There are multiple ways to incorporate the payment gateway within a website or mobile device. These options vary based upon ease of integration, required resources, features, and additional security.
Step One:
Submit all transaction details to the Payment Gateway except the customer’s sensitive payment information. The Payment Gateway will return a variable form-url.
Step Two:
Create an HTML form that collects the customer’s sensitive payment information and use the form-url that the Payment Gateway returns as the submit action in that form.
Step Three:
Once the customer has been redirected, obtain the token-id and complete the transaction through an HTTPS POST including the token-id which abstracts the sensitive payment information that was collected directly by the Payment Gateway.
To start step one, your payment application will submit a behind-the-scenes HTTPS direct POST that includes transaction variables, including an additional variable redirect-url, which is a URL that must exist on your web server that handles a future browser redirect. Sensitive payment information such as cc-number, cc-exp, and cvv cannot be submitted during step one. The Payment Gateway will generate and return the form-url variable containing a unique URL to be used in Step 2.
Next, during step two, you must develop an HTML form that collects at least the customer’s sensitive payment information such as cc-number, cc-exp, and cvv. You must use the form-url obtained in step one as the action in the HTML of your payment form. When the customer submits the form, the customer’s browser will transparently POST the contents of the payment form directly to the Payment Gateway. This methodology keeps your web server and payment application from seeing or transmitting any credit card data or other sensitive data. Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will be instructed to return to the redirect-url on your web server. Furthermore, the Payment Gateway will generate and append a unique variable named token-id to the redirect-url in the GET query string. This token-id is an abstraction of the customer’s sensitive payment information that the Payment Gateway collected. Your redirect-url script must parse the token-id for use in step three.
To complete the transaction, you will submit another behind-the-scenes HTTPS direct POST including only the token-id and api-key. This token-id is used to “tie” together the initial customer information with the sensitive payment information that the payment gateway collected directly.
XML Element | Description |
---|---|
<sale|auth|credit|validate|offline> | Type of transaction to perform. |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
redirect-url* | A URL on your web server that the gateway will redirect your customer to after sensitive data collection. |
amount* | Total amount to be charged (For “validate” actions, amount must be 0.00 or omitted). |
surcharge-amount | Surcharge amount. Format: x.xx |
authorization-code** | Specify authorization code. For use with “offline” action only. |
ip-address | Cardholder’s IP address. Format: xxx.xxx.xxx.xxx |
industry | Specify industry classification of transaction. Values: ‘ecommerce’, ‘moto’, or ‘retail’ |
billing-method | Set additional billing indicators. Values: ‘recurring’ or ‘installment’ |
billing-number | Specify installment billing number, on supported processors. For use when “billing-method” is set to installment. Values: 0-99 |
billing-total | Specify installment billing total on supported processors. For use when “billing-method” is set to installment. |
processor-id | If using multiple processors, route to specified processor. Obtained under Settings->Transaction Routing in the merchant control panel. |
sec-code | ACH standard entry class codes. Values: ‘PPD’, ‘WEB’, ‘TEL’, ‘CCD’, ‘POP’, or ‘ARC’ |
descriptor | Set payment descriptor on supported processors. |
descriptor-phone | Set payment descriptor phone on supported processors. |
descriptor-address | Set payment descriptor address on supported processors. |
descriptor-city | Set payment descriptor city on supported processors. |
descriptor-state | Set payment descriptor state on supported processors. |
descriptor-postal | Set payment descriptor postal code on supported processors. |
descriptor-country | Set payment descriptor country on supported processors. |
descriptor-mcc | Set payment descriptor mcc on supported processors. |
descriptor-merchant-id | Set payment descriptor merchant id on supported processors. |
descriptor-url | Set payment descriptor url on supported processors. |
currency | Set transaction currency. Format: ISO 4217 |
order-description | Order description. |
customer-id | Customer identification. |
customer-vault-id | Load customer details from an existing customer vault record. If set, no payment information is required during step two. |
merchant-receipt-email | Send merchant receipt to email |
customer-receipt | Send receipt if billing email included. Values: ‘true’ or ‘false’ |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
tracking-number | Shipping tracking number. |
shipping-carrier | Shipping carrier. Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’ |
order-id*** | Order id. |
signature-image | Cardholder signature image. For use with “sale” and “auth” actions only. Format: base64 encoded raw PNG image. (16kiB maximum) |
po-number*** | Cardholder’s purchase order number. |
tax-amount*** | The sales tax included in the transaction amount associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exempt from sales tax. Default: ‘0.00’ Format: x.xx |
shipping-amount*** | Total shipping amount. |
ship-from-postal**** | Postal/ZIP code of the address from where purchased goods are being shipped. Defaults to merchant profile postal code. |
summary-commodity-code**** | A code representing the type of commodity being purchased. The acquirer or processor will provide a list of current codes. |
duty-amount | Amount included in the transaction amount associated with the import of the purchased goods. Default: ‘0.00’ |
discount-amount | Amount included in the transaction amount of any discount applied to the complete order by the merchant. Default: ‘0.00’ |
national-tax-amount | The national tax amount included in the transaction amount. Default: ‘0.00’ |
alternate-tax-amount | Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases. Default: ‘0.00’ |
alternate-tax-id | Tax identification number of the merchant that reported the alternate tax amount. |
vat-tax-amount | Contains the amount of any value added taxes which can be associated with the purchased item. Default: ‘0.00’ |
vat-tax-rate | Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, ie 1% = 1.00. Default: ‘0.00’ |
vat-invoice-reference-number | Invoice number that is associated with the VAT invoice. |
customer-vat-registration | Value added tax registration number supplied by the cardholder. |
merchant-vat-registration | Government assigned tax identification number of the merchant from whom the goods or services were purchased. |
order-date | Purchase order date. Defaults to the date of the transaction. Format: YYMMDD |
skip-3ds | Skip over 3DS authentication process for this specific transaction. Values: “true” or “false” |
cardholder-auth† | Set 3D Secure condition. Values: ‘verified’ or ‘attempted’ |
eci† | E-commerce indicator. Values: ‘0’, ‘1’, ‘2’, ‘5’, ‘6’, or ‘7’ |
cavv† | Cardholder authentication verification value. Format: base64 encoded |
xid† | Cardholder authentication transaction id. Format: base64 encoded |
three-ds-version† | 3DSecure version. Examples: “1.0.2” or “2.0” |
