
    
        <% if(Session["result"].Equals("1")) 
        
           { %> 
            
            <p><h3> Transaction was Approved.</h3></p>
        
        <% }
           else if (Session["result"].Equals("2"))
           { %> 
           
            <p><h3> Transaction was Declined.</h3>Decline Description: </p>
           
        <% }
           else
           { %>
           
           <p><h3> Transaction caused an Error.</h3></p>
           Error Description:
          
                
         <%} %> 
        
        
        <asp:Label ID="LabelResponseText" runat="server" Height="20px" Text="Label" Width="20px"></asp:Label>
        <p><h3>XML response was:</h3></p>
        <asp:Label ID="LabelResponse"  runat="server" Height="150px" Text="Label" Width="350px"></asp:Label> 
		</pre>
   
    </form>
   
</body>
</html>

Back to Top ]

c_sharp/step3.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace ThreeStepExample
{
    public partial class step3 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            LabelResponse.Text = Server.HtmlEncode(Session["data"].ToString());
            if (!Session["result"].Equals("1"))
            {
                LabelResponseText.Text = (string)Session["result-text"];
            }
            else
            {
                LabelResponseText.Text = "";
            }
        }
    }
}

Back to Top ]

c_sharp/step3.aspx.designer.cs

// ------------------------------------------------------------------------------
//  <autogenerated>
//      This code was generated by a tool.
//      Mono Runtime Version: 4.0.30319.1
// 
//      Changes to this file may cause incorrect behavior and will be lost if 
//      the code is regenerated.
//  </autogenerated>
// ------------------------------------------------------------------------------

namespace ThreeStepExample {
	
	
	public partial class step3 {
		
		protected System.Web.UI.HtmlControls.HtmlForm form1;
		
		protected System.Web.UI.WebControls.Label LabelResponseText;
		
		protected System.Web.UI.WebControls.Label LabelResponse;
	}
}

PHP


// API Setup parameters
$gatewayURL = 'https://secure.apsmerchantgateway.com/api/v2/three-step';
$APIKey = '2F822Rw39fx762MaV7Yy86jXGTC7sCDy';


// If there is no POST data or a token-id, print the initial shopping cart form to get ready for Step One.
if (empty($_POST['DO_STEP_1']) && empty($_GET['token-id'])) {

    print '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
    print '
    <html>
      <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>Collect non-sensitive Customer Info </title>
      </head>
      <body>
      <p><h2>Step One: Collect non-sensitive payment information.<br /></h2></p>

      <h3> Customer Information</h3>
      <h4> Billing Details</h4>

        <form action="" method="post">
          <table>
          <tr><td>Customer Vault Id  </td><td><input type="text" name="customer-vault-id" value=""></td></tr>
          <tr><td>Company</td><td><input type="text" name="billing-address-company" value="Acme, Inc."></td></tr>
          <tr><td>First Name </td><td><input type="text" name="billing-address-first-name" value="John"></td></tr>
          <tr><td>Last Name </td><td><input type="text" name="billing-address-last-name" value="Smith"></td></tr>
          <tr><td>Address </td><td><input type="text" name="billing-address-address1" value="1234 Main St."></td></tr>
          <tr><td>Address 2 </td><td><input type="text" name="billing-address-address2" value="Suite 205"></td></tr>
          <tr><td>City </td><td><input type="text" name="billing-address-city" value="Beverly Hills"></td></tr>
          <tr><td>State/Province </td><td><input type="text" name="billing-address-state" value="CA"></td></tr>
          <tr><td>Zip/Postal </td><td><input type="text" name="billing-address-zip" value="90210"></td></tr>
          <tr><td>Country </td><td><input type="text" name="billing-address-country" value="US"></td></tr>
          <tr><td>Phone Number </td><td><input type="text" name="billing-address-phone" value="555-555-5555"></td></tr>
          <tr><td>Fax Number </td><td><input type="text" name="billing-address-fax" value="555-555-5555"></td></tr>
          <tr><td>Email Address </td><td><input type="text" name="billing-address-email" value="test@example.com"></td></tr>

          <tr><td><h4><br /> Shipping Details</h4>
          <tr><td>Company</td><td><input type="text" name="shipping-address-company" value="Acme, Inc."></td></tr>
          <tr><td>First Name </td><td><input type="text" name="shipping-address-first-name" value="Mary"></td></tr>
          <tr><td>Last Name </td><td><input type="text" name="shipping-address-last-name" value="Smith"></td></tr>
          <tr><td>Address </td><td><input type="text" name="shipping-address-address1" value="1234 Main St."></td></tr>
          <tr><td>Address 2</td><td><input type="text" name="shipping-address-address2" value="Suite 205"></td></tr>
          <tr><td>City </td><td><input type="text" name="shipping-address-city" value="Beverly Hills"></td></tr>
          <tr><td>State/Province </td><td><input type="text" name="shipping-address-state" value="CA"></td></tr>
          <tr><td>Zip/Postal </td><td><input type="text" name="shipping-address-zip" value="90210"></td></tr>
          <tr><td>Country</td><td><input type="text" name="shipping-address-country" value="US"></td></tr>
          <tr><td>Phone Number </td><td><input type="text" name="shipping-address-phone" value="555-555-5555"></td></tr>
          <tr><td colspan="2"> </td>
          <tr><td colspan="2" align=center>Total Amount $12.00 </td></tr>
          <tr><td colspan="2" align=center><input type="submit" value="Submit Step One"><input type="hidden" name ="DO_STEP_1" value="true"></td></tr>
          </table>

        </form>
      </body>
    </html>

    ';
}else if (!empty($_POST['DO_STEP_1'])) {

    // Initiate Step One: Now that we've collected the non-sensitive payment information, we can combine other order information and build the XML format.
    $xmlRequest = new DOMDocument('1.0','UTF-8');

    $xmlRequest->formatOutput = true;
    $xmlSale = $xmlRequest->createElement('sale');

    // Amount, authentication, and Redirect-URL are typically the bare minimum.
    appendXmlNode($xmlRequest, $xmlSale,'api-key',$APIKey);
    appendXmlNode($xmlRequest, $xmlSale,'redirect-url',$_SERVER['HTTP_REFERER']);
    appendXmlNode($xmlRequest, $xmlSale, 'amount', '12.00');
    appendXmlNode($xmlRequest, $xmlSale, 'ip-address', $_SERVER["REMOTE_ADDR"]);
    //appendXmlNode($xmlRequest, $xmlSale, 'processor-id' , 'processor-a');
    appendXmlNode($xmlRequest, $xmlSale, 'currency', 'USD');

    // Some additonal fields may have been previously decided by user
    appendXmlNode($xmlRequest, $xmlSale, 'order-id', '1234');
    appendXmlNode($xmlRequest, $xmlSale, 'order-description', 'Small Order');
    appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-1' , 'Red');
    appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-2', 'Medium');
    appendXmlNode($xmlRequest, $xmlSale, 'tax-amount' , '0.00');
    appendXmlNode($xmlRequest, $xmlSale, 'shipping-amount' , '0.00');

    /*if(!empty($_POST['customer-vault-id'])) {
        appendXmlNode($xmlRequest, $xmlSale, 'customer-vault-id' , $_POST['customer-vault-id']);
    }else {
         $xmlAdd = $xmlRequest->createElement('add-customer');
         appendXmlNode($xmlRequest, $xmlAdd, 'customer-vault-id' ,411);
         $xmlSale->appendChild($xmlAdd);
    }*/


    // Set the Billing and Shipping from what was collected on initial shopping cart form
    $xmlBillingAddress = $xmlRequest->createElement('billing');
    appendXmlNode($xmlRequest, $xmlBillingAddress,'first-name', $_POST['billing-address-first-name']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'last-name', $_POST['billing-address-last-name']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'address1', $_POST['billing-address-address1']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'city', $_POST['billing-address-city']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'state', $_POST['billing-address-state']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'postal', $_POST['billing-address-zip']);
    //billing-address-email
    appendXmlNode($xmlRequest, $xmlBillingAddress,'country', $_POST['billing-address-country']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'email', $_POST['billing-address-email']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'phone', $_POST['billing-address-phone']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'company', $_POST['billing-address-company']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'address2', $_POST['billing-address-address2']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'fax', $_POST['billing-address-fax']);
    $xmlSale->appendChild($xmlBillingAddress);


    $xmlShippingAddress = $xmlRequest->createElement('shipping');
    appendXmlNode($xmlRequest, $xmlShippingAddress,'first-name', $_POST['shipping-address-first-name']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'last-name', $_POST['shipping-address-last-name']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'address1', $_POST['shipping-address-address1']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'city', $_POST['shipping-address-city']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'state', $_POST['shipping-address-state']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'postal', $_POST['shipping-address-zip']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'country', $_POST['shipping-address-country']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'phone', $_POST['shipping-address-phone']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'company', $_POST['shipping-address-company']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'address2', $_POST['shipping-address-address2']);
    $xmlSale->appendChild($xmlShippingAddress);


    // Products already chosen by user
    $xmlProduct = $xmlRequest->createElement('product');
    appendXmlNode($xmlRequest, $xmlProduct,'product-code' , 'SKU-123456');
    appendXmlNode($xmlRequest, $xmlProduct,'description' , 'test product description');
    appendXmlNode($xmlRequest, $xmlProduct,'commodity-code' , 'abc');
    appendXmlNode($xmlRequest, $xmlProduct,'unit-of-measure' , 'lbs');
    appendXmlNode($xmlRequest, $xmlProduct,'unit-cost' , '5.00');
    appendXmlNode($xmlRequest, $xmlProduct,'quantity' , '1');
    appendXmlNode($xmlRequest, $xmlProduct,'total-amount' , '7.00');
    appendXmlNode($xmlRequest, $xmlProduct,'tax-amount' , '2.00');

    appendXmlNode($xmlRequest, $xmlProduct,'tax-rate' , '1.00');
    appendXmlNode($xmlRequest, $xmlProduct,'discount-amount', '2.00');
    appendXmlNode($xmlRequest, $xmlProduct,'discount-rate' , '1.00');
    appendXmlNode($xmlRequest, $xmlProduct,'tax-type' , 'sales');
    appendXmlNode($xmlRequest, $xmlProduct,'alternate-tax-id' , '12345');

    $xmlSale->appendChild($xmlProduct);

    $xmlProduct = $xmlRequest->createElement('product');
    appendXmlNode($xmlRequest, $xmlProduct,'product-code' , 'SKU-123456');
    appendXmlNode($xmlRequest, $xmlProduct,'description' , 'test 2 product description');
    appendXmlNode($xmlRequest, $xmlProduct,'commodity-code' , 'abc');
    appendXmlNode($xmlRequest, $xmlProduct,'unit-of-measure' , 'lbs');
    appendXmlNode($xmlRequest, $xmlProduct,'unit-cost' , '2.50');
    appendXmlNode($xmlRequest, $xmlProduct,'quantity' , '2');
    appendXmlNode($xmlRequest, $xmlProduct,'total-amount' , '7.00');
    appendXmlNode($xmlRequest, $xmlProduct,'tax-amount' , '2.00');

    appendXmlNode($xmlRequest, $xmlProduct,'tax-rate' , '1.00');
    appendXmlNode($xmlRequest, $xmlProduct,'discount-amount', '2.00');
    appendXmlNode($xmlRequest, $xmlProduct,'discount-rate' , '1.00');
    appendXmlNode($xmlRequest, $xmlProduct,'tax-type' , 'sales');
    appendXmlNode($xmlRequest, $xmlProduct,'alternate-tax-id' , '12345');

    $xmlSale->appendChild($xmlProduct);

    $xmlRequest->appendChild($xmlSale);

    // Process Step One: Submit all transaction details to the Payment Gateway except the customer's sensitive payment information.
    // The Payment Gateway will return a variable form-url.
    $data = sendXMLviaCurl($xmlRequest,$gatewayURL);

    // Parse Step One's XML response
    $gwResponse = @new SimpleXMLElement($data);
    if ((string)$gwResponse->result ==1 ) {
        // The form url for used in Step Two below
        $formURL = $gwResponse->{'form-url'};
    } else {
        throw New Exception(print " Error, received " . $data);
    }

    // Initiate Step Two: Create an HTML form that collects the customer's sensitive payment information
    // and use the form-url that the Payment Gateway returns as the submit action in that form.
    print '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';


    print '

        <html>
        <head>
            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
            <title>Collect sensitive Customer Info </title>
        </head>
        <body>';
    // Uncomment the line below if you would like to print Step One's response
    // print '<pre>' . (htmlentities($data)) . '</pre>';
    print '
        <p><h2>Step Two: Collect sensitive payment information and POST directly to payment gateway<br /></h2></p>

        <form action="'.$formURL. '" method="POST">
        <h3> Payment Information</h3>
            <table>
                <tr><td>Credit Card Number</td><td><INPUT type ="text" name="billing-cc-number" value="4111111111111111"> </td></tr>
                <tr><td>Expiration Date</td><td><INPUT type ="text" name="billing-cc-exp" value="1012"> </td></tr>
                <tr><td>CVV</td><td><INPUT type ="text" name="cvv" > </td></tr>
                <tr><Td colspan="2" align=center><INPUT type ="submit" value="Submit Step Two"></td> </tr>
            </table>
        </form>
        </body>
        </html>
        ';

} elseif (!empty($_GET['token-id'])) {

    // Step Three: Once the browser has been redirected, we can obtain the token-id and complete
    // the transaction through another XML HTTPS POST including the token-id which abstracts the
    // sensitive payment information that was previously collected by the Payment Gateway.
    $tokenId = $_GET['token-id'];
    $xmlRequest = new DOMDocument('1.0','UTF-8');
    $xmlRequest->formatOutput = true;
    $xmlCompleteTransaction = $xmlRequest->createElement('complete-action');
    appendXmlNode($xmlRequest, $xmlCompleteTransaction,'api-key',$APIKey);
    appendXmlNode($xmlRequest, $xmlCompleteTransaction,'token-id',$tokenId);
    $xmlRequest->appendChild($xmlCompleteTransaction);


    // Process Step Three
    $data = sendXMLviaCurl($xmlRequest,$gatewayURL);


    $gwResponse = @new SimpleXMLElement((string)$data);
    print '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
    print '
    <html>
      <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>Step Three - Complete Transaction</title>
      </head>
      <body>';

    print "
        <p><h2>Step Three: Script automatically completes the transaction <br /></h2></p>";

    if ((string)$gwResponse->result == 1 ) {
        print " <p><h3> Transaction was Approved, XML response was:</h3></p>\n";
        print '<pre>' . (htmlentities($data)) . '</pre>';

    } elseif((string)$gwResponse->result == 2)  {
        print " <p><h3> Transaction was Declined.</h3>\n";
        print " Decline Description : " . (string)$gwResponse->{'result-text'} ." </p>";
        print " <p><h3>XML response was:</h3></p>\n";
        print '<pre>' . (htmlentities($data)) . '</pre>';
    } else {
        print " <p><h3> Transaction caused an Error.</h3>\n";
        print " Error Description: " . (string)$gwResponse->{'result-text'} ." </p>";
        print " <p><h3>XML response was:</h3></p>\n";
        print '<pre>' . (htmlentities($data)) . '</pre>';
    }
    print "</body></html>";



} else {
  print "ERROR IN SCRIPT<BR>";
}


  function sendXMLviaCurl($xmlRequest,$gatewayURL) {
   // helper function demonstrating how to send the xml with curl


    $ch = curl_init(); // Initialize curl handle
    curl_setopt($ch, CURLOPT_URL, $gatewayURL); // Set POST URL

    $headers = array();
    $headers[] = "Content-type: text/xml";
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); // Add http headers to let it know we're sending XML
    $xmlString = $xmlRequest->saveXML();
    curl_setopt($ch, CURLOPT_FAILONERROR, 1); // Fail on errors
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // Allow redirects
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
    curl_setopt($ch, CURLOPT_PORT, 443); // Set the port number
    curl_setopt($ch, CURLOPT_TIMEOUT, 30); // Times out after 30s
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlString); // Add XML directly in POST