directory-server-id | Directory Server Transaction ID. May be provided as part of 3DSecure 2.0 authentication. Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
initiated-by | Who initiated the transaction. Values: ‘customer’ or ‘merchant’ |
initial-transaction-id | Original payment gateway transaction id. |
stored-credential-indicator | The indicator of the stored credential. Values: ‘stored’ or ‘used’ Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system. Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method. |
dup-seconds‡ | Override duplicate transaction detection time in seconds. |
avs-reject‡ | The transaction is rejected if the address verification result is a code in this list. Values are letters obtained under Settings->Address Verification in the control panel. Format: x|x|x|x… |
cvv-reject‡ | The transaction is rejected if the card ID verification result is a code in this list. Values are letters obtained under Settings->Card ID Verification in the control panel. Format: x|x|x|x… |
<billing> | The customer’s billing information |
billing-id | Specify billing id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
account-type§ | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type§ | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Specify shipping id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done. |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping billing address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal**** | Shipping postal code. |
country**** | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
</shipping> | |
<product> | Product line item detail. Multiple product elements are allowed. |
product-code****¶ | Merchant defined description code of the item being purchased. |
description**** | Description of the item(s) being supplied. |
commodity-code**** | International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes. |
unit-of-measure**** | Code for units of measurement as used in international trade. Default: ‘EACH’ |
unit-cost**** | Unit cost of item purchased. May contain up to 4 decimal places. |
quantity**** | Quantity of the item(s) being purchased. Default: ‘1’ |
total-amount**** | Purchase amount associated with the item. Default to ‘unit-cost’ x ‘quantity’ rounded to the nearest penny. |
tax-amount**** | Amount of tax on specific item. Amount should not be included in item-total-amount. Default: ‘0.00’ |
tax-rate**** | Percentage representing the value-added tax applied. 1% = 1.00. Default: ‘0.00’ |
discount-amount | Discount amount which can have been applied by the merchant on the sale of the specific item. Amount should not be included in ‘item-total-amount’. |
discount-rate | Discount rate for the line item. 1% = 1.00. Default: ‘0.00’ |
tax-type | Type of value-added taxes that are being used. |
alternate-tax-id | Tax identification number of the merchant that reported the alternate tax amount. |
</product> | |
<add-subscription> | Perform a simultaneous ‘hybrid’ recurring action while processing a transaction. |
start-date | The first day that the customer will be charged. Format: YYYYMMDD |
<plan> | |
plan-id | The unique plan ID that references only this recurring plan. |
payments | The number of payments before the recurring plan is complete. Note: Use ‘0’ for ‘until canceled’ |
amount | The plan amount to be charged each billing cycle. Format: x.xx |
day-frequency | How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’. |
month-frequency | How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’. Values: 1 through 24 |
day-of-month | The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’. Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day |
</plan> | |
</add-subscription> | |
<add-customer|update-customer> | Perform a simultaneous ‘hybrid’ customer vault action while processing a transaction. This tag can be blank if submitting an ‘add-customer’ without specifying a ‘customer-vault-id’. |
customer-vault-id | Specify customer vault id. If omitted, will be auto-generated and returned in response. Required for ‘update-customer’. |
</add-customer|update-customer> | |
partial-payments†† | Specify whether a partial amount or full amount of the transaction should be settled. Format: ‘settle_partial’ or ‘payment_in_full’ |
partial-payment-id†† | Specify a partial payment ID. Required to collect an additional amount associated with an existing Partial Payment Transaction. Do not use on initial transaction. |
</sale|auth|credit|validate|offline> |
* | Always required |
** | Required for offline transactions |
*** | Required for Level 2 and Level 3 transactions |
**** | Required for Level 3 transactions |
† | Required for 3D-Secure transactions |
‡ | Required for Override transactions |
†† | Required for Partial Payment Transactions |
§ | Required for ACH transactions |
¶ | Required for Line Item Reporting |
XML Element | Description |
---|---|
<response> | |
result |
1=Approved 2=Declined 3=Error in transaction data or system error |
result-text | Textual response. |
transaction-id | Payment Gateway transaction id. |
result-code | Numeric mapping of processor responses (See Appendix 3). |
form-url | URL used as the action of the HTML form in step two. |
</response> |
HTML Form Fields | Description |
---|---|
billing-cc-number* | Credit card number. |
billing-cc-exp* | Credit card expiration. Format: MMYY |
billing-cvv | Card security code. |
billing-account-name** | The name on the customer’s ACH Account. |
billing-account-number** | The customer’s bank account number. |
billing-routing-number** | The customer’s bank routing number. |
billing-account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
billing-entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
billing-micr† | Physical check’s Magnetic ink strip, on supported check processors. For use with ‘POP’ or ‘ARC’ sec-code. |
billing-track-1*** | Raw magnetic stripe data, track 1. |
billing-track-2*** | Raw magnetic stripe data, track 2. |
billing-track-3*** | Raw magnetic stripe data, track 3. |
billing-magnesafe-track-1*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-track-2*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-track-3*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-ksn*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-magneprint*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-magneprint-status*** | Raw MagTek Magensa encrypted reader data. |
billing-social-security-number**** | Customer’s social security number, checked against bad check writers database if check verification is enabled. |
billing-drivers-license-number**** | Driver’s license number, checked against bad check writers’ database if check verification is enabled. |
billing-drivers-license-dob**** | Driver’s license date of birth. |
billing-drivers-license-state**** | Customer’s driver’s license state. Format: CC |
billing-first-name | Cardholder’s first name. Overwrites value if passed during step one. |
billing-last-name | Cardholder’s last name. Overwrites value if passed during step one.. |
billing-address1 | Cardholder’s billing address. Overwrites value if passed during step one. |
billing-city | Card billing city. Overwrites value if passed during step one. |
billing-state | Card billing state/province. Overwrites value if passed during step one. Format: CC |
billing-postal | Card billing postal code. Overwrites value if passed during step one. |
billing-country | Card billing country code. Overwrites value if passed during step one. Format: CC/ISO 3166 |
billing-phone | Billing phone number. Overwrites value if passed during step one. |
billing-email | Billing email address. Overwrites value if passed during step one. |
billing-company | Cardholder’s company. Overwrites value if passed during step one. |
billing-address2 | Card billing address, line 2. Overwrites value if passed during step one. |
billing-fax | Billing fax number. Overwrites value if passed during step one. |
shipping-first-name | Shipping first name. Overwrites value if passed during step one. |
shipping-last-name | Shipping last name. Overwrites value if passed during step one. |
shipping-address1 | Shipping billing address. Overwrites value if passed during step one. |
shipping-city | Shipping city. Overwrites value if passed during step one. |
shipping-state | Shipping state/province. Overwrites value if passed during step one. |
shipping-postal | Shipping postal code. Overwrites value if passed during step one. |
shipping-country | Shipping country code. Overwrites value if passed during step one. |
shipping-phone | Shipping phone number. Overwrites value if passed during step one. |
shipping-email | Shipping email address. Overwrites value if passed during step one. |
shipping-company | Shipping company. Overwrites value if passed during step one. |
shipping-address2 | Shipping address, line 2. Overwrites value if passed during step one. |
shipping-fax | Shipping fax number. Overwrites value if passed during step one. |
* | Required for keyed credit card transactions. |
** | Required for ACH transactions. |
*** | Used for retail transactions. Variables used dependent on swipe device. |
**** | Required for check verification. |
† | Required for check scanning. |
Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will immediately be redirected back to the redirect-url on your web server. A variable named token-id will be appended to the redirect-url in the GET query string as described below:
https://redirect-url/?token-id=[token]
XML Element | Description |
---|---|
<complete-action> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
token-id* | Customer payment token returned during step two. |
</complete-action> |
* | Required |
XML Element | Description |
---|---|
<response> | |
result |
1=Transaction Approved 2=Transaction Declined 3=Error in transaction data or system error |
result-text | Textual response. |
transaction-id | Payment Gateway transaction ID |
result-code | Numeric mapping of processor responses. (See Appendix 3) |
authorization-code | Transaction authorization code. |
avs-result | AVS response code. (See Appendix 1) |
cvv-result | CVV response code. (See Appendix 2) |
action-type | Action type that was initially specified. Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’ |
amount | Total amount charged. Format: x.xx |
amount-authorized | Returns the amount authorized. Format: x.xx |
ip-address | Cardholder’s IP address. Format: xxx.xxx.xxx.xxx |
industry | Industry classification of transaction. Values: ‘ecommerce’, ‘moto’, or ‘retail’ |
billing-method | Billing indicators used. Values: ‘recurring’ or ‘installment’ |
processor-id | Processor transaction was made through. |
sec-code | ACH standard entry class codes. Values: ‘PPD’, ‘WEB’, ‘TEL’, ‘CCD’, ‘POP’, or \ARC’ |
descriptor | Payment descriptor. |
descriptor-phone | Payment descriptor phone. |
descriptor-address | Set payment descriptor address on supported processors. |
descriptor-city | Set payment descriptor city on supported processors. |
descriptor-state | Set payment descriptor state on supported processors. |
descriptor-postal | Set payment descriptor postal code on supported processors. |
descriptor-country | Set payment descriptor country on supported processors. |
descriptor-mcc | Set payment descriptor mcc on supported processors. |
descriptor-merchant-id | Set payment descriptor merchant id on supported processors. |
descriptor-url | Set payment descriptor url on supported processors. |
currency | Transaction currency used. (Table 1.b) |
order-description | Order description. |
customer-id | Customer identification. |
customer-vault-id | Customer vault id used or created during action. |
merchant-receipt-email | Merchant receipt email. |
customer-receipt | Customer email receipt sent. Values: ‘true’ or ‘false’ |
partial-payment-balance | Returns the payment’s remaining balance. |
partial-payment-id | Numeric identifier used to submit subsequent partial payment transactions. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
tracking-number | Shipping tracking number. |
shipping-carrier | Shipping carrier. Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’ |
order-id | Order id. |
po-number | Cardholder’s purchase order number. |
tax-amount | The sales tax included in the transaction amount associated with the purchase. Format: x.xx |
shipping-amount | Total shipping amount. Format: x.xx |
ship-from-postal | Postal/ZIP code of the address from where purchased goods are being shipped. |
summary-commodity-code | A code representing the type of commodity being purchased. The acquirer or processor will provide a list of current codes. |
duty-amount | Amount included in the transaction amount associated with the import of the purchased goods. Format: x.xx |
discount-amount | Amount included in the transaction amount of any discount applied to the complete order by the merchant. Format: x.xx |
national-tax-amount | The national tax amount included in the transaction amount. Format: x.xx |
alternate-tax-amount | Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases. Default: ‘0.00’ Format: x.xx |
alternate-tax-id | Tax identification number of the merchant that reported the alternate tax amount. |
vat-tax-amount | Contains the amount of any value added taxes which can be associated with the purchased item. Format: x.xx |
vat-tax-rate | Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, ie 1% = 1.00. Format: x.xx |
vat-invoice-reference-number | Invoice number that is associated with the VAT invoice. |
customer-vat-registration | Value added tax registration number supplied by the cardholder. |
merchant-vat-registration | Government assigned tax identification number of the merchant from whom the goods or services were purchased. |
order-date | Purchase order date. Format: YYMMDD |
cardholder-auth | 3D Secure condition. Values: ‘verified’ or ‘attempted’ |
eci | E-commerce indicator. Values: ‘0’, ‘1’, ‘2’, ‘5’, ‘6’, or ‘7’ |
cavv | Cardholder authentication verification value. Format: base64 encoded |
xid | Cardholder authentication transaction id. Format: base64 encoded |
three-ds-version | 3DSecure version. Examples: “1.0.2” or “2.0” |
directory-server-id | Directory Server Transaction ID. May be provided as part of 3DSecure 2.0 authentication. Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
dup-seconds | Override duplicate transaction detection checking in seconds. |
avs-reject | Values are letters obtained under Settings->Address Verification in the control panel. |
cvv-reject | Values are letters obtained under Settings->Card ID Verification in the control panel. |
<billing> | The customer’s billing information |
billing-id | Billing id used or created for this action. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
social-security-number | Customer’s social security number |
drivers-license-number | Driver’s license number. |
drivers-license-dob | Driver’s license date of birth. |
drivers-license-state | Customer’s driver’s license state. Format: CC |
cc-number | Masked credit card number. Format: XXXXXX********XXXX |
cc-exp | Credit card expiration Format: MMYY |
account-name | The name on the customer’s bank account. |
account-number | Masked bank account number. Format: X****XXXX |
routing-number | Masked bank routing number. Format: X****XXXX |