    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);


    // This should be unset in production use. With it on, it forces the ssl cert to be valid
    // before sending info.
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    if (!($data = curl_exec($ch))) {
        print  "curl error =>" .curl_error($ch) ."\n";
        throw New Exception(" CURL ERROR :" . curl_error($ch));

    }
    curl_close($ch);

    return $data;
  }

  // Helper function to make building xml dom easier
  function appendXmlNode($domDocument, $parentNode, $name, $value) {
        $childNode      = $domDocument->createElement($name);
        $childNodeValue = $domDocument->createTextNode($value);
        $childNode->appendChild($childNodeValue);
        $parentNode->appendChild($childNode);
  }


PHP - Customer Vault


// API Setup Parameters
$gatewayURL = 'https://secure.apsmerchantgateway.com/api/v2/three-step';
$APIKey = '2F822Rw39fx762MaV7Yy86jXGTC7sCDy';


// If there is no POST data or a token-id, print the initial Customer Information form to get ready for Step One.
if (empty($_POST['DO_STEP_1'])&& empty($_GET['token-id'])) {

    print '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
    print '
    <html>
      <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>Collect non-sensitive Customer  Vault Info </title>
      </head>
      <body>
      <p><h2>Step One: Collect non-sensitive Customer Vault information.<br /></h2></p>

      <h3> Customer Information</h3>
      <h4> Billing Details</h4>

        <form action="" method="post">
          <table>
          <tr><td>Customer Vault Id  </td><td><input type="text" name="customer-vault-id" value=""></td></tr>
          <tr><td>Company</td><td><input type="text" name="billing-address-company" value="Acme, Inc."></td></tr>
          <tr><td>First Name </td><td><input type="text" name="billing-address-first-name" value="John"></td></tr>
          <tr><td>Last Name </td><td><input type="text" name="billing-address-last-name" value="Smith"></td></tr>
          <tr><td>Address </td><td><input type="text" name="billing-address-address1" value="1234 Main St."></td></tr>
          <tr><td>City </td><td><input type="text" name="billing-address-city" value="Beverly Hills"></td></tr>
          <tr><td>State/Province </td><td><input type="text" name="billing-address-state" value="CA"></td></tr>
          <tr><td>Zip/Postal </td><td><input type="text" name="billing-address-zip" value="90210"></td></tr>
          <tr><td>Country </td><td><input type="text" name="billing-address-country" value="US"></td></tr>
          <tr><td>Phone Number </td><td><input type="text" name="billing-address-phone" value="555-555-5555"></td></tr>
          <tr><td>Email Address </td><td><input type="text" name="billing-address-email" value="test@example.com"></td></tr>

          <tr><td><h4><br /> Shipping Details</h4>
          <tr><td>First Name </td><td><input type="text" name="shipping-address-first-name" value="Mary"></td></tr>
          <tr><td>Last Name </td><td><input type="text" name="shipping-address-last-name" value="Smith"></td></tr>
          <tr><td>Address </td><td><input type="text" name="shipping-address-address1" value="1234 Main St."></td></tr>
          <tr><td>Suite</td><td><input type="text" name="shipping-address-address2" value="Unit #2"></td></tr>
          <tr><td>City </td><td><input type="text" name="shipping-address-city" value="Beverly Hills"></td></tr>
          <tr><td>State/Province </td><td><input type="text" name="shipping-address-state" value="CA"></td></tr>
          <tr><td>Zip/Postal </td><td><input type="text" name="shipping-address-zip" value="90210"></td></tr>
          <tr><td>Country</td><td><input type="text" name="shipping-address-country" value="US"></td></tr>
          <tr><td colspan="2"> </td>
          <tr><td colspan="2" align=center><input type="submit" value="Submit Step One"><input type="hidden" name ="DO_STEP_1" value="true"></td></tr>
          </table>

        </form>
      </body>
    </html>

    ';
}else if (!empty($_POST['DO_STEP_1'])) {

    // Initiate Step One: Now that we've collected the non-sensitive customer information, we can combine other customer information and build the XML format.
    $xmlRequest = new DOMDocument('1.0','UTF-8');

    $xmlRequest->formatOutput = true;
    $xmlSale = $xmlRequest->createElement('add-customer');

    // Authentication, Redirect-URL  are typically the bare minimum.
    appendXmlNode($xmlRequest, $xmlSale,'api-key',$APIKey);
    appendXmlNode($xmlRequest, $xmlSale,'redirect-url',$_SERVER['HTTP_REFERER']);


    // Some additonal fields may have been previously decided by user

    appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-1' , 'Red');
    appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-2', 'Medium');


    if(!empty($_POST['customer-vault-id'])) {
        appendXmlNode($xmlRequest, $xmlSale, 'customer-vault-id' , $_POST['customer-vault-id']);
    }


    // Set the Billing & Shipping from what was collected on initial shopping cart form
    $xmlBillingAddress = $xmlRequest->createElement('billing');
    appendXmlNode($xmlRequest, $xmlBillingAddress,'first-name', $_POST['billing-address-first-name']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'last-name', $_POST['billing-address-last-name']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'address1', $_POST['billing-address-address1']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'city', $_POST['billing-address-city']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'state', $_POST['billing-address-state']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'postal', $_POST['billing-address-zip']);
    //billing-address-email
    appendXmlNode($xmlRequest, $xmlBillingAddress,'country', $_POST['billing-address-country']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'email', $_POST['billing-address-email']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'phone', $_POST['billing-address-phone']);
    appendXmlNode($xmlRequest, $xmlBillingAddress,'company', $_POST['billing-address-company']);
    $xmlSale->appendChild($xmlBillingAddress);


    $xmlShippingAddress = $xmlRequest->createElement('shipping');
    appendXmlNode($xmlRequest, $xmlShippingAddress,'first-name', $_POST['shipping-address-first-name']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'last-name', $_POST['shipping-address-last-name']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'address1', $_POST['shipping-address-address1']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'city', $_POST['shipping-address-city']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'state', $_POST['shipping-address-state']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'postal', $_POST['shipping-address-zip']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'country', $_POST['shipping-address-country']);
    appendXmlNode($xmlRequest, $xmlShippingAddress,'address2', $_POST['shipping-address-address2']);
    $xmlSale->appendChild($xmlShippingAddress);




    $xmlRequest->appendChild($xmlSale);

    // Process Step One: Submit all customer details to the Payment Gateway except the customer's sensitive payment information.
    // The Payment Gateway will return a variable form-url.
    $data = sendXMLviaCurl($xmlRequest,$gatewayURL);

    // Parse Step One's XML response
    $gwResponse = @new SimpleXMLElement($data);
    if ((string)$gwResponse->result ==1 ) {
        // The form url for used in Step Two below
        $formURL = $gwResponse->{'form-url'};
    } else {
        throw New Exception(print " Error, received " . $data);
    }

    // Initiate Step Two: Create an HTML form that collects the customer's sensitive payment information
    // and use the form-url that the Payment Gateway returns as the submit action in that form.
    print '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';


    print '

        <html>
        <head>
            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
            <title>Collect sensitive Customer Info </title>
        </head>
        <body>';
    // Uncomment the line below if you would like to print Step One's response
    // print '<pre>' . (htmlentities($data)) . '</pre>';

    print '
        <p><h2>Step Two: Collect sensitive payment information and POST directly to payment gateway<br /></h2></p>

        <form action="'.$formURL. '" method="POST">
        <h3> Payment Information</h3>
            <table>
                <tr><td>Credit Card Number</td><td><INPUT type ="text" name="billing-cc-number" value="4111111111111111"> </td></tr>
                <tr><td>Expiration Date</td><td><INPUT type ="text" name="billing-cc-exp" value="1014"> </td></tr>
                <tr><Td colspan="2" align=center><INPUT type ="submit" value="Submit Step Two"></td> </tr>
            </table>
        </form>
        </body>
        </html>
        ';
    // NOTE: CVV cannot be stored, per PCI Requirements

} elseif (!empty($_GET['token-id'])) {

    // Step Three: Once the browser has been redirected, we can obtain the token-id and complete
    // the Customer Vault Add through another XML HTTPS POST including the token-id which abstracts the
    // sensitive payment information that was previously collected by the Payment Gateway.
    $tokenId = $_GET['token-id'];
    $xmlRequest = new DOMDocument('1.0','UTF-8');
    $xmlRequest->formatOutput = true;
    $xmlCompleteTransaction = $xmlRequest->createElement('complete-action');
    appendXmlNode($xmlRequest, $xmlCompleteTransaction,'api-key',$APIKey);
    appendXmlNode($xmlRequest, $xmlCompleteTransaction,'token-id',$tokenId);
    $xmlRequest->appendChild($xmlCompleteTransaction);


    // Process Step Three
    $data = sendXMLviaCurl($xmlRequest,$gatewayURL);


    $gwResponse = @new SimpleXMLElement((string)$data);
    print '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
    print '
    <html>
      <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>Step Three - Complete Add Customer </title>
      </head>
      <body>';

    print "
        <p><h2>Step Three: Script automatically completes the process of adding the Customer Vault record <br /></h2></p>";

    if ((string)$gwResponse->result == 1 ) {
        print " <p><h3> Customer Vault was Added, XML response was:</h3></p>\n";
        print '<pre>' . (htmlentities($data)) . '</pre>';

    } elseif((string)$gwResponse->result == 2)  {
        print " <p><h3> Customer Vault was Not Added</h3>\n";
        print "  Reason : " . (string)$gwResponse->{'result-text'} ." </p>";
        print " <p><h3>XML response was:</h3></p>\n";
        print '<pre>' . (htmlentities($data)) . '</pre>';
    } else {
        print " <p><h3> Customer Vault Add caused an Error.</h3>\n";
        print " Error Description: " . (string)$gwResponse->{'result-text'} ." </p>";
        print " <p><h3>XML response was:</h3></p>\n";
        print '<pre>' . (htmlentities($data)) . '</pre>';
    }
    print "</body></html>";



} else {
  print "ERROR IN SCRIPT<BR>";
}


  function sendXMLviaCurl($xmlRequest,$gatewayURL) {
   // helper function demonstrating how to send the xml with curl


    $ch = curl_init(); // Initialize curl handle
    curl_setopt($ch, CURLOPT_URL, $gatewayURL); // Set POST URL

    $headers = array();
    $headers[] = "Content-type: text/xml";
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); // Add http headers to let it know we're sending XML
    $xmlString = $xmlRequest->saveXML();
    curl_setopt($ch, CURLOPT_FAILONERROR, 1); // Fail on errors
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // Allow redirects
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
    curl_setopt($ch, CURLOPT_PORT, 443); // Set the port number
    curl_setopt($ch, CURLOPT_TIMEOUT, 30); // Times out after 30s
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlString); // Add XML directly in POST


    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);


    // This should be unset in production use. With it on, it forces the ssl cert to be valid
    // before sending info.
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    if (!($data = curl_exec($ch))) {
        print  "curl error =>" .curl_error($ch) ."\n";
        throw New Exception(" CURL ERROR :" . curl_error($ch));

    }
    curl_close($ch);

    return $data;
  }

  // Helper function to make building xml dom easier
  function appendXmlNode($domDocument, $parentNode, $name, $value) {
        $childNode      = $domDocument->createElement($name);
        $childNodeValue = $domDocument->createTextNode($value);
        $childNode->appendChild($childNodeValue);
        $parentNode->appendChild($childNode);
  }


Download Documentation

Direct Post API

Documentation

Methodology

Methodology
Direct Post API

Transactions

Steps:

1. The customer sends their payment information to the merchant’s web site.
2. The merchant web site posts the payment data to the Payment Gateway.
3. The Payment Gateway responds immediately with the results of the transactions.
4. The merchant web site displays the appropriate message to the customer.

The communication method used to send messages to the Payment Gateway’s server is the standard HTTP protocol over an SSL connection.

In the Direct Post method, the communications with the cardholder (Steps 1 and 4) are developed completely by the merchant and therefore are not defined by the Payment Gateway. Step 1 should simply collect the payment data from the cardholder and Step 4 should display the appropriate transaction receipt or declined message.

In Step 2, transaction details should be delivered to the Payment Gateway using the POST method with the appropriate variables defined below posted along with the request.

In Step 3, the transaction responses are returned in the body of the HTTP response in a query string name/value format delimited by ampersands. For example: variable1=value1&variable2=value2&variable3=value3

Customer Vault

The Customer Vault was designed specifically for businesses of any size to address concerns about handling customer payment information. Visa and MasterCard have instituted the Payment Card Industry (PCI) Data Security to protect cardholder data, wherever it resides, ensuring that members, merchants, and service providers maintain the highest information security standards.

These associations have also deemed that merchants will be held liable for any breach of cardholder data. This has become a major concern for merchants who handle credit card or electronic check payments. The Customer Vault is designed for these merchants who desire to avoid the tremendous costs and resources involved in becoming PCI compliant under these circumstances.

The Customer Vault does this by allowing merchants to transmit their payment information through a Secure Sockets Layer (SSL) connection for storage in our Level 1 PCI certified data facility. Once the customer record has been securely transmitted to the Customer Vault, the merchant can then initiate transactions remotely without having to access cardholder information directly. This process is accomplished without the merchant storing the customer’s payment information in their local database or payment application.

Documentation

Transaction Types
Direct Post API

Sale (sale)

Transaction sales are submitted and immediately flagged for settlement.

Authorization (auth)

Transaction authorizations are authorized immediately but are not flagged for settlement. These transactions must be flagged for settlement using the capture transaction type.

Capture (capture)

Transaction captures flag existing authorizations for settlement. Only authorizations can be captured. Captures can be submitted for an amount equal to or less than the original authorization.

Void (void)

Transaction voids will cancel an existing sale or captured authorization. In addition, non-captured authorizations can be voided to prevent any future capture. Voids can only occur if the transaction has not been settled.

Refund (refund)

Transaction refunds will reverse a previously settled or pending settlement transaction. If the transaction has not been settled, a transaction void can also reverse it.

Credit (credit)

Transaction credits apply an amount to the cardholder’s card that was not originally processed through the Gateway. In most situations credits are disabled as transaction refunds should be used instead.

Validate (validate)

This action is used for doing an “Account Verification” on the cardholder’s credit card without actually doing an authorization.

Update (update)

Transaction updates can be used to update previous transactions with specific order information, such as a tracking number and shipping carrier.