account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
priority | Billing id priority. Format: Numeric, 1-255 |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Shipping id used or created for this action. Recommended when using customer vault hybrid action; will be ignored if no hybrid add/update-customer is done. |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping billing address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal | Shipping postal code. |
country | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
priority | Shipping id priority. Format: Numeric, 1-255 |
</shipping> | |
<product> | Product line item detail. Multiple product elements are allowed. |
product-code | Merchant defined description code of the item being purchased. |
description | Description of the item(s) being supplied. |
commodity-code | International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes. |
unit-of-measure | Code for unites of measurement as used in international trade. |
unit-cost | Unit cost of item purchased. May contain up to 4 decimal places. |
quantity | Quantity of the item(s) being purchased. |
total-amount | Purchase amount associated with the item. Format: x.xx |
tax-amount | Amount of tax on specific item. Amount should not be included in item-total-amount. Format: x.xx |
tax-rate | Percentage representing the value-added tax applied. 1% = 1.00. Format: x.xx |
discount-amount | Discount amount which can have been applied by the merchant on the sale of the specific item. Format: x.xx |
discount-rate | Discount rate for the line item. 1% = 1.00 Format: x.xx |
tax-type | Type of value-added taxes that are being used. |
alternate-tax-id | Tax identification number of the merchant that reported the alternate tax amount. |
</product> | |
</response> |
Element | Description |
---|---|
<capture> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
transaction-id* | Original Payment Gateway transaction id. |
amount | Total amount to be settled, this amount may be equal to or less than the authorized amount. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
tracking-number | Shipping tracking number. |
shipping-carrier | Shipping carrier used. Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’ |
order-id | Order ID. |
signature-image | Cardholder signature image. Format: base64 encoded raw PNG image. (16kiB maximum) |
</capture> |
* | Required |
Element | Description |
---|---|
<void> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
transaction-id* | Original Payment Gateway transaction id. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
</void> |
* | Required |
Element | Description |
---|---|
<refund> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
transaction-id* | Original Payment Gateway transaction id. |
amount | Total amount to be refunded. This amount may be equal to or less than the settled amount. Setting the amount to 0.00 will refund the entire amount. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
</refund> |
* | Required |
Element | Description |
---|---|
<update> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
transaction-id* | Original Payment Gateway transaction id. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
tracking-number | Shipping tracking number. |
shipping-carrier | Shipping carrier used. Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’ |
order-id | Order ID. |
signature-image | Cardholder signature image. Format: base64 encoded raw PNG image. (16kiB maximum) |
</update> |
* | Required |
Element | Description |
---|---|
<complete-partial-payment> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
partial-payment-id* | Specify a partial payment ID. Required to collect an additional amount associated with an existing Partial Payment Transaction. Do not use on initial transaction. |
</complete-partial-payment> |
* | Required |
Element | Description |
---|---|
<add-subscription> | Associate payment information with a recurring plan. |
api-key* | api-key is obtained in the Security Keys section of the Control Panel Settings. |
redirect-url* | A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required when sensitive data is not presented. Example: Adding a Subscription using a Customer Vault ID. |
customer-vault-id | Load customer details from an existing customer vault record. If set, no payment information is required during step two. |
start-date | The first day that the customer will be charged. Format: YYYYMMDD |
order-id | Order id. |
po-number | Cardholder’s purchase order number. |
order-description | Order description. |
currency | Set transaction currency. Format: ISO 4217 |
tax-amount | The sales tax included in the transaction amount associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exampt from sales tax. Default: 0.00′ Format: x.xx |
shipping-amount | Total shipping amount. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
source-transaction-id | Specifies a payment gateway transaction id in order to associate payment information with a Subscription record. |
<plan> | |
plan-id* | The unique plan ID that references only this recurring plan. |
</plan> | |
<billing> | The customer’s billing information |
billing-id | Specify billing id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
account-type** | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type** | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Specify shipping id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done. |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal | Shipping postal code. |
country | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
</shipping> | |
</add-subscription> |
* | Always required |
** | Required for ACH transactions |
Element | Description |
---|---|
<add-subscription> | Associate payment information with a recurring plan. |
api-key* | api-key is obtained in the Security Keys section of the Control Panel Settings. |
redirect-url* | A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required when sensitive data is not presented. Example: Adding a Subscription using a Customer Vault ID. |
customer-vault-id | Load customer details from an existing customer vault record. If set, no payment information is required during step two. |
start-date | The first day that the customer will be charged. Format: YYYYMMDD |
order-id | Order id. |
po-number | Cardholder’s purchase order number. |
order-description | Order description. |
currency | Set transaction currency. Format: ISO 4217 |
tax-amount | The sales tax included in the transaction amount associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exampt from sales tax. Default: ‘0.00’ Format: x.xx |
shipping-amount | Total shipping amount. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
source-transaction-id | Specifies a payment gateway transaction id in order to associate payment information with a Subscription record. |
<plan> | |
payments* | The number of payments before the recurring plan is complete. Notes: ‘0’ for until canceled |
amount* | The plan amount to be charged each billing cycle. Format: x.xx |
day-frequency*** | How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’. |
month-frequency**** | How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’. Values: 1 through 24 |
day-of-month**** | The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’. Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day |
</plan> | |
<billing> | The customer’s biling information |
billing-id | Specify billing id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