Documentation

Transaction Variables
Direct Post API

Sale/Authorization/Credit/Validate/Offline

Variable Name Description
type* The type of transaction to be processed.
Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
payment_token The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once.
ccnumber** Credit card number.
ccexp** Credit card expiration date.
Format: MMYY
cvv The card security code. While this is not required, it is strongly recommended.
checkname*** The name on the customer’s ACH account.
checkaba*** The customer’s bank routing number.
checkaccount*** The customer’s bank account number.
account_holder_type The type of ACH account the customer has.
Values: ‘business’ or ‘personal’
account_type The ACH account entity of the customer.
Values: ‘checking’ or ‘savings’
sec_code The Standard Entry Class code of the ACH transaction.
Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’
amount Total amount to be charged. For validate, the amount must be omitted or set to 0.00.
Format: x.xx
surcharge Surcharge amount.
Format: x.xx
currency The transaction currency. Format: ISO 4217
payment*** The type of payment.
Default: ‘creditcard’
Values: ‘creditcard’, ‘check’, or ‘cash’
processor_id If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel).
authorization_code Specify authorization code. For use with “offline” action only.
dup_seconds Sets the time in seconds for duplicate transaction checking on supported processors. Set to 0 to disable duplicate checking. This value should not exceed 7862400.
descriptor Set payment descriptor on supported processors.
descriptor_phone Set payment descriptor phone on supported processors.
descriptor_address Set payment descriptor address on supported processors.
descriptor_city Set payment descriptor city on supported processors.
descriptor_state Set payment descriptor state on supported processors.
descriptor_postal Set payment descriptor postal code on supported processors.
descriptor_country Set payment descriptor country on supported processors.
descriptor_mcc Set payment descriptor mcc on supported processors.
descriptor_merchant_id Set payment descriptor merchant id on supported processors.
descriptor_url Set payment descriptor url on supported processors.
billing_method Should be set to ‘recurring’ to mark payment as a recurring transaction or ‘installment’ to mark payment as an installment transaction.
Values: ‘recurring’, ‘installment’
billing_number Specify installment billing number, on supported processors. For use when “billing_method” is set to installment.
Values: 0-99
billing_total Specify installment billing total on supported processors. For use when “billing_method” is set to installment.
order_template Order template ID.
order_description Order description.
Legacy variable includes: orderdescription
orderid Order Id
ipaddress IP address of cardholder, this field is recommended.
Format: xxx.xxx.xxx.xxx
tax**** Total tax amount.
shipping**** Total shipping amount
ponumber**** Original purchase order
first_name Cardholder’s first name.
Legacy variable includes: firstname
last_name Cardholder’s last name
Legacy variable includes: lastname
company Cardholder’s company
address1 Card billing address
address2 Card billing address, line 2
city Card billing city
state Card billing state.
Format: CC
zip Card billing zip code
country Card billing country.
Country codes are as shown in ISO 3166. Format: CC
phone Billing phone number
fax Billing fax number
email Billing email address
social_security_number Customer’s social security number, checked against bad check writers database if check verification is enabled.
drivers_license_number Driver’s license number.
drivers_license_dob Driver’s license date of birth.
drivers_license_state The state that issued the customer’s driver’s license.
shipping_firstname Shipping first name
shipping_lastname Shipping last name
shipping_company Shipping company
shipping_address1 Shipping address
shipping_address2 Shipping address, line 2
shipping_city Shipping city
shipping_state Shipping state
Format: CC
shipping_zip Shipping zip code
shipping_country Shipping country
Country codes are as shown in ISO 3166. Format: CC
shipping_email Shipping email address
merchant_defined_field_# You can pass custom information in up to 20 fields.
Format: merchant_defined_field_1=Value
customer_receipt If set to true, when the customer is charged, they will be sent a transaction receipt.
Values: ‘true’ or ‘false’
signature_image Cardholder signature image. For use with “sale” and “auth” actions only.
Format: base64 encoded raw PNG image. (16kiB maximum)
cardholder_auth‡‡ Set 3D Secure condition.
Values: ‘verified’ or ‘attempted’
eci‡‡ E-commerce indicator.
Values: ‘0’, ‘1’, ‘2’, ‘5’, ‘6’,
or ‘7’
cavv‡‡ Cardholder authentication verification value.
Format: base64 encoded
xid‡‡ Cardholder authentication transaction id.
Format: base64 encoded
three_ds_version‡‡ 3DSecure version.
Examples: “1.0.2” or “2.0”
directory_server_id Directory Server Transaction ID. May be provided as part of 3DSecure 2.0 authentication.
Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
source_transaction_id Specifies a payment gateway transaction id in order to associate payment information with a Subscription or Customer Vault record. Must be set with a ‘recurring’ or ‘customer_vault’ action.
Recurring specific fields
recurring Recurring action to be processed.
Values: add_subscription
plan_id Create a subscription tied to a Plan ID if the sale/auth transaction is successful.
plan_payments The number of payments before the recurring plan is complete.
Note: Use ‘0’ for ‘until canceled’
plan_amount The plan amount to be charged each billing cycle.
Format: x.xx
day_frequency How often, in days, to charge the customer. Cannot be set with ‘month_frequency’ or ‘day_of_month’.
month_frequency How often, in months, to charge the customer. Cannot be set with ‘day_frequency’. Must be set with ‘day_of_month’.
Values: 1 through 24
day_of_month The day that the customer will be charged. Cannot be set with ‘day_frequency’. Must be set with ‘month_frequency’.
Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day
start_date The first day that the customer will be charged.
Format: YYYYMMDD
Customer Vault specific fields
customer_vault Associate payment information with a Customer Vault record if the transaction is successful.
Values: ‘add_customer’ or ‘update_customer’
customer_vault_id Specifies a customer vault id. If not set, the payment gateway will randomly generate a customer vault id.
Stored Credentials (CIT/MIT)
initiated_by Who initiated the transaction.
Values: ‘customer’ or ‘merchant’
initial_transaction_id Original payment gateway transaction id.
stored_credential_indicator The indicator of the stored credential.
Values: ‘stored’ or ‘used’
Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system.
Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method.
Level III specific order fields
shipping Freight or shipping amount included in the transaction amount
Default: ‘0.00’
Format: x.xx
tax The sales tax, included in the transaction amount, associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exempt from sales tax.
Default: ‘0.00’
Format: x.xx
ponumber Purchase order number supplied by cardholder
orderid Identifier assigned by the merchant. This defaults to gateway transaction id.
shipping_country Shipping country (e.g. US)
Format: CC
shipping_postal Postal/ZIP code of the address where purchased goods will be delivered. This field can be identical to the ‘ship_from_postal’ if the customer is present and takes immediate possession of the goods.
ship_from_postal Postal/ZIP code of the address from where purchased goods are being shipped, defaults to merchant profile postal code.
summary_commodity_code 4 character international description code of the overall goods or services being supplied. The acquirer or processor will provide a list of current codes.
duty_amount Amount included in the transaction amount associated with the import of purchased goods.
Default: ‘0.00’
Format: x.xx
discount_amount Amount included in the transaction amount of any discount applied to complete order by the merchant.
Default: ‘0.00’
Format: x.xx
national_tax_amount The national tax amount included in the transaction amount.
Default: ‘0.00’
Format: x.xx
alternate_tax_amount Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases.
Default: ‘0.00’
Format: x.xx
alternate_tax_id Tax identification number of the merchant that reported the alternate tax amount.
vat_tax_amount Contains the amount of any value added taxes which can be associated with the purchased item.
Default: ‘0.00’
Format: x.xx
vat_tax_rate Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, e.g. 1% = 1.00.
Default: ‘0.00’
Format: x.xx
vat_invoice_reference_number Invoice number that is associated with the VAT invoice.
customer_vat_registration Value added tax registration number supplied by the cardholder.
merchant_vat_registration Government assigned tax identification number of the merchant for whom the goods or services were purchased from.
order_date Purchase order date, defaults to the date of the transaction.
Format: YYMMDD
Level III specific line item detail fields
item_product_code_# Merchant defined description code of the item being purchased.
item_description_# Description of the item(s) being supplied.
item_commodity_code_# International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes.
item_unit_of_measure_# Code for units of measurement as used in international trade.
Default: ‘EACH’
item_unit_cost_# Unit cost of item purchased, may contain up to 4 decimal places.
item_quantity_# Quantity of the item(s) being purchased.
Default: ‘1’
item_total_amount_# Purchase amount associated with the item. Defaults to: ‘item_unit_cost_#’ x ‘item_quantity_#’ rounded to the nearest penny.
item_tax_amount_# Amount of tax on specific item, amount should not be included in ‘total_amount_#’.
Default: ‘0.00’
item_tax_rate_# Percentage representing the value-added tax applied.
Default: ‘0.00’
item_discount_amount_# Discount amount which can have been applied by the merchant on the sale of the specific item. Amount should not be included in ‘total_amount_#’.
item_discount_rate_# Discount rate for the line item. 1% = 1.00.
Default: ‘0.00’
item_tax_type_# Type of value-added taxes that are being used.
item_alternate_tax_id_# Tax identification number of the merchant that reported the alternate tax amount.
* Always required
** Required for credit card transactions
*** Required for ACH transactions
**** Required for Level 2 transactions
Required for Level 3 transactions
Required for offline transactions
‡‡ Required for 3D Secure transactions

Notes:

  • Level II fields are required for Level II processing.
  • Level II and Level III fields are required for Level III processing.
  • You can pass only credit card or e-check transaction variables in a request, not both in the same request.
  • Certain banks may require some optional fields.

Capture

Variable Name Description
type* Type of transaction.
Values: ‘capture’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
transactionid* Original payment gateway transaction id
amount* Total amount to be settled. This amount must be equal to or less than the original authorized amount.
Format: x.xx
tracking_number Shipping tracking number
shipping_carrier Shipping carrier.
Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’
orderid Order id.
signature_image Cardholder signature image.
Format: base64 encoded raw PNG image. (16kiB maximum)
* Always required

Void

Variable Name Description
type* Type of transaction.
Values: ‘void’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
transactionid* Original payment gateway transaction id
void_reason** Reason the EMV transaction is being voided.
Values: ‘fraud’, ‘user_cancel’, ‘icc_rejected’, ‘icc_card_removed’, ‘icc_no_confirmation’, or ‘pos_timeout’
payment*** The type of payment.
Default: ‘creditcard’
Values: ‘creditcard’ or ‘check’
* Always required
** Conditionally required for EMV transactions
*** Required for ACH transactions

Refund

Variable Name Description
type* Type of transaction.
Values: ‘refund’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
transactionid* Original payment gateway transaction id
amount Total amount to be refunded. This amount may be equal to or less than the settled amount. Setting the amount to 0.00 will refund the entire amount.
Format: x.xx
payment** The type of payment.
Default: ‘creditcard’
Values: ‘creditcard’ or ‘check’
* Always required
** Required for ACH transactions

Update

Variable Name Description
type* Type of transactions.
Values: ‘update’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
transactionid* Original payment gateway transaction id
payment** The type of payment.
Default: ‘creditcard’
Values: ‘creditcard’ or ‘check’
tracking_number Shipping tracking number
shipping Total shipping amount.
Format: x.xx
shipping_postal Postal/ZIP code of the address where purchased goods will be delivered. This field can be identical to the ‘ship_from_postal’ if the customer is present and takes immediate possession of the goods.
ship_from_postal Postal/ZIP code of the address from where purchased goods are being shipped, defaults to merchant profile postal code.
shipping_country Shipping Country Code.
shipping_carrier Shipping carrier.
Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’
shipping_date Shipping date.
Format: YYYYMMDD
order_description Order Description.
Legacy variable includes: orderdescription
order_date Order date.
Format: YYYYMMDD
customer_receipt If set to true, when the customer is charged, they will be sent a transaction receipt.
Values: ‘true’ or ‘false’
signature_image Cardholder signature image.
Format: base64 encoded raw PNG image. (16kiB maximum)
ponumber Cardholder’s purchase order number.
summary_commodity_code 4 character international description code of the overall goods or services being supplied. The acquirer or processor will provide a list of current codes.
duty_amount Amount included in the transaction amount associated with the import of purchased goods.
Format: x.xx
discount_amount Amount included in the transaction amount of any discount applied to complete order by the merchant.
Format: x.xx
tax Tax amount.
Format: x.xx
national_tax_amount The national tax amount included in the transaction amount.
Format: x.xx
alternate_tax_amount Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases.
Format: x.xx
alternate_tax_id Tax identification number of the merchant that reported the alternate tax amount.
vat_tax_amount Contains the amount of any value added taxes which can be associated with the purchased item.
vat_tax_rate Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, e.g. 1% = 1.00.
vat_invoice_reference_number Invoice number that is associated with the VAT invoice.
customer_vat_registration Value added tax registration number supplied by the cardholder.
merchant_vat_registration Government assigned tax identification number of the merchant for whom the goods or services were purchased from.
merchant_defined_field_# Merchant Defined Fields.
Format: merchant_defined_field_1=Value
* Always required
** Required for ACH transactions

Documentation

Recurring Variables
Direct Post API

Add a Plan

Variable Name Description
recurring* Add a recurring plan that subscriptions can be added to in the future.
Value: ‘add_plan’
plan_payments* The number of payments before the recurring plan is complete.
Notes: ‘0’ for until canceled
plan_amount* The plan amount to be charged each billing cycle.
Format: x.xx
plan_name* The display name of the plan.
plan_id* The unique plan ID that references only this recurring plan.
day_frequency** How often, in days, to charge the customer. Cannot be set with ‘month_frequency’ or ‘day_of_month’.
month_frequency*** How often, in months, to charge the customer. Cannot be set with ‘day_frequency’. Must be set with ‘day_of_month’.
Values: 1 through 24
day_of_month*** The day that the customer will be charged. Cannot be set with ‘day_frequency’. Must be set with ‘month_frequency’.
Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day
* Always required
** Required unless ‘month_frequency’ and ‘day_of_month’ is set.
*** Required unless ‘day_frequency’ is set.

Add a Subscription to an Existing Plan

Variable Name Description
recurring* Associate payment information with a recurring plan.
Value: add_subscription
plan_id* The plan ID of the plan that the subscription will be associated with.
start_date The first day that the customer will be charged.
Format: YYYYMMDD
payment_token The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once.
ccnumber** Credit card number.
ccexp** Credit card expiration.
Format: MMYY
payment*** The type of payment.
Default: ‘creditcard’
Values: ‘creditcard’ or ‘check’
checkname*** The name on the customer’s ACH account.
checkaccount*** The customer’s bank account number.
checkaba*** The customer’s bank routing number.
account_type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
currency Set transaction currency.
account_holder_type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
sec_code ACH standard entry class codes.
Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’
first_name Cardholder’s first name.
Legacy variable includes: firstname
last_name Cardholder’s last name.
Legacy variable includes: lastname
address1 Card billing address.
city Card billing city
state Card billing state.
zip Card billing postal code.
country Card billing country code.
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
orderid Order ID
order_description Order Description
merchant_defined_field_# Can be set up in merchant control panel under ‘Settings’->’Merchant Defined Fields’.
ponumber Cardholder’s purchase order number.
processor_id If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel).
customer_receipt If set to true, when the customer is charged, they will be sent a transaction receipt.
Values: ‘true’ or ‘false’
source_transaction_id Specifies a payment gateway transaction id in order to associate payment information with a Subscription record.
* Always required
** Required for credit card transactions
*** Required for ACH transactions

Adding a Custom Subscription

Variable Name Description
recurring* Add a custom recurring subscription that is NOT associated with an existing plan
Value: ‘add_subscription’
plan_payments* The number of payments before the recurring plan is complete.
Notes: ‘0’ for until canceled
plan_amount* The plan amount to be charged each billing cycle.
Format: x.xx
day_frequency** How often, in days, to charge the customer. Cannot be set with ‘month_frequency’ or ‘day_of_month’.
month_frequency*** How often, in months, to charge the customer. Cannot be set with ‘day_frequency’. Must be set with ‘day_of_month’.
Values: 1 through 24
day_of_month*** The day that the customer will be charged. Cannot be set with ‘day_frequency’. Must be set with ‘month_frequency’.
Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day
start_date The first day that the customer will be charged.
Format: YYYYMMDD
payment_token The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once.
ccnumber**** Credit card number.
ccexp**** Credit card expiration.
Format: MMYY
payment The type of payment.
Default: ‘creditcard’
Values: ‘creditcard’ or ‘check’
checkname The name on the customer’s ACH account.
checkaccount The customer’s bank account number.
checkaba The customer’s bank routing number.
account_type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
account_holder_type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
sec_code ACH standard entry class codes.
Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’
first_name Cardholder’s first name.
Legacy variable includes: firstname
last_name Cardholder’s last name.
Legacy variable includes: lastname
address1 Card billing address.
city Card billing city
state Card billing state.
zip Card billing postal code.
country Card billing country code.
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
orderid Order ID
order_description Order Description
Legacy variable includes: orderdescription
merchant_defined_field_# Can be set up in merchant control panel under ‘Settings’->’Merchant Defined Fields’.
ponumber Cardholder’s purchase order number.
processor_id If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel).
customer_receipt If set to true, when the customer is charged, they will be sent a transaction receipt.
Values: ‘true’ or ‘false’
source_transaction_id Specifies a payment gateway transaction id in order to associate payment information with a Subscription record.
* Always required
** Required unless ‘month_frequency’ and ‘day_of_month’ is set.
*** Required unless ‘day_frequency’ is set.
**** Required for credit card transactions
Required for ACH transactions

Update a Subscription’s Billing Information

Variable Name Description
recurring* Update the subscription’s billing information.
Value: ‘update_subscription’
subscription_id* The subscription ID that will be updated.
* Always required

Delete a Subscription

Variable Name Description
recurring* Delete the subscription. Customer will no longer be charged.
Value: ‘delete_subscription’
subscription_id* The subscription ID that will be deleted.
* Always required

Documentation

Transaction Variables
Direct Post API

Create Invoice

Variable Name Description
invoicing* Create a new invoice and email it to the customer.
Values: ‘add_invoice’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
amount* Total amount to be invoiced. Must be greater than 0.00.
Format: x.xx
email* Billing email address
An invoice will be sent to this address when it is created.
payment_terms When the invoice should be paid
Default: ‘upon_receipt’
Values: ‘upon_receipt’, or integers from 0-999.
payment_methods_allowed What payment methods a customer may use when paying invoice.
Defaults to all available payment methods available in your merchant account
Values: ‘cc’, ‘ck’, and ‘cs’. Multiple payment types can be selected by comma-separating values.
currency The transaction currency.
Format: ISO 4217
order_description Order description.
Legacy variable includes: orderdescription
orderid Order ID.
customer_id Customer ID.
customer_tax_id Customer Tax ID.
tax Total tax amount.
shipping Total shipping amount.
ponumber Original purchase order.
first_name Cardholder’s first name.
Legacy variable includes: firstname
last_name Cardholder’s last name.
Legacy variable includes: lastname
company Cardholder’s company.
address1 Card billing address.
address2 Card billing address, line 2.
city Card billing city.
state Card billing state.
Format: CC
zip Card billing zip code.
country Card billing country.
Country codes are as shown in ISO 3166. Format: CC
phone Billing phone number.
fax Billing fax number.
website Customer website.
shipping_firstname Shipping first name.
shipping_lastname Shipping last name.
shipping_company Shipping company.
shipping_address1 Shipping address.
shipping_address2 Shipping address, line 2.
shipping_city Shipping city.
shipping_state Shipping state.
Format: CC
shipping_zip Shipping zip code.
shipping_country Shipping country.
Country codes are as shown in ISO 3166. Format: CC
shipping_email Shipping email address.
merchant_defined_field_# You can pass custom information in up to 20 fields.
Format: merchant_defined_field_1=Value
Product Information
item_product_code_# Merchant defined description code of the item being purchased.
item_description_# Description of the item(s) being supplied.
item_commodity_code_# International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes.
item_unit_of_measure_# Code for units of measurement as used in international trade.
Default: ‘EACH’
item_unit_cost_# Unit cost of item purchased, may contain up to 4 decimal places.
item_quantity_# Quantity of the item(s) being purchased.
Default: ‘1’
item_total_amount_# Purchase amount associated with the item. Defaults to: ‘item_unit_cost_#’ x ‘item_quantity_#’ rounded to the nearest penny.
item_tax_amount_# Amount of tax on specific item, amount should not be included in ‘total_amount_#’.
Default: ‘0.00’
item_tax_rate_# Percentage representing the value-added tax applied.
Default: ‘0.00’
item_discount_amount_# Discount amount which can have been applied by the merchant on the sale of the specific item. Amount should not be included in ‘total_amount_#’.
item_discount_rate_# Discount rate for the line item. 1% = 1.00.
Default: ‘0.00’
item_tax_type_# Type of value-added taxes that are being used.
item_alternate_tax_id_# Tax identification number of the merchant that reported the alternate tax amount.
* Always required

Update Invoice

Variable Name Description
invoicing* Update an existing invoice.
Values: ‘update_invoice’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
invoice_id* The invoice ID to be updated.
* Always required

Notes:


All variables (besides currency) on an invoice may be updated. Updating an invoice will not result in a new invoice being sent to the customer. To send the invoice after updating an invoice, use the send_invoice request after making changes.

Send Invoice

Variable Name Description
invoicing* Send an existing invoice to a customer.

Values: ‘send_invoice’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
invoice_id* The invoice ID to be emailed.
* Always required

Notes:


The invoice will be sent to the billing email address assigned to the invoice.

Close Invoice

Variable Name Description
invoicing* The invoice to be closed.

Values: ‘close_invoice’
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
invoice_id* The invoice ID to be closed.
* Always required

Documentation

Customer Vault Variables
Direct Post API

Add/Update Customer Record

Variables Description
customer_vault* Add/Update a secure customer vault record.
Values: ‘add_customer’ or ‘update_customer’
customer_vault_id Specifies a customer vault id. If not set, the payment gateway will randomly generate a customer vault id.
billing_id Billing id to be assigned or updated. If none is provided, one will be created or the billing id with priority ‘1’ will be updated.
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
payment_token The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once.
ccnumber** Credit card number.
ccexp** Credit card expiration.
Format: MMYY
checkname*** The name on the customer’s ACH account.
checkaba*** The customer’s bank routing number.
checkaccount*** The customer’s bank account number.
account_holder_type The customer’s ACH account entity.
Values: ‘personal’ or ‘business’
account_type The customer’s ACH account type.
Values: ‘checking’ or ‘savings’
sec_code ACH standard entry class codes.
Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’
currency Set transaction currency.
payment Set payment type to ACH or credit card.
Values: ‘creditcard’ or ‘check’
orderid Order id
order_description Order Description
Legacy variable includes: orderdescription
merchant_defined_field_# Can be set up in merchant control panel under ‘Settings’->’Merchant Defined Fields’.
Format: merchant_defined_field_1=Value
first_name Cardholder’s first name.
Legacy variable includes: firstname
last_name Cardholder’s last name.
Legacy variable includes: lastname
address1 Card billing address.
city Card billing city
state Card billing state.
zip Card billing postal code.
country Card billing country code.
phone Billing phone number.
email Billing email address.
company Cardholder’s company.
address2 Card billing address, line 2.
fax Billing fax number.
shipping_id Shipping entry id. If none is provided, one will be created or the billing id with priority ‘1’ will be updated.
shipping_firstname Shipping first name.
shipping_lastname Shipping last name.
shipping_company Shipping company.
shipping_address1 Shipping address.
shipping_address2 Shipping address, line 2.
shipping_city Shipping city
shipping_state Shipping state.
shipping_zip Shipping postal code.
shipping_country Shipping country code.
shipping_phone Shipping phone number.
shipping_fax Shipping fax number.
shipping_email Shipping email address.
source_transaction_id Specifies a payment gateway transaction id in order to associate payment information with a Customer Vault record.
* Always required
** Required for credit card transactions
*** Required for ACH transactions

Customer Vault initiated Sale/Auth/Credit/Offline

Variable Description
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
customer_vault_id* Specifies a customer vault id.
amount Total amount to be charged. For validate, the amount must be omitted or set to 0.00.
Format: x.xx
currency The transaction currency.
Format: ISO 4217
processor_id If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel).
descriptor Set payment descriptor on supported processors.
descriptor_phone Set payment descriptor phone on supported processors.
order_description Order description.
Legacy variable includes: orderdescription
orderid Order ID
Stored Credentials (CIT/MIT)
initiated_by Who initiated the transaction.
Values: ‘customer’ or ‘merchant’
initial_transaction_id Original payment gateway transaction id.
stored_credential_indicator The indicator of the stored credential.
Values: ‘stored’ or ‘used’
Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system.
Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method.
* Always required

Delete Customer Record

Variable Description
customer_vault* Deletes a secure customer vault record.
Values: ‘delete_customer’
customer_vault_id* Specifies a customer vault id.
security_key* API Security Key assigned to a merchant account.

New keys can be generated from the merchant control panel in Settings > Security Keys
* Always required

Notes:

  • If you do not pass a customer_vault_id, our system will randomly generate one. If you include a customer_id and customer_vault_id, they must match.
  • You can only pass Credit Card or Electronic Check transaction variables.

Documentation

Retail Data
Direct Post API

Passing Unencrypted Retail Magnetic Stripe Data

Variable Name Description
track_1 Raw Magnetic Stripe Data
track_2 Raw Magnetic Stripe Data
track_3 Raw Magnetic Stripe Data

Passing MagTek Magensa Encrypted Magnetic Stripe Data

Variable Name Description
magnesafe_track_1 Raw MagTek Magensa Data
magnesafe_track_2 Raw MagTek Magensa Data
magnesafe_magneprint Raw MagTek Magensa Data
magnesafe_ksn Raw MagTek Magensa Data
magnesafe_magneprint_status Raw MagTek Magensa Data

Passing IDTech M130 Encrypted Swipe Data

Variable Name Description
encrypted_track_1 Raw encrypted data
encrypted_track_2 Raw encrypted data
encrypted_track_3 Raw encrypted data
encrypted_ksn Raw encrypted data

Passing IDTech M130 Encrypted Keyed Data

Variable Name Description
encrypted_data Raw encrypted data

Passing Ingenico Telium 2 Chip Card Data

Variable Name Description
entry_mode The type of transaction data to be processed.
Value: ’emv_icc’
emv_auth_request_data EMV Data for the transaction as received from the EMV Chip Card SDK.
emv_device The EMV – capable card reader.
Value: ‘ingenico_rba’
verification_method Method used to verify the EMV transaction.
Values: ‘signature’, ‘offline_pin’, ‘offline_pin_signature’, or ‘none’
encrypted_ksn Raw encrypted data
encrypted_track_2 Raw encrypted data

Passing Ingenico Telium 2 Swipe Data

Variable Name Description
entry_mode The type of transaction data to be processed.
Values: ‘swiped’ or ‘swiped_emv_fallback’
emv_device The EMV – capable card reader.
Value: ‘ingenico_rba’
encrypted_ksn Raw encrypted data
encrypted_track_1 Raw encrypted data
encrypted_track_2 Raw encrypted data

Passing Ingenico Telium 2 NFC Data

Variable Name Description
entry_mode The type of transaction data to be processed.
Value: ‘nfc_msd’
emv_device The EMV – capable card reader.
Value: ‘ingenico_rba’
encrypted_ksn Raw encrypted data
encrypted_track_2 Raw encrypted data

Passing Ingenico Telium 2 Keyed Data

Variable Name Description
entry_mode The type of transaction data to be processed.
Value: ‘keyed’
emv_device The EMV – capable card reader.
Value: ‘ingenico_rba’
encrypted_ksn Raw encrypted data
encrypted_track_2 Raw encrypted data

Documentation

Apple Pay

Apple Pay
Direct Post API

Supported Processors

Currently Apple Pay is supported only on the TSYS – EMV platform.

Configuring Apple Pay

Creating an Apple Merchant ID
First, you must obtain an Apple Merchant ID before you can generate the Certificate Signing Request that Apple requires. You will need to set up an Apple Merchant ID in your iOS Developer Account. Follow these steps to complete the setup:

  1. Go to Apple’s Developer Portal and log in to the Member Center to create a new Merchant ID.
  2. Navigate to the Certificates, Identifiers, and Profiles area of the Member Center, and then begin the Register Merchant ID process.
  3. You must then set the Apple Merchant ID within your gateway Control Panel under Settings -> Apple Pay.

Generating the Certificate Signing Request
Next, you will need to associate a Certificate with the Merchant ID in Apple’s Developer Portal. After downloading the Certificate Signing Request from the gateway’s options page, follow these steps.

  1. In Apple’s Developer Portal, click on the Merchant ID and then click “Edit”.
  2. Click “Create Certificate”.
  3. You are obtaining a CSR file from a Payment Provider so you will not have to create one. Click “Continue” to proceed to the upload page.
  4. Click “Choose File…” and select the Gateway.certSigningRequest file you downloaded from the gateway’s options page.

How to Obtain Apple Pay Payment Data

PassKit provides the payment data in the (PKPayment *)payment that is returned to your app’s paymentAuthorizationViewController:didAuthorizePayment:completion method. The Apple Pay encrypted payment data is found in payment.token.paymentData.

payment.token.paymentData is a binary (NSData) object, so you must encode it as a hexadecimal string before it can be passed to the Gateway.

Passing Apple Pay Payment Data

To submit a payment with Apple Pay, send the encrypted token data into the applepay_payment_data variable. There is no need to decrypt the data in your app. Only the Gateway will have access to the private key that can decrypt the token.

Notes

When passing in applepay_payment_data, you should not include the variables ccnumber or ccexp; they are extracted from the token data.

Important Note: The authorization amount must match the amount the customer approves in the app. If you pass in a currency, that must also match the currency approved in the app. If omitted, the currency from the app is used.

For working example code, including how to obtain the PKPayment object and how to pass a simple transaction to the Gateway, download the sample project.

Variables

Variable Name Description
applepay_payment_data The encrypted Apple Pay payment data (payment.token.paymentData) from PassKit encoded as a hexadecimal string

Troubleshooting

If you receive the error “Failed to decrypt Apple Pay data. Ensure that the Apple Pay Merchant ID is correct in the Gateway Settings and that the certificate was generated from a Gateway Certificate Signing Request.”, try these steps:

  1. Verify that the Merchant ID that Apple has in the developer portal exactly matches the Merchant ID in the Gateway’s settings.
  2. Verify that your app’s PKPaymentRequest’s merchantIdentifier exactly matches the Merchant ID in the Gateway’s settings.
  3. Ensure that the correct Merchant ID is checked in the Apple Pay section of the Capabilities tab in your project’s target settings.
  4. Try creating a new Merchant ID. Reusing an existing Merchant ID with a new certificate may sometimes cause issues with encryption.

Apple Pay

Documentation

Partial Payment Information
Direct Post API

Request Details

Variable Description
partial_payment_id Unique identifier returned when making the original transaction. This should only be used for secondary transactions.
partial_payments This variable allows the following two values to be passed to it:
settle_partial: Settles any amount of tender collected (captured partial auth’s and approved partial sales) at cut off.
payment_in_full: Required that any split tendered transaction is collected in-full before settlement gets initiated.
type This variable can be passed the value ‘complete_partial_payment’ which will complete a payment_in_full transaction that has not been collected in full. This allows industries that require payment_in_full but subsequently decide to still settle the transaction even though it has not been collected in full.

Response Details

Variable Description
partial_payment_id A numeric identifier which is used when submitting subsequent transactions.
partial_payment_balance Returns the payment’s remaining balance.
amount_authorized Provides the amount that was authorized.

Examples

Example 1: In this request, if nothing more was done, a transaction for 30.00 would settle at the next cut-off.

Request …type=sale&partial_payments=settle_partial&ccnumber=4111111111111111&ccexp=1016&amount=100.00…
Response …response=1&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=30.00…

Example 2: In this request, payment_in_full was required and two transaction were collected – this transaction would settle at the next cut-off.

Request 1 …type=sale&partial_payments=payment_in_full&ccnumber=4111111111111111&ccexp=1016&amount=100.00…
Response 1 …response=1&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=30.00…
Request 2 …type=sale&partial_payment_id=123456789&partial_payments=payment_in_full&ccnumber=4000000000000002&ccexp=1016&amount=70.00…
Response 2 …response=1& partial_payment_id=123456789&partial_payment _balance=0.00&amount_authorized=70.00…

Example 3: In this example, payment_in_full was required and two transactions were attempted, but only one collected. The merchant decided to force it out anyways – this transaction would settle at the next cut-off.

Request 1 …type=sale&partial_payments=payment_in_full&ccnumber=4111111111111111&ccexp=1016&amount=100.00…
Response 1 …response=1&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=30.00…
Request 2 …type=sale&partial_payment_id=123456789&partial_payments=payment_in_full&ccnumber=4000000000000002&ccexp=1016&amount=70.00…
Response 2 …response=2&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=70.00…
Request 3 …type=complete_partial_payment& partial_payment_id=123456789&partial_payments=payment_in_full&amount=70.00…
Response 3 …response=1& partial_payment_id=123456789&partial_payment_balance=0.00&amount_authorized=70.00…

Documentation

Credential on File Information
Direct Post API

Please note the below is meant to be a guide for how the platform supports CIT and MIT use cases. This is not meant to be an exhaustive list of items needed in order to be compliant. For more information on CIT/MIT compliance, please consult your processor.

Credential on File regulations apply any time data is stored to process future purchases for a cardholder.