account-type** | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type** | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Specify shipping id. Recommended when using customer vault hybrid action. Will be ignored if no hybrid add/update-customer is done. |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal | Shipping postal code. |
country | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
</shipping> | |
</add-subscription> |
* | Always required |
** | Required for ACH transactions |
*** | Required unless ‘month-frequency’ and ‘day-of-month’ is set. |
**** | Required unless ‘day-frequency’ is set. |
Element | Description |
---|---|
<update-subscription> | Update Customer’s information for a subscription. |
api-key* | api-key is obtained in the Security Keys section of the Control Panel Settings. |
redirect-url* | A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required when sensitive data is not presented. Example: Updating a Subscription using a Customer Vault ID. |
subscription-id* | The subscription that will be updated. |
order-id | Order id. |
po-number | Cardholder’s purchase order number. |
order-description | Order description. |
currency | Set transaction currency. Format: ISO 4217 |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
<billing> | The customer’s billing information |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
account-type** | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type** | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
</billing> | |
<shipping> | The customer’s shipping information. |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal | Shipping postal code. |
country | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
</shipping> | |
</update-subscription> |
* | Always Required. |
** | Required for ACH subscriptions. |
HTML Form Fields | Description |
---|---|
billing-cc-number* | Credit card number. |
billing-cc-exp* | Credit card expiration. Format: MMYY |
billing-cvv | Card security code. |
billing-account-name** | The name on the customer’s ACH Account. |
billing-account-number** | The customer’s bank account number. |
billing-routing-number** | The customer’s bank routing number. |
billing-account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
billing-entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
billing-micr† | Physical check’s Magnetic ink strip, on supported check processors. For use with ‘POP’ or ‘ARC’ sec-code. |
billing-track-1*** | Raw magnetic stripe data, track 1. |
billing-track-2*** | Raw magnetic stripe data, track 2. |
billing-track-3*** | Raw magnetic stripe data, track 3. |
billing-magnesafe-track-1*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-track-2*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-track-3*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-ksn*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-magneprint-status*** | Raw MagTek Magensa encrypted reader data. |
billing-social-security-number**** | Customer’s social security number, checked against bad check writers database if check verification is enabled. |
billing-drivers-license-number**** | Drivers license number, checked against bad check writers database if check verification is enabled. |
billing-drivers-license-dob**** | Drivers license date of birth. |
billing-drivers-license-state**** | Customer’s drivers license state. Format: CC |
billing-first-name | Cardholder’s first name. Overwrites value if passed during step one. |
billing-last-name | Cardholder’s last name. Overwrites value if passed during step one. |
billing-address1 | Cardholder’s billing address. Overwrites value if passed during step one. |
billing-city | Card billing city. Overwrites value if passed during step one. |
billing-state | Card billing state/province. Overwrites value if passed during step one. Format: CC |
billing-postal | Card billing postal code. Overwrites value if passed during step one. |
billing-country | Card billing country code. Overwrites value if passed during step one. Format: CC/ISO 3166 |
billing-phone | Billing phone number. Overwrites value if passed during step one. |
billing-email | Billing email address. Overwrites value if passed during step one. |
billing-company | Cardholder’s company. Overwrites value if passed during step one. |
billing-address2 | Card billing address, line 2. Overwrites value if passed during step one. |
billing-fax | Billing fax number. Overwrites value if passed during step one. |
shipping-first-name | Shipping first name. Overwrites value if passed during step one. |
shipping-last-name | Shipping last name. Overwrites value if passed during step one. |
shipping-address1 | Shipping address. Overwrites value if passed during step one. |
shipping-city | Shipping city. Overwrites value if passed during step one. |
shipping-state | Shipping state/province. Overwrites value if passed during step one. |
shipping-postal | Shipping postal code. Overwrites value if passed during step one. |
shipping-country | Shipping country code. Overwrites value if passed during step one. |
shipping-phone | Shipping phone number. Overwrites value if passed during step one. |
shipping-email | Shipping email address. Overwrites value if passed during step one. |
shipping-company | Shipping company. Overwrites value if passed during step one. |
shipping-address2 | Shipping address, line 2. Overwrites value if passed during step one. |
shipping-fax | Shipping fax number. Overwrites value if passed during step one. |
* | Required for keyed credit card transactions. |
** | Required for ACH transactions. |
*** | Used for retail transactions. Variables used dependant on swipe device. |
**** | Required for check verification. |
† | Required for check scanning. |
Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will immediately be redirected back to the redirect-url on your web server. A variable named token-id will be appended to the redirect-url in the GET query string as described below:
https://redirect-url/?token-id=[token]
XML Element | Description |
---|---|
<complete-action> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
token-id* | Customer payment token returned during step two. |
</complete-action> |
* | Required |
XML Element | Description |
---|---|
response | |
result |
1=Transaction Approved 2=Transction Declined 3=Error in transaction data or system error |
result-text | Textual response. |
result-code | Numeric mapping of processor responses. (See Appendix 3) |
action-type | Action type that was initially specified. Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’ |
subscription-id | Subscription ID used or created during action. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
<plan> | |
payments | The number of payments before the recurring plan is complete. Notes: ‘0’ for until canceled |
amount | The plan amount to be charged each billing cycle. Format: x.xx |
name | The display name of the plan. |
plan-id | The plan ID that is associated with this subscription. |
day-frequency | How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’. |
month-frequency | How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’. Values: 1 through 24 |
day-of-month | The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’. Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day |
</plan> | |
<billing> | The customer’s billing information. |
billing-id | Billing id used or created for this action. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
social-security-number | Customer’s social security number |
drivers-license-number | Drivers license number. |
drivers-license-dob | Drivers license date of birth. |
drivers-license-state | Customer’s drivers license state. Format: CC |
cc-number | Masked credit card number. Format: XXXXXX********XXXX |
cc-exp | Credit card expiration. Format: MMYY |
account-name | The name on the customer’s bank account. |
account-number | Masked bank account number. Format: X****XXXX |
routing-number | Masked bank routing number. Format: X****XXXX |
account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
priority | Billing id priority. Format: Numeric, 1-255 |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Shipping id used or created during action. |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal | Shipping postal code. |
country | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
priority | Shipping id priority. Format: Numeric, 1-255 |
</shipping> | |
</response> |
Element | Description |
---|---|
<add-plan> | Add a recurring plan that subscriptions can be added to in the future. |
api-key* | api-key is obtained in the Security Keys section of the Control Panel Settings. |
<plan> | |
payments* | The number of payments before the recurring plan is complete. Notes: ‘0’ for until canceled |
amount* | The plan amount to be charged each billing cycle. Format: x.xx |
name* | The display name of the plan. |
plan-id* | The unique plan ID that references only this recurring plan. |
day-frequency** | How often, in days, to charge the customer. Cannot be set with ‘month-frequency’ or ‘day-of-month’. |
month-frequency*** | How often, in months, to charge the customer. Cannot be set with ‘day-frequency’. Must be set with ‘day-of-month’. Values: 1 through 24 |
day-of-month*** | The day that the customer will be charged. Cannot be set with ‘day-frequency’. Must be set with ‘month-frequency’. Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day |
</plan> | |
</add-plan> |
* | Always required |
** | Required unless ‘month-frequency’ and ‘day-of-month’ is set. |
*** | Required unless ‘day-frequency’ is set. |
Element | Description |
---|---|
<delete-subscription> | Delete the subscription. Customer will no longer be charged. |
api-key* | api-key is obtained in the Security Keys section of the Control Panel Settings. |
subscription-id* | The subscription ID that will be deleted. |
</delete-subscription> |
* | Always required |
XML Element | Description |
---|---|
<add-customer|update-customer> | Type of transaction to perform. |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
redirect-url* |
A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required for ‘update-customer’ requests when sensitive data is not being presented. Example: Updating an address or zip code only. |
customer-vault-id | Load customer details from an existing customer vault record. If set, no payment information is required during step two. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
source-transaction-id | Specifies a payment gateway transaction id in order to associate payment information with a Customer Vault record. |
<billing> | The customer’s billing information |
billing-id | Specify billing id. Required for ‘update-customer’ if multiple billing-ids exist, optional for ‘add-billing’. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
priority | Specify priority (If omitted, will be auto-generated and returned in response). Format: Numeric, 1-255 |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Specify shipping id (Required for update-customer if multiple shipping-ids exist. Optional for add-billing). |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping billing address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal | Shipping postal code. |
country | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
priority | Specify priority, if omitted, will be auto-generated and returned in response. Format: Numeric, 1-255 |
</shipping> | |
</add-customer|update-customer> |
* | Required |
XML Element | Description |
---|---|
<response> | |
result |
1=Approved 2=Declined 3=Error in transaction data or system error |
result-text | Textual response. |
result-code | Numeric mapping of processor responses. (See Appendix 3) |
form-url | URL used as the action of the HTML form in step two. |
</response> |
HTML Form Fields | Description |
---|---|
billing-cc-number* | Credit card number. |
billing-cc-exp* | Credit card expiration. Format: MMYY |
billing-cvv | Card security code. |
billing-account-name** | The name on the customer’s ACH Account. |
billing-account-number** | The customer’s bank account number. |
billing-routing-number** | The customer’s bank routing number. |
billing-account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
billing-entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
billing-micr† | Physical check’s Magnetic ink strip, on supported check processors. For use with ‘POP’ or ‘ARC’ sec-code. |
billing-track-1*** | Raw magnetic stripe data, track 1. |
billing-track-2*** | Raw magnetic stripe data, track 2. |
billing-track-3*** | Raw magnetic stripe data, track 3. |
billing-magnesafe-track-1*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-track-2*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-track-3*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-ksn*** | Raw MagTek Magensa encrypted reader data. |
billing-magnesafe-magneprint-status*** | Raw MagTek Magensa encrypted reader data. |
billing-social-security-number**** | Customer’s social security number (Checked against bad check writers database if check verification is enabled). |
billing-drivers-license-number**** | Driver’s license number (Checked against bad check writers database if check verification is enabled). |
billing-drivers-license-dob**** | Driver’s license date of birth. |
billing-drivers-license-state**** | Customer’s driver’s license state. Format: CC |
billing-first-name | Cardholder’s first name, overwrites value if passed during step one. |
billing-last-name | Cardholder’s last name, overwrites value if passed during step one. |
billing-address1 | Cardholder’s billing address, overwrites value if passed during step one. |
billing-city | Card billing city, overwrites value if passed during step one. |
billing-state | Card billing state/province, overwrites value if passed during step one. Format: CC |
billing-postal | Card billing postal code, overwrites value if passed during step one. |
billing-country | Card billing country code, overwrites value if passed during step one. Format: CC/ISO 3166 |
billing-phone | Billing phone number, overwrites value if passed during step one. |
billing-email | Billing email address, overwrites value if passed during step one. |
billing-company | Cardholder’s company, overwrites value if passed during step one. |
billing-address2 | Card billing address, line 2, overwrites value if passed during step one. |
billing-fax | Billing fax number, overwrites value if passed during step one. |
shipping-first-name | Shipping first name, overwrites value if passed during step one. |
shipping-last-name | Shipping last name, overwrites value if passed during step one. |
shipping-address1 | Shipping billing address, overwrites value if passed during step one. |
shipping-city | Shipping city, overwrites value if passed during step one. |
shipping-state | Shipping state/province, overwrites value if passed during step one. Format: CC |
shipping-postal | Shipping postal code, overwrites value if passed during step one. |
shipping-country | Shipping country code, overwrites value if passed during step one. Format: CC/ISO 3166 |
shipping-phone | Shipping phone number, overwrites value if passed during step one. |
shipping-email | Shipping email address, overwrites value if passed during step one. |
shipping-company | Shipping company, overwrites value if passed during step one. |