Customer vs Merchant Initiated

When a customer is actively engaged in checkout – either physical present in a store, or checking out online in their browser, that is a Customer Initiated Transaction (CIT).

When the customer isn’t actively engaged, but has given permission for their card to be charged, that is a Merchant Initiated Transaction (MIT). In order for a merchant to submit a Merchant Initiated Transaction, a Customer Initiated transaction is required first.

Overview

A cardholder’s consent is required for the initial storage of credentials. When a card is stored, an initial transaction should be submitted (Validate, Sale, or Auth) with the correct credential-on-file type. The transaction must be approved (not declined or encounter an error.) Then, store the transaction ID of the initial customer initiated transaction. The transaction ID must then be submitted with any follow up transactions (MIT or CIT.)

Credential on File types include Recurring, Installment, and Unscheduled types.

For simplicity – we are using the Direct Post API variables. These match the names of the Batch Upload, Collect.js, or the Browser Redirect APIs. The Three-Step API follows the same pattern, and the variables should be submitted on Step 1.

Request Details

Variable Description
initiated_by Who initiated the transaction.
Values: ‘customer’ or ‘merchant’
initial_transaction_id Original payment gateway transaction id.
stored_credential_indicator The indicator of the stored credential.
Values: ‘stored’ or ‘used’
Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system.
Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method.

Response Details

Variable Description
cof_supported Credential on File support indicator specific to the transaction.
Values: ‘stored’ or ‘used’
Value will be ‘stored’ if CIT/MIT transaction was sent to a processor that supports the feature.
Value will be ‘used’ if CIT/MIT transaction was sent to a processor that does not support the feature or if a merchant-initiated transaction cannot occur due to Cross-Processor limitations.

Please Note: For Three-Step Redirect transactions, the request details must be sent in Step 1 and the ‘cof-supported’ element will be returned in the response of Step 3.

Recurring:

A transaction in a series of transactions that uses a stored credential and are processed at fixed, regular intervals (not to exceed one year between transactions), and represents cardholder agreement for the merchant to initiate future transactions for the purchase of goods or services provided at regular intervals.

If a customer is signing up for a recurring subscription, the merchant is expected to send “an initial recurring transaction” every time the customer signs up for a new recurring subscription.

For an initial transaction:

  • For a free trial, the initial transaction will be a validate transaction type (or auth if validate is not supported.)
  • If the customer is being charged immediately for a product, the initial transaction will be a sale or an authorization for the correct amount.

Either transaction MUST INCLUDE three items:

  • billing_method=recurring
  • initiated_by=customer
  • stored_credential_indicator=stored

Examples

Example 1: In this request, an initial recurring sale is sent and an approved transaction is returned in the response. Store this transaction for the follow up request.

Request …type=sale&billing_method=recurring&initiated_by=customer&stored_credential_indicator=stored…
Response …response=1&responsetext=Approved&transactionid=1234567890…

The transaction ID would be stored and submitted on follow up transactions. The follow up transaction(s) would include:

  • billing_method=recurring
  • initiated_by=merchant
  • stored_credential_indicator=used
  • initial_transaction_id=XXXXXXXXXX

Example 2: In this request, the subsequent merchant initiated sale is processed using the stored transaction from Example 1.

Request …type=sale&billing_method=recurring&initiated_by=merchant&stored_credential_indicator=used&initial_transaction_id=1234567890…
Response …response=1&responsetext=Approved&transactionid=1234567891…

Please Note: This transaction ID cannot be used for “unscheduled” or “installment” credential-on-file transactions.

Installment:

An “installment” transaction is a series of transactions that uses a stored credential and represents cardholder agreement with the merchant to initiate one or more future transactions over a period of time for a single purchase of goods or services.

Installment transactions work just like Recurring in that you need a customer initiated transaction for a subsequent installment transaction. The difference is the billing_method will be “installment”.

The customer initiated transaction MUST INCLUDE at least three items (* recommended to send, if available):

  • billing_method=installment
  • initiated_by=customer
  • stored_credential_indicator=stored
  • * billing_total
  • * billing_number (Values: 0-99)

Examples

Example 3: In this request, an initial installment sale is sent and an approved transaction is returned in the response. Store this transaction for the follow up request.

Request …type=sale&billing_method=installment&initiated_by=customer&stored_credential_indicator=stored&billing_total=100.00&billing_number=1&amount=25.00…
Response …response=1&responsetext=Approved&transactionid=1234567890…

The transaction ID would be stored and submitted on follow up transactions. The follow up transaction(s) would include (* recommended to send, if available):

  • billing_method=installment
  • initiated_by=merchant
  • stored_credential_indicator=used
  • initial_transaction_id=XXXXXXXXXX
  • * billing_total
  • * billing_number

Example 4: In this request, the subsequent merchant initiated sale is processed using the stored transaction from Example 3.

Request …type=sale&billing_method=installment&initiated_by=merchant&stored_credential_indicator=used&initial_transaction_id=1234567890&billing_total=100.00&billing_number=1&amount=25.00…
Response …response=1&responsetext=Approved&transactionid=1234567891…

Please Note: This transaction ID cannot be used for “unscheduled” or “recurring” card on file transactions.

Unscheduled Credential On File:

For payments that aren’t recurring or installment – there are unscheduled options as well.

The first customer initiated transaction will include these two items (no billing method):

  • initiated_by=customer
  • stored_credential_indicator=stored

Examples

Example 5: In this request, an initial unscheduled sale is sent and an approved transaction is returned in the response. Store this transaction for the follow up request.

Request …type=sale&initiated_by=customer&stored_credential_indicator=stored…
Response …response=1&responsetext=Approved&transactionid=1234567890…

The transaction ID can be used, without a billing method, for a customer initiated or merchant initiated transaction.

Please Note: The transaction ID cannot be used for a “recurring” or “installment” transaction.

Unscheduled, Customer Initiated: A card-absent transaction initiated by the cardholder where the cardholder does not need to enter their card details as the merchant uses the payment credential previously stored by the cardholder to perform the transaction. Examples include a transaction using customer’s merchant profile or digital wallet.

This is your typical shopping cart scenario where the customer checks out without having to re-enter their card details.

The follow up transaction(s) would include:

  • initiated_by=customer
  • stored_credential_indicator=used

Example 6: In this request, a subsequent unscheduled sale is sent and an approved transaction is returned in the response.

Request …type=sale&initiated_by=customer&stored_credential_indicator=used…
Response …response=1&responsetext=Approved&transactionid=1234567891…

Unscheduled, Merchant Initiated: A transaction using a stored credential for a fixed or variable amount that does not occur on a scheduled or regularly occurring transaction date, where the cardholder has provided consent for the merchant to initiate one or more future transactions. An example of this transaction is an account auto-top up transaction.

An example of an account auto-top up would be a customer with an account with a balance. When that balance gets low, the customer’s card is charged automatically, without the customer’s involvement.

The follow up transaction(s) would include:

  • initiated_by=merchant
  • stored_credential_indicator=used
  • initial_transaction_id=XXXXXXXXXX

Example 7: In this request, a subsequent unscheduled sale is sent and an approved transaction is returned in the response.

Request …type=sale&initiated_by=merchant&stored_credential_indicator=used&initial_transaction_id=1234567890…
Response …response=1&responsetext=Approved&transactionid=1234567892…

Appendix 1: Recommend Further Reading:

If there is any question where a transaction type falls, we recommend reviewing the official card brand documentation. Visa’s guidelines are the most stringent, and generally if you follow those guidelines, you’ll also be compliant for MasterCard, American Express and Discover.

Visa:
https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf

MasterCard:
https://www.mastercard.us/en-us/consumers/offers-promotions/credential-on-file-payments.html

Documentation

Transaction Response Variables
Direct Post API

Standard Response

Variable Name Description
response 1 = Transaction Approved
2 = Transaction Declined
3 = Error in transaction data or system error
responsetext Textual response
authcode Transaction authorization code.
transactionid Payment gateway transaction id.
avsresponse AVS response code (See Appendix 1).
cvvresponse CVV response code (See Appendix 2).
orderid The original order id passed in the transaction request.
response_code Numeric mapping of processor responses (See Appendix 3).
emv_auth_response_data This will optionally come back when any chip card data is provided on the authorization. This data needs to be sent back to the SDK after an authorization.

Documentation

Testing Information
Direct Post API

Transaction testing credentials

Transactions can be tested using one of two methods. First, transactions can be submitted to any merchant account that is in test mode. Keep in mind that if an account is in test mode, all valid credit cards will be approved but no charges will actually be processed.

The Payment Gateway demo account can also be used for testing at any time. Please use the following security key for testing with this account:

security_key: 6457Thfj624V5r7WUwc5v6a68Zsd6YEm

Transaction POST URL

Transaction details should be POST’ed to the following URL:

POST URL: https://secure.apsmerchantgateway.com/api/transact.php

Test Data

Transactions can be submitted using the following information:

Visa: 4111111111111111
MasterCard: 5431111111111111
Discover: 6011601160116611
American Express: 341111111111111
Diner’s Club: 30205252489926
JCB: 3541963594572595
Maestro: 6799990100000000019
Credit Card Expiration: 10/25
account (ACH): 123123123
routing (ACH): 123123123

Triggering Errors in Test Mode

  • To cause a declined message, pass an amount less than 1.00.
  • To trigger a fatal error message, pass an invalid card number.
  • To simulate an AVS match, pass 888 in the address1 field, 77777 for zip.
  • To simulate a CVV match, pass 999 in the cvv field.

Documentation

Appendices

Appendix 1
Direct Post API

AVS Response Codes

X Exact match, 9-character numeric ZIP
Y Exact match, 5-character numeric ZIP
D Exact match, 5-character numeric ZIP
M Exact match, 5-character numeric ZIP
2 Exact match, 5-character numeric ZIP, customer name
6 Exact match, 5-character numeric ZIP, customer name
A Address match only
B Address match only
3 Address, customer name match only
7 Address, customer name match only
W 9-character numeric ZIP match only
Z 5-character ZIP match only
P 5-character ZIP match only
L 5-character ZIP match only
1 5-character ZIP, customer name match only
5 5-character ZIP, customer name match only
N No address or ZIP match only
C No address or ZIP match only
4 No address or ZIP or customer name match only
8 No address or ZIP or customer name match only
U Address unavailable
G Non-U.S. issuer does not participate
I Non-U.S. issuer does not participate
R Issuer system unavailable
E Not a mail/phone order
S Service not supported
0 AVS not available
O AVS not available
B AVS not available

Appendices

Appendix 2
Direct Post API

CVV Response Codes

M CVV2/CVC2 match
N CVV2/CVC2 no match
P Not processed
S Merchant has indicated that CVV2/CVC2 is not present on card
U Issuer is not certified and/or has not provided Visa encryption keys

Appendices

Appendix 3
Direct Post API

Result Code Table

100 Transaction was approved.
200 Transaction was declined by processor.
201 Do not honor.
202 Insufficient funds.
203 Over limit.
204 Transaction not allowed.
220 Incorrect payment information.
221 No such card issuer.
222 No card number on file with issuer.
223 Expired card.
224 Invalid expiration date.
225 Invalid card security code.
226 Invalid PIN.
240 Call issuer for further information.
250 Pick up card.
251 Lost card.
252 Stolen card.
253 Fraudulent card.
260 Declined with further instructions available. (See response text)
261 Declined-Stop all recurring payments.
262 Declined-Stop this recurring program.
263 Declined-Update cardholder data available.
264 Declined-Retry in a few days.
300 Transaction was rejected by gateway.
400 Transaction error returned by processor.
410 Invalid merchant configuration.
411 Merchant account is inactive.
420 Communication error.
421 Communication error with issuer.
430 Duplicate transaction at processor.
440 Processor format error.
441 Invalid transaction information.
460 Processor feature not available.
461 Unsupported card type.

Direct Post Api

Examples


' ***** DISCLAIMER *****
' This code is to be used as an example and not in production.
' It lacks thorough testing and debugging.  The Results below will be
    ' returned when posting against a gateway Test Account or an Active Account with Test Mode Enabled



GatewaySecurityKey = "[[Gateway Security Key Here]]"

' Returns True on Success, False on Failure
Function GatewaySale(amount, ccnumber, ccexp, cvv, name, address, zip)
    Set OGateway = Server.CreateObject("MSXML2.ServerXMLHTTP")
    OGateway.Open "POST", "https://secure.apsmerchantgateway.com/api/transact.php", false
    OGateway.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    DataToSend = "security_key=" & Server.URLEncode(GatewaySecurityKey) &_
             "&ccnumber=" & Server.URLEncode(ccnumber) &_
             "&ccexp=" & Server.URLEncode(ccexp) &_
             "&cvv=" & Server.URLEncode(cvv) &_
             "&amount=" & Server.URLEncode(amount) &_
             "&firstname=" & Server.URLEncode(name) &_
             "&address1=" & Server.URLEncode(address) &_
             "&zip=" & Server.URLEncode(zip)

    OGateway.Send DataToSend

    ResponseString = OGateway.responseText
    Results = Split(ResponseString, "&")

    GatewaySale = False
    For Each i in Results
        Result = Split(i,"=")
        If UBound(Result)>0 Then
            If  LCase(Result(0))="response" Then
                If Result(1) = "1" Then
                    GatewaySale = True
                End If
            End If
        End If
    Next
End Function

Results = GatewaySale("10.00","4111111111111111","0112","","John Smith","123 Main St", "60123")
Response.Write("This should be true: " & Results & "
") Results = GatewaySale("0.99","4111111111111111","0112","","John Smith","123 Main St", "60123") Response.Write("This should be false: " & Results & "
")

Examples


///###########################################################
///#                                                         #
///#  D I S C L A I M E R                                    #
///#                                                         #
///#  WARNING: ANY USE BY YOU OF THE SAMPLE CODE PROVIDED    #
///#  IS AT YOUR OWN RISK.                                   #
///#                                                         #
///#  This code is provided "as is" without                  #
///#  warranty of any kind, either express or implied,       #
///#  including but not limited to the implied warranties    #
///#  of merchantability and/or fitness for a particular     #
///#  purpose.                                               #
///#                                                         #
///#                                                         #
///###########################################################


///###########################################################
///#                                                         #
///#  Direct Post Transaction Submission Methodology         #
///#                                                         #
///###########################################################
///#                                                         #
///#  1. You gather all the required transaction data on     #
///#  your secure web site.                                  #
///#                                                         #
///#  2. The transaction data gets submitted (via HTTPS      #
///#  POST) to the gateway as one long string, consisting    #
///#  of specific name/value pairs.                          #
///#                                                         #
///#  3. When performing the HTTPS POST operation, you       #
///#  remain on the same web page from which you've          #
///#  performed the operation.                               #
///#                                                         #
///#  4. The Gateway immediately returns a transaction       #
///#  response string to the same web page from which you    #
///#  have performed the HTTPS POST operation.               #
///#                                                         #
///#  5. You may then parse the response string and act      #
///#  upon certain response criteria, according to your      #
///#  business needs.                                        #
///#                                                         #
///#                                                         #
///###########################################################

<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<script language="C#" runat="server">
void Page_Load(Object Src, EventArgs E) {

// Process readHtmlPage function
  myPage.Text = readHtmlPage("https://secure.apsmerchantgateway.com/api/transact.php");
}



private String readHtmlPage(string url)
{

//setup some variables

String security_key = "6457Thfj624V5r7WUwc5v6a68Zsd6YEm";
String firstname = "John";
String lastname  = "Smith";
String address1  = "1234 Main St.";
String city      = "Chicago";
String state     = "IL";
String zip       = "60193";

//setup some variables end

  String result = "";
  String strPost = "security_key=" + security_key
     + "&firstname=" + firstname + "&lastname=" + lastname
     + "&address1=" + address1 + "&city=" + city + "&state=" + state
     + "&zip=" + zip + "&payment=creditcard&type=sale"
     + "&amount=1.00&ccnumber=4111111111111111&ccexp=1015&cvv=123";
  StreamWriter myWriter = null;

  HttpWebRequest objRequest = (HttpWebRequest)WebRequest.Create(url);
  objRequest.Method = "POST";
  objRequest.ContentLength = strPost.Length;
  objRequest.ContentType = "application/x-www-form-urlencoded";

  try
  {
     myWriter = new StreamWriter(objRequest.GetRequestStream());
     myWriter.Write(strPost);
  }
  catch (Exception e)
  {
     return e.Message;
  }
  finally {
     myWriter.Close();
  }

  HttpWebResponse objResponse = (HttpWebResponse)objRequest.GetResponse();
  using (StreamReader sr =
     new StreamReader(objResponse.GetResponseStream()) )
  {
     result = sr.ReadToEnd();

     // Close and clean up the StreamReader
     sr.Close();
  }
  return result;
}
</script>
<html>
<body>
<b>The content on this web page is the result of an HTTP POST operation to the Gateway, using the Direct Post method.<br>
<br/>
</b><hr/>
<asp:literal id="myPage" runat="server"/>
</body>
</html>

Examples

ccon.cfm


<CFLOCK Name="#session.sessionID#" timeout="10" Type ="Exclusive">
<CFPARAM NAME="session.status" Default="none">
<CFPARAM NAME="emsg" Default="A connection with the financial gateway failed.">
<CFSET oid = ''>
<CFSET em = 0>

<CFIF not IsDefined('URL.ccinterim')>
<CFSET em = 100>
<CFELSEIF not IsDefined('session.store')>
<CFSET em = 101>
<CFELSEIF not session.active>
<CFSET em = 102>
<CFELSEIF not session.store>
<CFSET em = 103>
<CFELSEIF #session.retry# gt 2>
<CFSET em = 400>
</CFIF>
<CFIF em gt 0>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLtoken#&em=#em#">
</CFIF>

<CFSET start = GetTickCount()>
<CFPARAM NAME="result" DEFAULT="false">
<CFPARAM NAME="com_error" DEFAULT="none">
<CFPARAM NAME="session.redirect" Default="x">
<CFPARAM NAME="session.status" Default="none">
<CFPARAM NAME="theactioncode" Default="">
<CFSET oid = session.ponumber>

<!--- fix date for 4 digits only now 09/09--->
<CFSET ccmonth = SpanExcluding(session.exprdate, '/')>
<CFSET ccyear = Mid(session.exprdate, 4, 2)>
<CFSET session.exprdate = '#ccmonth##ccyear#'>
<!--- the session.cvv value is set to a form default in ccinterim --->

<!--- the session order values come from paydirect and the cc values from ccinterim --->
<!--- Tax(default=0), shipping(default=0), and PO Number provide Level II processing --->
<CFHTTP url="https://secure.apsmerchantgateway.com/api/transact.php"
method="POST" resolveurl="yes" throwonerror="yes"
PATH="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\" FILE="tempfile.txt">
<CFHTTPPARAM type="FORMFIELD" name="security_key" value="#session.TRNSKEY#">
<CFHTTPPARAM type="FORMFIELD" name="type" value="#session.TRNSTYPE#">
<CFHTTPPARAM type="FORMFIELD" name="amount" value="#session.ustotal#">
<CFHTTPPARAM type="FORMFIELD" name="ccnumber" value="#session.ccnumber#">
<CFHTTPPARAM type="FORMFIELD" name="ccexp" value="#session.exprdate#">
<CFHTTPPARAM type="FORMFIELD" name="address1" value="#session.ccaddress#">
<CFHTTPPARAM type="FORMFIELD" name="zip" value="#session.cczip#">
<CFHTTPPARAM type="FORMFIELD" name="orderid" value="#session.ponumber#">
<CFHTTPPARAM type="FORMFIELD" name="cvv" value="#session.cvv#">
<CFHTTPPARAM type="FORMFIELD" name="tax" value="#session.ustax#">
<CFHTTPPARAM type="FORMFIELD" name="shipping" value="#session.usshipping#">
<!---CFHTTPPARAM type="FORMFIELD" name="transactionid" value="#form.transid#"--->
</CFHTTP>
<!---CFSET result = cfhttp.filecontent would be the usual method of getting the
stored reply;  however, when working in a shared server environment with ColdFusion,
the user may not have authorization to access this storage area and instead will
have to specify the full path within their domain for the file storage location
and again specify the path for a file read action. With multiple domains in a
sandbox environment, any of the domains can be used for saving the reply file.  On
each transaction this file gets over written.--->
<CFFILE ACTION="read"
FILE="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\tempfile.txt"
VARIABLE="result">

<CFIF IsDefined('result')>
<!--- create array of names and then loop to populate a query structure
called "crdck".  Map mynames to Island names for standardization. If
this is a first time gateway setup, the mapping will not be necessary.  Simply
parse the names and values.--->
<CFSET mystring = result>
<!--- CFSET mynames = "response,responsetext,authcode,transactionid,avsresponse,cvvresponse,orderid,type" --->
<!--- create arrays from the strings --->
<CFSET myarray = ListToArray(mystring, "&")>
<CFSET islandnames = "ActionCode,Status,AuthNumber,MerchantTransaction,AVSCode,CVVcode,OrderID,Referencecode">
<CFSET islandnamearray = ListToArray(islandnames, ",")>
<!--- create a new array called crdck and then populate it in a loop with the Island
names and the values.  This is done to remain compatible with previous
instances of other gateways without having to change all of the downstream syntax. --->
<CFSET crdck = QueryNew(islandnames)>
<CFSET temp = QueryAddRow(crdck)>
<!--- loop to populate array with desired names (island names) and values --->
<CFLOOP  INDEX="k" FROM="1" TO="#ArrayLen(myarray)#">
<CFSET sz = Len(myarray[k])>
<CFSET m = FindNoCase("=", myarray[k], 1)>
<CFIF m is 0><!--- create dummy value in case the = sign not found --->
<CFSET temp = QuerySetCell(crdck, islandnamearray[k], "xxx")>
<CFELSE>
<CFSET n = Find("=", myarray[k], m+sz)>
<CFSET avalue = Mid(myarray[k], m+1, sz)>
<CFSET temp = QuerySetCell(crdck, islandnamearray[k], avalue)>
</CFIF>
<CFIF #k# gt 20><CFBREAK></CFIF><!--- prevent an endless loop for any reason --->
</CFLOOP>
</CFIF>

<CFIF IsDefined('crdck.Actioncode')>
<CFSET theactioncode = crdck.Actioncode>
<!--- this call will timeout based on server configuration --->

<CFSET thedate = DateFormat(now(), 'mm/dd/yy')>

<!--- some mapping is required because CardTech gateway uses their Responsetext
field, our STATUS field, for both status and error messages. --->

<!--- In our database STATUS is a short advisory to the merchant on the order
summary page.  Their 'response' is our actioncode--->
<CFSET thestatus = crdck.Actioncode>
<CFIF thestatus eq 1>
<CFSET thestatus = 'auth-settle::1'>
<CFELSEIF thestatus eq 2>
<CFSET thestatus = 'retry-auth(credit)::2'>
<CFELSEIF thestatus eq 3>
<CFSET thestatus = 'retry-auth(data)::3'>
<CFELSEIF thestatus eq "">
<CFSET thestatus = 'retry-auth(comm)::'>
</CFIF>

<!--- A short statement for the 'trnsmsg' on the order detail page. CardTech
returns 'success' in their responsetext field when actioncode=1 --->
<CFSET msg = crdck.status>
<CFIF crdck.Actioncode is not 1>
<CFSET msg = 'declined'>
</CFIF>

<!--- CardTech Responsetext(our status) is a message which is mapped to our
error message when 'success' (CardTech actioncode is not equal to 1)is not
returned. The emsg(error message) is for the customer and order detail page. --->
<CFSET emsg = crdck.status>
<CFIF crdck.Actioncode is 1>
<CFSET emsg = 'no-error'>
</CFIF>

<!--- zero lenth not allowed in database table entry --->
<CFSET oid = crdck.OrderID>
<CFIF #Len(oid)# is 0>
<CFSET oid = #session.ponumber#>
</CFIF>

<CFSET avs = crdck.AVSCode>
<CFIF Len(avs) is 0>
<CFSET avs = 'no return'>
</CFIF>

<CFSET cvv = crdck.CVVCode>
<CFIF Len(cvv) is 0>
<CFSET cvv = 'no return'>
</CFIF>

<CFSET authnum = crdck.AuthNumber>
<CFIF Len(authnum) is 0>
<CFSET authnum = 'xxx'>
</CFIF>

<CFSET trnsmsg = '#authnum#::#msg#::#crdck.ActionCode#'>
<CFSET trnsid = '#crdck.MerchantTransaction#::#crdck.ReferenceCode#'>

<CFQUERY NAME="logpayment" DATASOURCE="#application.ordersDSN#">
	UPDATE #session.table#
	SET	TRNSMSG = '#trnsmsg#',<!--- this is RESULT entry on order detail page --->
		STATUS = '#thestatus#',
		AVS = '#avs#',
		TRNSRSV = '#cvv#',
		ERRORMSG = '#emsg#',
		TRANSID = '#trnsid#' <!--- this is Authorize ID on order detail page --->
		WHERE
		PONUMBER = '#oid#'
</CFQUERY>

<CFSET session.retry = session.retry +1>
<CFSET end = GetTickCount()>
<CFSET session.duration = evaluate((end - session.start)/1000)>

<CFIF crdck.Actioncode is 1>
<CFLOCATION URL = "../Templates/cc_good.cfm?#session.URLToken#&ccon=1">

<CFELSEIF crdck.Actioncode is 2>
<CFSET em = 401>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">

<CFELSEIF crdck.ActionCode is 3 AND FindNoCase('expiration', emsg,1) gt 0>
<CFSET em = 402>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">

<CFELSEIF crdck.ActionCode is 3 AND FindNoCase('invalid', emsg,1) gt 0>
<CFSET em = 405>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">

<CFELSEIF crdck.ActionCode is 3>
<CFSET em = 404>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">
</CFIF>
</CFIF><!--- end of crdck.actioncode defined --->

<CFIF theactioncode is ""><!--- from the default value modified by crdck.actioncode --->
<CFSET em = 406>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=""">
</CFIF>
</CFLOCK>

mytest.htm


<DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><head><title>ColdFusion test</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta http-equiv="Expires" content="Mon,23 Sept 1998 00:00:00 GMT">
<meta name='description' content=''>
<meta name='keywords' content=''>
<meta name='author' content='ImagineNation'>
<meta name='url' content='http://www.ImagineNation.com'>
<!--- COPYRIGHT:===============================================
Any commercial use or duplication, in part or in whole, of this
copyright material without prior licensing is forbidden by
federal law.  Violators may be subject to civil and/or criminal
penalties, (Title 17, Sections 501 and 506).
========================================================== --->
<!-- script language="JavaScript1.1" src="whatever.js" type="text/javascript" -->
<script language="JavaScript1.1" type="text/javascript">
//<!-- ==========================Hide SCRIPT=============================
//onError = null
//===============================The End============================= -->
</script>
<style>
body{background-color:#cadaca; margin: 5px 0px 0px 5px;
font-family:verdana; font-size:12pt; font-weight:bold; color:#000000;
}
.toptable{background-color:#daeaca; font-family:Verdana; font-size:10pt;
font-weight:bold; color:#000000; padding:10px; width:350px; height:150px;
border-width:2px; border-color:#b07050; border-style:solid; float:left;
display:inline;
}
.cr{color:#000000; font-family:Ariel; font-size:8pt;
font-weight:normal; font-style:italic;
}
</style>
</head>

<body>
<h4>HTML Test File<br>
Submits to the ColdFusion process.cfm File</h4>
<div class="toptable" align="right">
The names in parenthesis are the processing names which are
populated with values in the form fields.  The security key allows for
test transactions on the gateway.<br>
<form name="testtrans" action="process.cfm" method="post">
security_key:  <input type="text" name="security_key" size=32 value="6457Thfj624V5r7WUwc5v6a68Zsd6YEm"><br>
amount:  <input type="text" name="amount" size=20 value="2.00"><br>
transtype:  <input type="text" name="transtype" size=20 value="auth"><br>
ccnumber:  <input type="text" name="ccnumber" size=20 value="4111111111111111"><br>
ccexp:  <input type="text" name="ccexp" size=20 value="0407"><br>
address1:  <input type="text" name="ccaddress" size=20 value="20 demo lane"><br>
zip:  <input type="text" name="cczip" size=20 value="20123"><br>
cvv:  <input type="text" name="cvv" size=20 value="444"><br>
orderid:  <input type="text" name="orderid" size=20 value="UM12345678"><br>
tax:  <input type="text" name="tax" size=20 value="1.20"><br>
transid:  <input type="text" name="transid" size=20 value=""><br>
<input type="submit" value=" SUBMIT ">
</form><br>
Transid is the transaction ID number returned and the number that must be used
to capture an authorization or make a return.
</div>

<center class="cr">
<p> <p><a href="http://ImagineNation.com" target="_blank">ImagineNation</a><br>© 1996 - 2006
</center>
</body></html>

process.cfm


<!--- It is advisable to run this file in a managed application with a lock on
the session to avoid interference from some other operation while waiting for
the return information. --->

<CFLOCK Name="testfiles" timeout="10" Type ="Exclusive">
<CFSET begin =GetTickCount()>

<!--- These default values are provided to prevent errors of omission. --->
<CFPARAM NAME="form.security_key" DEFAULT="xx">
<CFPARAM NAME="form.amount" DEFAULT="xx">
<CFPARAM NAME="form.transtype" DEFAULT="xx">
<CFPARAM NAME="form.ccnumber" DEFAULT="xx">
<CFPARAM NAME="form.ccexp" DEFAULT="xx">
<CFPARAM NAME="form.ccaddress" DEFAULT="xx">
<CFPARAM NAME="form.cczip" DEFAULT="xx">
<CFPARAM NAME="form.orderid" DEFAULT="xx">
<CFPARAM NAME="form.ccv" DEFAULT="">
<CFPARAM NAME="form.tax" DEFAULT="0.75">
<CFPARAM NAME="form.transid" DEFAULT="">
<CFPARAM NAME="result" DEFAULT="xx">

<!--- CFSET result = cfhttp.filecontent would be the usual method of getting the
stored reply from a post action without specifying a path;  however, when working
in a shared server environment with ColdFusion, the user may not have authorization
to access this storage area and instead will have to specify the full path within
their own domain for the file storage location and again specify the same path for
a file read action.  With multiple domains in a sandbox environment, any of the
domains can be used for saving the reply file.  On each transaction this file gets
over written.  The example below is specific to ImagineNation and must be changed
for your own testing.--->

<!--- This is the post to the gateway server. --->
<cfhttp url="https://secure.apsmerchantgateway.com/api/transact.php"
method="POST" resolveurl="yes" throwonerror="yes"
PATH="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\" FILE="tempfile.txt">
<cfhttpparam type="FORMFIELD" name="security_key" value="#form.security_key#">
<cfhttpparam type="FORMFIELD" name="amount" value="#form.Amount#">
<cfhttpparam type="FORMFIELD" name="type" value="#form.transtype#">
<cfhttpparam type="FORMFIELD" name="ccnumber" value="#form.CCNumber#">
<cfhttpparam type="FORMFIELD" name="ccexp" value="#form.CCExp#">
<cfhttpparam type="FORMFIELD" name="address1" value="#form.ccaddress#">
<cfhttpparam type="FORMFIELD" name="zip" value="#form.cczip#">
<cfhttpparam type="FORMFIELD" name="orderid" value="#form.orderid#">
<cfhttpparam type="FORMFIELD" name="cvv" value="#form.cvv#">
<cfhttpparam type="FORMFIELD" name="tax" value="#form.tax#">
<cfhttpparam type="FORMFIELD" name="transactionid" value="#form.transid#">
</CFHTTP>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><head><title>ImagineNation: ColdFusion process</title>
<style>
body{background-color:#cadaca; margin: 5px 0px 0px 5px;
font-family:verdana; font-size:12pt; font-weight:bold; color:#000000;
}
.toptable{background-color:#daeaca; font-family:Verdana; font-size:10pt;
font-weight:bold; color:#000000; padding:10px; width:350px; height:150px;
border-width:2px; border-color:#b07050; border-style:solid; float:left;
display:inline;
}
.cr{color:#000000; font-family:Ariel; font-size:8pt;
font-weight:normal; font-style:italic;
}
</style>
</head>