shipping-address2 | Shipping address, line 2, overwrites value if passed during step one. |
shipping-fax | Shipping fax number, overwrites value if passed during step one. |
* | Required for keyed credit card transactions. |
** | Required for ACH transactions. |
*** | Used for retail transactions. Variables used dependent on swipe device. |
**** | Required for check verification. |
† | Required for check scanning. |
Once the Payment Gateway has collected the customer’s sensitive payment details, the customer’s browser will immediately be redirected back to the redirect-url on your web server. A variable named token-id will be appended to the redirect-url in the GET query string as described below:
https://redirect-url/?token-id=[token]
XML Element | Description |
---|---|
<complete-action> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
token-id* | Customer payment token returned during step two. |
</complete-action> |
* | Required |
XML Element | Description |
---|---|
<response> | |
result |
1=Transaction Approved 2=Transaction Declined 3=Error in transaction data or system error |
result-text | Textual response. |
result-code | Numeric mapping of processor responses. (See Appendix 3) |
action-type | Action type that was initially specified. Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’ |
customer-vault-id | Customer vault id used or created during action. |
merchant-defined-field-# | Merchant specified custom fields. Format: <merchant-defined-field-1>Value</merchant-defined-field-1> |
<billing> | The customer’s billing information. |
billing-id | Billing id used or created for this action. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
social-security-number | Customer’s social security number |
drivers-license-number | Driver’s license number. |
drivers-license-dob | Driver’s license date of birth. |
drivers-license-state | Customer’s driver’s license state. Format: CC |
cc-number | Masked credit card number. Format: XXXXXX********XXXX |
cc-exp | Credit card expiration. Format: MMYY |
account-name | The name on the customer’s bank account. |
account-number | Masked bank account number. Format: X****XXXX |
routing-number | Masked bank routing number. Format: X****XXXX |
account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
priority | Billing id priority. Format: Numeric, 1-255 |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Shipping id used or created during action. |
first-name | Shipping first name. |
last-name | Shipping last name. |
address1 | Shipping billing address. |
city | Shipping city. |
state | Shipping state/province. Format: CC |
postal | Shipping postal code. |
country | Shipping country code. Format: CC/ISO 3166 |
phone | Shipping phone number. |
Shipping email address. | |
company | Shipping company. |
address2 | Shipping address, line 2. |
fax | Shipping fax number. |
priority | Shipping id priority. Format: Numeric, 1-255 |
</shipping> | |
</response> |
XML Element | Description |
---|---|
<add-billing|update-billing> | Type of transaction to perform. |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
redirect-url* |
A URL on your web server that the gateway will redirect your customer to after sensitive data collection. Value is not required for ‘update-billing’ requests when sensitive data is not presented. Example: Updating an address or zip code only. |
customer-vault-id* | Load customer details from an existing customer vault record. If set, no payment information is required during step two. |
<billing> | The customer’s billing information |
billing-id | Specify billing id. Required for update-customer if multiple billing ids exist, optional for add-billing. |
first-name | Cardholder’s first name. |
last-name | Cardholder’s last name. |
address1 | Cardholder’s billing address. |
city | Card billing city. |
state | Card billing state/province. Format: CC |
postal | Card billing postal code. |
country | Card billing country code. Format: CC/ISO 3166 |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
account-type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
entity-type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
priority | Specify priority (If omitted, will be auto-generated and returned in response.) Format: Numeric, 1-255 |
</billing> | |
</add-billing|update-billing> |
* | Required |
Element | Description |
---|---|
<sale|auth|credit|validate|offline> | Any and all optional fields described here can be appended to this request. |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
amount* | Total amount to be charged (For “validate” actions, amount must be 0.00 or omitted). Format: x.xx |
surcharge-amount | Surcharge amount. Format: x.xx |
authorization-code | Specify authorization code. For use with “offline” action only. |
processor-id | If using multiple MIDs, route to this processor. The values for ‘processor-id’ are obtained under ‘Settings’->’Transaction Routing’ in the Control Panel. |
customer-vault-id* | Load Customer details from an existing Customer Vault record. |
signature-image | Cardholder signature image. For use with “sale” and “auth” actions only. Format: base64 encoded raw PNG image. (16kiB maximum) |
<billing> | The customer’s billing information. |
billing-id | Load Billing ID details from an existing Billing record. If not set, the billing-id with the highest priority will be used by default. |
</billing> | |
<shipping> | The customer’s shipping information. |
shipping-id | Load shipping id details from an existing shipping record. If unset, the shipping-id with the highest priority will be used by default. |
</shipping> | |
</sale|auth|credit|validate|offline> |
* | Required |
Element | Description |
---|---|
<delete-customer> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
customer-vault-id* | Specify customer to be deleted. |
</delete-customer> |
* | Required |
Element | Description |
---|---|
<delete-billing> | |
api-key* | api-key is obtained in the security keys section of the control panel settings. |
customer-vault-id* | Load customer details from an existing customer vault record. If set, no payment information is required during step two. |
<billing> | |
billing-id* | Specify billing id to delete. |
</billing> | |
</delete-billing> |
* | Required |
These requests can be made the by replacing the billing section with shipping
Transactions can be tested using one of two methods. First, transactions can be submitted to any merchant account that is in test mode. Keep in mind that if an account is in test mode, all valid credit cards will be approved but no charges will actually be processed.
The Payment Gateway demo account can also be used for testing at any time. Please use the following api-key for testing with this account:
api-key: | 2F822Rw39fx762MaV7Yy86jXGTC7sCDy |
In step one and step three, transaction details should be POST’ed using XML to the following URL:
POST URL | https://secure.apsmerchantgateway.com/api/v2/three-step |
Transactions can be submitted using the following information:
Visa: | 4111111111111111 |
MasterCard: | 5431111111111111 |
Discover: | 6011601160116611 |
American Express: | 341111111111111 |
Diner’s Club: | 30205252489926 |
JCB: | 3541963594572595 |
Maestro: | 6799990100000000019 |
Credit Card Expiration: | 10/25 |
account (ACH): | 123123123 |
routing (ACH): | 123123123 |
amount | 1.00 (Amounts under 1.00 generate failure). |
X | Exact match, 9-character numeric ZIP |
Y | Exact match, 5-character numeric ZIP |
D | Exact match, 5-character numeric ZIP |
M | Exact match, 5-character numeric ZIP |
2 | Exact match, 5-character numeric ZIP, customer name |