<body>
<h4>Transaction results appear here.</h4>
<CFFILE ACTION="read"
FILE="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\tempfile.txt"
VARIABLE="result">
<CFOUTPUT>
<CFIF IsDefined('result')>
<b>The returned string is:<br>
<font size="-1">#result#</font></b>
<CFELSE>
<b>
No return found</b>
</CFIF>
<div class="toptable">
The string can be converted to an array of name/value pairs by splitting on the "&" sign.<br><br>
<CFSET responsearray = ListToArray(result, "&")>
The array length is #ArrayLen(responsearray)#
<br><br>
The returned array values are:<br><br>
<CFLOOP INDEX="k" FROM="1" TO="#ArrayLen(responsearray)#">
#responsearray[k]#<br>
<CFIF #k# gt 20><CFBREAK></CFIF><!--- prevent an endless loop for any reason --->
</CFLOOP>
</CFOUTPUT><br><br>
If this was a type=auth transaction, you can return to the <a href="mytest.htm">
form page</a> and enter the transaction id and change type to capture to test
the capture mode.
</div>

<CFOUTPUT>
<p><CFSET end =GetTickCount()>
process duration = #Evaluate((end-begin)/1000)# seconds
</CFOUTPUT>
</CFLOCK>

<center class="cr">
<p> <p><a href="http://ImagineNation.com" target="_blank">ImagineNation</a><br>© 1996 - 2006
</center>
</body></html>

Examples


import java.util.*;
import java.io.*;
import java.net.*;
import java.security.*;
import java.text.*;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

class PaymentGateway {

  protected String server;
  protected String port;
  protected String path;
  protected String security_key;

  public PaymentGateway(String key)
  {

    server = "secure.apsmerchantgateway.com";
    port = "443";
    path = "https://secure.apsmerchantgateway.com/api/transact.php";
    security_key = key;

  }

  public HashMap doSale( double amount,
                           String ccNumber,
                           String ccExp
                           ) throws Exception
  {
      HashMap result = new HashMap();
      HashMap request = new HashMap();

      DecimalFormat form = new DecimalFormat("#.00");

      request.put("amount", form.format(amount));
      request.put("type", "sale");
      request.put("ccnumber", ccNumber);
      request.put("ccexp", ccExp);

      String data_out = prepareRequest(request);

      String error = "";
      String data_in = "";
      boolean success = true;
      try {
          HashMap retval = postForm(data_out);
          data_in = (String)retval.get("response");
          result.put("transactionid", retval.get("transactionid"));
      } catch (IOException e) {
          success = false;
          error = "Connect error, " + e.getMessage();
      } catch (Exception e) {
          success = false;
          error = e.getMessage();
      }
      if (!success) {
          throw new Exception(error);
      }

      return result;
  }

  // Utility Functions

  public String prepareRequest(HashMap request) {

      if (request.size() == 0) {
         return "";
      }

      request.put("security_key", security_key);

      Set s = request.keySet();
      Iterator i = s.iterator();
      Object key = i.next();
      StringBuffer buffer = new StringBuffer();



      buffer.append(key).append("=")
            .append(URLEncoder.encode((String) request.get(key)));

      while (i.hasNext()) {
          key = i.next();
          buffer.append("&").append(key).append("=")
                .append(URLEncoder.encode((String) request.get(key)));
      }

      return buffer.toString();

  }

  protected HashMap postForm(String data) throws Exception {

     HashMap result = new HashMap();

     HttpURLConnection postConn;

     HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            return true;
        }
     };

     HttpsURLConnection.setDefaultHostnameVerifier(hv);

     URL post = new URL("https", server, Integer.parseInt(port), path);
     postConn = (HttpURLConnection)post.openConnection();

     postConn.setRequestMethod("POST");
     postConn.setDoOutput(true);

     PrintWriter out = new PrintWriter(postConn.getOutputStream());
     out.print(data);
     out.close();

     BufferedReader in =
        new BufferedReader(new InputStreamReader(postConn.getInputStream()));

     String inputLine;
     StringBuffer buffer = new StringBuffer();
     while ((inputLine = in.readLine()) != null) {
        buffer.append(inputLine);
     }
     in.close();


     String response = buffer.toString();

     result.put("response", response);

     // Parse Result
     StringTokenizer st = new StringTokenizer(response, "&");
     while (st.hasMoreTokens()) {
        String varString = st.nextToken();
        StringTokenizer varSt = new StringTokenizer(varString, "=");
        if (varSt.countTokens() > 2 || varSt.countTokens()<1) {
            throw new Exception("Bad variable from processor center: " + varString);
        }
        if (varSt.countTokens()==1) {
            result.put(varSt.nextToken(), "");
        } else {
            result.put(varSt.nextToken(), varSt.nextToken());
        }
     }

     if (result.get("response")=="") {
        throw new Exception("Bad response from processor center" + response);
     }

     if (!result.get("response").toString().equals("1")) {
        throw new Exception(result.get("responsetext").toString());
     }

     return result;
  }

}

public class TestPaymentGateway
{
    public static void main(String arg[])
    {
        HashMap retval = new HashMap();
        PaymentGateway gw = new PaymentGateway("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");

        try {
            retval = gw.doSale(10.05, "4111111111111111", "0909");
            System.out.println("Success\nTransId: " + retval.get("transactionid") + "\n");
        } catch (Exception e) {
            System.out.println("Error: " + e.getMessage());
        }

    }
}


Examples


const https = require('https');
const querystring = require('querystring');

class DirectPost {
  constructor(security_key) {
    this.security_key = security_key;
  }

  setBilling(billingInformation) {
    // Validate that passed in information contains valid keys
    const validBillingKeys = ['first_name', 'last_name', 'company', 'address1',
        'address2', 'city', 'state', 'zip', 'country', 'phone', 'fax', 'email'];

    for (let key in billingInformation) {
      if (!validBillingKeys.includes(key)) {
        throw new Error(`Invalid key provided in billingInformation. '${key}'
            is not a valid billing parameter.`)
      }
    };

    this.billing = billingInformation;
  }

  setShipping(shippingInformation) {
    // Validate that passed in information contains valid keys
    const validShippingKeys = [
      'shipping_first_name', 'shipping_last_name', 'shipping_company',
      'shipping_address1', 'address2', 'shipping_city', 'shipping_state',
      'shipping_zip', 'shipping_country', 'shipping_email'
    ];

    for (let key in shippingInformation) {
      if (!validShippingKeys.includes(key)) {
        throw new Error(`Invalid key provided in shippingInformation. '${key}'
            is not a valid shipping parameter.`)
      }
    };

    this.shipping = shippingInformation;
  }

  doSale(amount, ccNum, ccExp, cvv) {
    let requestOptions = {
      'type': 'sale',
      'amount': amount,
      'ccnumber': ccNum,
      'ccexp': ccExp,
      'cvv': cvv
    };

    // Merge together all request options into one object
    Object.assign(requestOptions, this.billing, this.shipping);

    // Make request
    this._doRequest(requestOptions);
  }

  _doRequest(postData) {
    const hostName = 'secure.apsmerchantgateway.com';
    const path = '/api/transact.php';

    postData.security_key = this.security_key;
    postData = querystring.stringify(postData);

    const options = {
      hostname: hostName,
      path: path,
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Content-Length': Buffer.byteLength(postData)
      }
    };

    // Make request to Direct Post API
    const req = https.request(options, (response) => {
      console.log(`STATUS: ${response.statusCode}`);
      console.log(`HEADERS: ${JSON.stringify(response.headers)}`);

      response.on('data', (chunk) => {
        console.log(`BODY: ${chunk}`);
      });
      response.on('end', () => {
        console.log('No more data in response.');
      });
    });

    req.on('error', (e) => {
      console.error(`Problem with request: ${e.message}`);
    });

    // Write post data to request body
    req.write(postData);
    req.end();
  }
}

const dp = new DirectPost('{security_key}');
const billingInfo = {
  'first_name': 'Test',
  'last_name': 'User',
  'address1': '123 Main St',
  'city': 'New York',
  'state': 'NY',
  'zip' : '12345',
}
const shippingInfo = {
  'shipping_first_name': 'User',
  'shipping_last_name': 'Test',
  'shipping_address1': '987 State St',
  'shipping_city': 'Los Angeles',
  'shipping_state': 'CA',
  'shipping_zip' : '98765',
}

dp.setBilling(billingInfo);
dp.setShipping(shippingInfo);
// Set dummy data for sale
dp.doSale('100.00', '4111111111111111', '1221', '123');
  
  

Examples


define("APPROVED", 1);
define("DECLINED", 2);
define("ERROR", 3);

class gwapi {

// Initial Setting Functions

  function setLogin($security_key) {
    $this->login['security_key'] = $security_key;
  }

  function setOrder($orderid,
        $orderdescription,
        $tax,
        $shipping,
        $ponumber,
        $ipaddress) {
    $this->order['orderid']          = $orderid;
    $this->order['orderdescription'] = $orderdescription;
    $this->order['tax']              = $tax;
    $this->order['shipping']         = $shipping;
    $this->order['ponumber']         = $ponumber;
    $this->order['ipaddress']        = $ipaddress;
  }

  function setBilling($firstname,
        $lastname,
        $company,
        $address1,
        $address2,
        $city,
        $state,
        $zip,
        $country,
        $phone,
        $fax,
        $email,
        $website) {
    $this->billing['firstname'] = $firstname;
    $this->billing['lastname']  = $lastname;
    $this->billing['company']   = $company;
    $this->billing['address1']  = $address1;
    $this->billing['address2']  = $address2;
    $this->billing['city']      = $city;
    $this->billing['state']     = $state;
    $this->billing['zip']       = $zip;
    $this->billing['country']   = $country;
    $this->billing['phone']     = $phone;
    $this->billing['fax']       = $fax;
    $this->billing['email']     = $email;
    $this->billing['website']   = $website;
  }

  function setShipping($firstname,
        $lastname,
        $company,
        $address1,
        $address2,
        $city,
        $state,
        $zip,
        $country,
        $email) {
    $this->shipping['firstname'] = $firstname;
    $this->shipping['lastname']  = $lastname;
    $this->shipping['company']   = $company;
    $this->shipping['address1']  = $address1;
    $this->shipping['address2']  = $address2;
    $this->shipping['city']      = $city;
    $this->shipping['state']     = $state;
    $this->shipping['zip']       = $zip;
    $this->shipping['country']   = $country;
    $this->shipping['email']     = $email;
  }

  // Transaction Functions

  function doSale($amount, $ccnumber, $ccexp, $cvv="") {

    $query  = "";
    // Login Information
    $query .= "security_key=" . urlencode($this->login['security_key']) . "&";
    // Sales Information
    $query .= "ccnumber=" . urlencode($ccnumber) . "&";
    $query .= "ccexp=" . urlencode($ccexp) . "&";
    $query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
    $query .= "cvv=" . urlencode($cvv) . "&";
    // Order Information
    $query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
    $query .= "orderid=" . urlencode($this->order['orderid']) . "&";
    $query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
    $query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
    $query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
    $query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
    // Billing Information
    $query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
    $query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
    $query .= "company=" . urlencode($this->billing['company']) . "&";
    $query .= "address1=" . urlencode($this->billing['address1']) . "&";
    $query .= "address2=" . urlencode($this->billing['address2']) . "&";
    $query .= "city=" . urlencode($this->billing['city']) . "&";
    $query .= "state=" . urlencode($this->billing['state']) . "&";
    $query .= "zip=" . urlencode($this->billing['zip']) . "&";
    $query .= "country=" . urlencode($this->billing['country']) . "&";
    $query .= "phone=" . urlencode($this->billing['phone']) . "&";
    $query .= "fax=" . urlencode($this->billing['fax']) . "&";
    $query .= "email=" . urlencode($this->billing['email']) . "&";
    $query .= "website=" . urlencode($this->billing['website']) . "&";
    // Shipping Information
    $query .= "shipping_firstname=" . urlencode($this->shipping['firstname']) . "&";
    $query .= "shipping_lastname=" . urlencode($this->shipping['lastname']) . "&";
    $query .= "shipping_company=" . urlencode($this->shipping['company']) . "&";
    $query .= "shipping_address1=" . urlencode($this->shipping['address1']) . "&";
    $query .= "shipping_address2=" . urlencode($this->shipping['address2']) . "&";
    $query .= "shipping_city=" . urlencode($this->shipping['city']) . "&";
    $query .= "shipping_state=" . urlencode($this->shipping['state']) . "&";
    $query .= "shipping_zip=" . urlencode($this->shipping['zip']) . "&";
    $query .= "shipping_country=" . urlencode($this->shipping['country']) . "&";
    $query .= "shipping_email=" . urlencode($this->shipping['email']) . "&";
    $query .= "type=sale";
    return $this->_doPost($query);
  }

  function doAuth($amount, $ccnumber, $ccexp, $cvv="") {

    $query  = "";
    // Login Information
    $query .= "security_key=" . urlencode($this->login['security_key']) . "&";
    // Sales Information
    $query .= "ccnumber=" . urlencode($ccnumber) . "&";
    $query .= "ccexp=" . urlencode($ccexp) . "&";
    $query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
    $query .= "cvv=" . urlencode($cvv) . "&";
    // Order Information
    $query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
    $query .= "orderid=" . urlencode($this->order['orderid']) . "&";
    $query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
    $query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
    $query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
    $query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
    // Billing Information
    $query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
    $query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
    $query .= "company=" . urlencode($this->billing['company']) . "&";
    $query .= "address1=" . urlencode($this->billing['address1']) . "&";
    $query .= "address2=" . urlencode($this->billing['address2']) . "&";
    $query .= "city=" . urlencode($this->billing['city']) . "&";
    $query .= "state=" . urlencode($this->billing['state']) . "&";
    $query .= "zip=" . urlencode($this->billing['zip']) . "&";
    $query .= "country=" . urlencode($this->billing['country']) . "&";
    $query .= "phone=" . urlencode($this->billing['phone']) . "&";
    $query .= "fax=" . urlencode($this->billing['fax']) . "&";
    $query .= "email=" . urlencode($this->billing['email']) . "&";
    $query .= "website=" . urlencode($this->billing['website']) . "&";
    // Shipping Information
    $query .= "shipping_firstname=" . urlencode($this->shipping['firstname']) . "&";
    $query .= "shipping_lastname=" . urlencode($this->shipping['lastname']) . "&";
    $query .= "shipping_company=" . urlencode($this->shipping['company']) . "&";
    $query .= "shipping_address1=" . urlencode($this->shipping['address1']) . "&";
    $query .= "shipping_address2=" . urlencode($this->shipping['address2']) . "&";
    $query .= "shipping_city=" . urlencode($this->shipping['city']) . "&";
    $query .= "shipping_state=" . urlencode($this->shipping['state']) . "&";
    $query .= "shipping_zip=" . urlencode($this->shipping['zip']) . "&";
    $query .= "shipping_country=" . urlencode($this->shipping['country']) . "&";
    $query .= "shipping_email=" . urlencode($this->shipping['email']) . "&";
    $query .= "type=auth";
    return $this->_doPost($query);
  }

  function doCredit($amount, $ccnumber, $ccexp) {

    $query  = "";
    // Login Information
    $query .= "security_key=" . urlencode($this->login['security_key']) . "&";
    // Sales Information
    $query .= "ccnumber=" . urlencode($ccnumber) . "&";
    $query .= "ccexp=" . urlencode($ccexp) . "&";
    $query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
    // Order Information
    $query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
    $query .= "orderid=" . urlencode($this->order['orderid']) . "&";
    $query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
    $query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
    $query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
    $query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
    // Billing Information
    $query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
    $query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
    $query .= "company=" . urlencode($this->billing['company']) . "&";
    $query .= "address1=" . urlencode($this->billing['address1']) . "&";
    $query .= "address2=" . urlencode($this->billing['address2']) . "&";
    $query .= "city=" . urlencode($this->billing['city']) . "&";
    $query .= "state=" . urlencode($this->billing['state']) . "&";
    $query .= "zip=" . urlencode($this->billing['zip']) . "&";
    $query .= "country=" . urlencode($this->billing['country']) . "&";
    $query .= "phone=" . urlencode($this->billing['phone']) . "&";
    $query .= "fax=" . urlencode($this->billing['fax']) . "&";
    $query .= "email=" . urlencode($this->billing['email']) . "&";
    $query .= "website=" . urlencode($this->billing['website']) . "&";
    $query .= "type=credit";
    return $this->_doPost($query);
  }

  function doOffline($authorizationcode, $amount, $ccnumber, $ccexp) {

    $query  = "";
    // Login Information
    $query .= "security_key=" . urlencode($this->login['security_key']) . "&";
    // Sales Information
    $query .= "ccnumber=" . urlencode($ccnumber) . "&";
    $query .= "ccexp=" . urlencode($ccexp) . "&";
    $query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
    $query .= "authorizationcode=" . urlencode($authorizationcode) . "&";
    // Order Information
    $query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
    $query .= "orderid=" . urlencode($this->order['orderid']) . "&";
    $query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
    $query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
    $query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
    $query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
    // Billing Information
    $query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
    $query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
    $query .= "company=" . urlencode($this->billing['company']) . "&";
    $query .= "address1=" . urlencode($this->billing['address1']) . "&";
    $query .= "address2=" . urlencode($this->billing['address2']) . "&";
    $query .= "city=" . urlencode($this->billing['city']) . "&";
    $query .= "state=" . urlencode($this->billing['state']) . "&";
    $query .= "zip=" . urlencode($this->billing['zip']) . "&";
    $query .= "country=" . urlencode($this->billing['country']) . "&";
    $query .= "phone=" . urlencode($this->billing['phone']) . "&";
    $query .= "fax=" . urlencode($this->billing['fax']) . "&";
    $query .= "email=" . urlencode($this->billing['email']) . "&";
    $query .= "website=" . urlencode($this->billing['website']) . "&";
    // Shipping Information
    $query .= "shipping_firstname=" . urlencode($this->shipping['firstname']) . "&";
    $query .= "shipping_lastname=" . urlencode($this->shipping['lastname']) . "&";
    $query .= "shipping_company=" . urlencode($this->shipping['company']) . "&";
    $query .= "shipping_address1=" . urlencode($this->shipping['address1']) . "&";
    $query .= "shipping_address2=" . urlencode($this->shipping['address2']) . "&";
    $query .= "shipping_city=" . urlencode($this->shipping['city']) . "&";
    $query .= "shipping_state=" . urlencode($this->shipping['state']) . "&";
    $query .= "shipping_zip=" . urlencode($this->shipping['zip']) . "&";
    $query .= "shipping_country=" . urlencode($this->shipping['country']) . "&";
    $query .= "shipping_email=" . urlencode($this->shipping['email']) . "&";
    $query .= "type=offline";
    return $this->_doPost($query);
  }

  function doCapture($transactionid, $amount =0) {

    $query  = "";
    // Login Information
    $query .= "security_key=" . urlencode($this->login['security_key']) . "&";
    // Transaction Information
    $query .= "transactionid=" . urlencode($transactionid) . "&";
    if ($amount>0) {
        $query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
    }
    $query .= "type=capture";
    return $this->_doPost($query);
  }

  function doVoid($transactionid) {

    $query  = "";
    // Login Information
    $query .= "security_key=" . urlencode($this->login['security_key']) . "&";
    // Transaction Information
    $query .= "transactionid=" . urlencode($transactionid) . "&";
    $query .= "type=void";
    return $this->_doPost($query);
  }

  function doRefund($transactionid, $amount = 0) {

    $query  = "";
    // Login Information
    $query .= "security_key=" . urlencode($this->login['security_key']) . "&";
    // Transaction Information
    $query .= "transactionid=" . urlencode($transactionid) . "&";
    if ($amount>0) {
        $query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
    }
    $query .= "type=refund";
    return $this->_doPost($query);
  }

  function _doPost($query) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://secure.apsmerchantgateway.com/api/transact.php");
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
    curl_setopt($ch, CURLOPT_POST, 1);

    if (!($data = curl_exec($ch))) {
        return ERROR;
    }
    curl_close($ch);
    unset($ch);
    print "\n$data\n";
    $data = explode("&",$data);
    for($i=0;$i<count($data);$i++) {
        $rdata = explode("=",$data[$i]);
        $this->responses[$rdata[0]] = $rdata[1];
    }
    return $this->responses['response'];
  }
}

$gw = new gwapi;
$gw->setLogin("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");
$gw->setBilling("John","Smith","Acme, Inc.","123 Main St","Suite 200", "Beverly Hills",
        "CA","90210","US","555-555-5555","555-555-5556","support@example.com",
        "www.example.com");
$gw->setShipping("Mary","Smith","na","124 Shipping Main St","Suite Ship", "Beverly Hills",
        "CA","90210","US","support@example.com");
$gw->setOrder("1234","Big Order",1, 2, "PO1234","65.192.14.10");

$r = $gw->doSale("50.00","4111111111111111","1010");
print $gw->responses['responsetext'];
    

Examples


###########################################################
#                                                         #
#  D I S C L A I M E R                                    #
#                                                         #
#  WARNING: ANY USE BY YOU OF THE SAMPLE CODE PROVIDED    #
#  IS AT YOUR OWN RISK.                                   #
#                                                         #
#  The code is  provided  "as is" without                 #
#  warranty of any kind, either express or implied,       #
#  including but not limited to the implied warranties    #
#  of merchantability and/or fitness for a particular     #
#  purpose.                                               #
#                                                         #
#                                                         #
###########################################################



import pycurl
import urllib
import urlparse
import StringIO


class gwapi():

    def __init__(self):
        self.login= dict()
        self.order = dict()
        self.billing = dict()
        self.shipping = dict()
        self.responses = dict()

    def setLogin(self,security_key):
        self.login['security_key'] = security_key

    def setOrder(self, orderid, orderdescription, tax, shipping, ponumber,ipadress):
        self.order['orderid'] = orderid;
        self.order['orderdescription'] = orderdescription
        self.order['shipping'] = '{0:.2f}'.format(float(shipping))
        self.order['ipaddress'] = ipadress
        self.order['tax'] = '{0:.2f}'.format(float(tax))
        self.order['ponumber'] = ponumber


    def setBilling(self,
            firstname,
            lastname,
            company,
            address1,
            address2,
            city,
            state,
            zip,
            country,
            phone,
            fax,
            email,
            website):
        self.billing['firstname'] = firstname
        self.billing['lastname']  = lastname
        self.billing['company']   = company
        self.billing['address1']  = address1
        self.billing['address2']  = address2
        self.billing['city']      = city
        self.billing['state']     = state
        self.billing['zip']       = zip
        self.billing['country']   = country
        self.billing['phone']     = phone
        self.billing['fax']       = fax
        self.billing['email']     = email
        self.billing['website']   = website

    def setShipping(self,firstname,
            lastname,
            company,
            address1,
            address2,
            city,
            state,
            zipcode,
            country,
            email):
        self.shipping['firstname'] = firstname
        self.shipping['lastname']  = lastname
        self.shipping['company']   = company
        self.shipping['address1']  = address1
        self.shipping['address2']  = address2
        self.shipping['city']      = city
        self.shipping['state']     = state
        self.shipping['zip']       = zipcode
        self.shipping['country']   = country
        self.shipping['email']     = email


    def doSale(self,amount, ccnumber, ccexp, cvv=''):

        query  = ""
        # Login Information

        query = query + "security_key=" + urllib.quote(self.login['security_key']) + "&"
        # Sales Information
        query += "ccnumber=" + urllib.quote(ccnumber) + "&"
        query += "ccexp=" + urllib.quote(ccexp) + "&"
        query += "amount=" + urllib.quote('{0:.2f}'.format(float(amount))) + "&"
        if (cvv!=''):
            query += "cvv=" + urllib.quote(cvv) + "&"
        # Order Information
        for key,value in self.order.iteritems():
            query += key +"=" + urllib.quote(str(value)) + "&"

        # Billing Information
        for key,value in self.billing.iteritems():
            query += key +"=" + urllib.quote(str(value)) + "&"

        # Shipping Information
        for key,value in self.shipping.iteritems():
            query += key +"=" + urllib.quote(str(value)) + "&"

        query += "type=sale"
        return self.doPost(query)



    def doPost(self,query):
        responseIO = StringIO.StringIO()
        curlObj = pycurl.Curl()
        curlObj.setopt(pycurl.POST,1)
        curlObj.setopt(pycurl.CONNECTTIMEOUT,30)
        curlObj.setopt(pycurl.TIMEOUT,30)
        curlObj.setopt(pycurl.HEADER,0)
        curlObj.setopt(pycurl.SSL_VERIFYPEER,0)
        curlObj.setopt(pycurl.WRITEFUNCTION,responseIO.write);

        curlObj.setopt(pycurl.URL,"https://secure.apsmerchantgateway.com/api/transact.php")

        curlObj.setopt(pycurl.POSTFIELDS,query)

        curlObj.perform()

        data = responseIO.getvalue()
        temp = urlparse.parse_qs(data)
        for key,value in temp.iteritems():
            self.responses[key] = value[0]
        return self.responses['response']

# NOTE: your security_key should replace the one below
gw = gwapi()
gw.setLogin("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");

gw.setBilling("John","Smith","Acme, Inc.","123 Main St","Suite 200", "Beverly Hills",
        "CA","90210","US","555-555-5555","555-555-5556","support@example.com",
        "www.example.com")
gw.setShipping("Mary","Smith","na","124 Shipping Main St","Suite Ship", "Beverly Hills",
        "CA","90210","US","support@example.com")
gw.setOrder("1234","Big Order",1, 2, "PO1234","65.192.14.10")

r = gw.doSale("5.00","4111111111111111","1212",'999')
print gw.responses['response']

if (int(gw.responses['response']) == 1) :
    print "Approved"
elif (int(gw.responses['response']) == 2) :
    print "Declined"
elif (int(gw.responses['response']) == 3) :
    print "Error"


Examples


###########################################################
#                                                         #
#  D I S C L A I M E R                                    #
#                                                         #
#  WARNING: ANY USE BY YOU OF THE SAMPLE CODE PROVIDED    #
#  IS AT YOUR OWN RISK.                                   #
#                                                         #
#  The code is  provided  "as is" without                 #
#  warranty of any kind, either express or implied,       #
#  including but not limited to the implied warranties    #
#  of merchantability and/or fitness for a particular     #
#  purpose.                                               #
#                                                         #
#                                                         #
###########################################################



require 'rubygems'
require 'curb'
require 'uri'
require 'addressable/uri'



class GwApi

    def initialize()
        @login = {}
        @order = {}
        @billing = {}
        @shipping = {}
        @responses = {}
    end

    def setLogin(security_key)
        @login['security_key'] = security_key
    end

    def setOrder( orderid, orderdescription, tax, shipping, ponumber,ipadress)
        @order['orderid'] = orderid;
        @order['orderdescription'] = orderdescription
        @order['shipping'] = "%.2f" % shipping
        @order['ipaddress'] = ipadress
        @order['tax'] = "%.2f" % tax
        @order['ponumber'] = ponumber
    end

    def setBilling(
            firstname,
            lastname,
            company,
            address1,
            address2,
            city,
            state,
            zip,
            country,
            phone,
            fax,
            email,
            website)
        @billing['firstname'] = firstname
        @billing['lastname']  = lastname
        @billing['company']   = company
        @billing['address1']  = address1
        @billing['address2']  = address2
        @billing['city']      = city
        @billing['state']     = state
        @billing['zip']       = zip
        @billing['country']   = country
        @billing['phone']     = phone
        @billing['fax']       = fax
        @billing['email']     = email
        @billing['website']   = website
    end

    def setShipping(firstname,
            lastname,
            company,
            address1,
            address2,
            city,
            state,
            zipcode,
            country,
            email)
        @shipping['firstname'] = firstname
        @shipping['lastname']  = lastname
        @shipping['company']   = company
        @shipping['address1']  = address1
        @shipping['address2']  = address2
        @shipping['city']      = city
        @shipping['state']     = state
        @shipping['zip']       = zipcode
        @shipping['country']   = country
        @shipping['email']     = email

    end

    def doSale(amount, ccnumber, ccexp, cvv='')

        query  = ""
        # Login Information

        query = query + "security_key=" + URI.escape(@login['security_key']) + "&"
        # Sales Information
        query += "ccnumber=" + URI.escape(ccnumber) + "&"
        query += "ccexp=" + URI.escape(ccexp) + "&"
        query += "amount=" + URI.escape("%.2f" %amount) + "&"
        if (cvv!='')
            query += "cvv=" + URI.escape(cvv) + "&"
        end

        # Order Information
        @order.each do | key,value|
            query += key +"=" + URI.escape(value) + "&"
        end

        # Billing Information
        @billing.each do | key,value|
            query += key +"=" + URI.escape(value) + "&"
        end
        # Shipping Information

        @shipping.each do | key,value|
            query += key +"=" + URI.escape(value) + "&"
        end

        query += "type=sale"
        return doPost(query)
    end


    def doPost(query)


        curlObj = Curl::Easy.new("https://secure.apsmerchantgateway.com/api/transact.php")
        curlObj.connect_timeout = 30
        curlObj.timeout = 30
        curlObj.header_in_body = false
        curlObj.ssl_verify_peer=false
        curlObj.post_body = query
        curlObj.perform()
        data = curlObj.body_str

        # NOTE: The domain name below is simply used to create a full URI to allow URI.parse to parse out the query values
        # for us. It is not used to send any data
        data = '"https://secure.apsmerchantgateway.com/api/transact.php?' + data
        uri = Addressable::URI.parse(data)
        @responses = uri.query_values
        return @responses['response']
    end

    def getResponses()
        return @responses
    end
end

gw = GwApi.new()
# NOTE: your security_key should replace the one below
gw.setLogin("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");

gw.setBilling("John","Smith","Acme, Inc.","123 Main St","Suite 200", "Beverly Hills",
        "CA","90210","US","555-555-5555","555-555-5556","support@example.com",
        "www.example.com")

gw.setShipping("Mary","Smith","na","124 Shipping Main St","Suite Ship", "Beverly Hills",
        "CA","90210","US","support@example.com")

gw.setOrder("1234","Big Order",1, 2, "PO1234","65.192.14.10")

r = gw.doSale("5.00","4111111111111111","1212",'999')
myResponses = gw.getResponses

print myResponses['response'] + "  "

if (myResponses['response'] == '1')
    print "Approved \n"
elsif (myResponses['response'] == '2')
    print "Declined \n"
elsif (myResponses['response'] == '3')
    print "Error \n"
end


Documentation

Collect.js

Documentation

Methodology

Collect.js

Overview

Collect.js is a JavaScript framework that allows merchants to collect sensitive payment information from their customers without exposing their website to the sensitive information. This can be done while allowing merchants to retain full control over the look and feel of their checkout experience.

This is a data collection and tokenization system, not a full payments API, so you can use this in conjunction with an existing transaction API (Direct Post) to submit transactions or use other gateway services that utilize payment information.

Usage

Collect.js is designed to be flexible, and its implementation can be as simple as pasting a single script tag to your checkout page, or it can be customized to interact with your website however you’d like.

Authentication

Authentication is done via a “tokenization key” that you can generate in your merchant control panel under the “Security Keys” settings page. Select “Tokenization” for the key type.

This tokenization key can only be used with Collect.js and will not work with any other APIs. Similarly, any API keys already created will not work with Collect.js.

This key will be visible to customers in your website’s source code, so please make sure you only use the tokenization key here.