6 | Exact match, 5-character numeric ZIP, customer name |
A | Address match only |
B | Address match only |
3 | Address, customer name match only |
7 | Address, customer name match only |
W | 9-character numeric ZIP match only |
Z | 5-character ZIP match only |
P | 5-character ZIP match only |
L | 5-character ZIP match only |
1 | 5-character ZIP, customer name match only |
5 | 5-character ZIP, customer name match only |
N | No address or ZIP match only |
C | No address or ZIP match only |
4 | No address or ZIP or customer name match only |
8 | No address or ZIP or customer name match only |
U | Address unavailable |
G | Non-U.S. issuer does not participate |
I | Non-U.S. issuer does not participate |
R | Issuer system unavailable |
E | Not a mail/phone order |
S | Service not supported |
0 | AVS not available |
O | AVS not available |
B | AVS not available |
M | CVV2/CVC2 match |
N | CVV2/CVC2 no match |
P | Not processed |
S | Merchant has indicated that CVV2/CVC2 is not present on card |
U | Issuer is not certified and/or has not provided Visa encryption keys |
100 | Transaction was approved. |
200 | Transaction was declined by processor. |
201 | Do not honor. |
202 | Insufficient funds. |
203 | Over limit. |
204 | Transaction not allowed. |
220 | Incorrect payment information. |
221 | No such card issuer. |
222 | No card number on file with issuer. |
223 | Expired card. |
224 | Invalid expiration date. |
225 | Invalid card security code. |
226 | Invalid PIN. |
240 | Call issuer for further information. |
250 | Pick up card. |
251 | Lost card. |
252 | Stolen card. |
253 | Fraudulent card. |
260 | Declined with further instructions available. (See response text) |
261 | Declined-Stop all recurring payments. |
262 | Declined-Stop this recurring program. |
263 | Declined-Update cardholder data available. |
264 | Declined-Retry in a few days. |
300 | Transaction was rejected by gateway. |
400 | Transaction error returned by processor. |
410 | Invalid merchant configuration. |
411 | Merchant account is inactive. |
420 | Communication error. |
421 | Communication error with issuer. |
430 | Duplicate transaction at processor. |
440 | Processor format error. |
441 | Invalid transaction information. |
460 | Processor feature not available. |
461 | Unsupported card type. |
Download example as a ZIP file
Example Files:
[ Back to Top ]
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="step1.aspx.cs" Inherits="ThreeStepExample._Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Collect non-sensitive Customer Info</title>
<style type="text/css">
.style1
{
margin-left: 150px;
}
</style>
</head>
<body>
<form id="form1" runat="server" action="step1.aspx" >
<h2>Step One: Collect non-sensitive payment information.<br /></h2>
<h3> Customer Information</h3>
<h4> Billing Details</h4>
<table>
<tr><td>Customer Vault Id </td><td><asp:TextBox ID="CustomerVaultId" runat="server"></asp:TextBox></td></tr>
<tr><td>Company</td><td><asp:TextBox ID="billingAddressCompany" runat="server">Acme, Inc.</asp:TextBox> </td></tr>
<tr><td>First Name </td><td><asp:TextBox ID="billingAddressFirstName" runat="server"> John</asp:TextBox></td></tr>
<tr><td>Last Name </td><td><asp:TextBox ID="billingAddressLastName" runat="server" value="Smith"/></td></tr>
<tr><td>Address </td><td><asp:TextBox ID="billingAddressAddress1" runat="server" value="1234 Main St."/></td></tr>
<tr><td>City </td><td><asp:TextBox ID="billingAddressCity" runat="server" value="Beverly Hills"/></td></tr>
<tr><td>State/Province </td><td><asp:TextBox ID="billingAddressState" runat="server" value="CA"/></td></tr>
<tr><td>Zip/Postal </td><td><asp:TextBox ID="billingAddressZip" runat="server" value="90210"/></td></tr>
<tr><td>Country </td><td><asp:TextBox ID="billingAddressCountry" runat="server" value="US"/></td></tr>
<tr><td>Phone Number </td><td><asp:TextBox ID="billingAddressPhone" runat="server" value="555-555-5555"/></td></tr>
<tr><td>Email Address </td><td><asp:TextBox ID="billingAddressEmail" runat="server" value="test@example.com"/></td></tr>
<tr><td><h4><br /> Shipping Details</h4> </td></tr>
<tr><td>First Name </td><td><asp:TextBox ID="shippingAddressFirstName" runat="server" value="Mary"/></td></tr>
<tr><td>Last Name </td><td><asp:TextBox ID="shippingAddressLastName" runat="server" value="Smith"/></td></tr>
<tr><td>Address </td><td><asp:TextBox ID="shippingAddressAddress1" runat="server" value="1234 Main St."/></td></tr>
<tr><td>Suite</td><td><asp:TextBox ID="shippingAddressAddress2" runat="server" value="Unit #2"/></td></tr>
<tr><td>City </td><td><asp:TextBox ID="shippingAddressCity" runat ="server" value="Beverly Hills"/></td></tr>
<tr><td>State/Province </td><td><asp:TextBox ID="shippingAddressState" runat="server" value="CA"/></td></tr>
<tr><td>Zip/Postal </td><td><asp:TextBox ID="shippingAddressZip" runat="server" value="90210"/></td></tr>
<tr><td>Country</td><td><asp:TextBox ID="shippingAddressCountry" runat="server" value="US"/></td></tr>
<tr><td>Phone Number </td><td><asp:TextBox ID="shippingAddressPhone" runat="server" value="555-555-5555"/></td></tr>
<tr><td colspan="2"> </td></tr>
<tr><td colspan="2" align="center">Total Amount $12.00 </td></tr>
<tr><td colspan="2" align="center"><asp:Button runat="server" Text="Submit Step One"
ID="submitStepOne" onclick="stepOneSubmit_Click" ></asp:Button> </td></tr>
</table>
</form>
</body>
</html>
[ Back to Top ]
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Windows.Forms;
using System.Web.UI;
using System.Xml;
using System.Web.UI.WebControls;
using System.IO;
using System.Net;
using System.Text;
using System.Security.Cryptography.X509Certificates;
namespace ThreeStepExample
{
public class Program :ICertificatePolicy {
public bool CheckValidationResult (ServicePoint sp,
X509Certificate certificate, WebRequest request, int error)
{
return true;
}
}
public partial class _Default :System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (Request["token-id"] != null)
{
//MessageBox.Show(Request["token-id"]);
XmlDocument xmlRequest = new XmlDocument();
XmlDeclaration xmlDecl = xmlRequest.CreateXmlDeclaration("1.0", "UTF-8", "yes");
XmlElement root = xmlRequest.DocumentElement;
xmlRequest.InsertBefore(xmlDecl, root);
XmlElement xmlCompleteTransaction = xmlRequest.CreateElement("complete-action");
XmlElement xmlApiKey = xmlRequest.CreateElement("api-key");
xmlApiKey.InnerText = "2F822Rw39fx762MaV7Yy86jXGTC7sCDy";
xmlCompleteTransaction.AppendChild(xmlApiKey);
XmlElement xmlTokenId = xmlRequest.CreateElement("token-id");
xmlTokenId.InnerText = Request["token-id"];
xmlCompleteTransaction.AppendChild(xmlTokenId);
xmlRequest.AppendChild(xmlCompleteTransaction);
string responseFromServer = this.sendXMLRequest(xmlRequest);
XmlReader responseReader = XmlReader.Create(new StringReader(responseFromServer));
XmlDocument xDoc = new XmlDocument();
xDoc.Load(responseReader);
XmlNodeList response = xDoc.GetElementsByTagName("result");
XmlNodeList responseText = xDoc.GetElementsByTagName("result-text");
Session["data"] = responseFromServer;
Session["result"] = response[0].InnerText;
Session["result-text"] = responseText[0].InnerText;
responseReader.Close();
Server.Transfer("step3.aspx");
}
}
protected void stepOneSubmit_Click(object sender, EventArgs e)
{
XmlDocument xmlRequest = new XmlDocument();
XmlDeclaration xmlDecl = xmlRequest.CreateXmlDeclaration("1.0","UTF-8","yes");
XmlElement root = xmlRequest.DocumentElement;
xmlRequest.InsertBefore(xmlDecl, root);
XmlElement xmlSale = xmlRequest.CreateElement("sale");
XmlElement xmlApiKey = xmlRequest.CreateElement("api-key");
xmlApiKey.InnerText = "2F822Rw39fx762MaV7Yy86jXGTC7sCDy";
xmlSale.AppendChild(xmlApiKey);
XmlElement xmlRedirectUrl = xmlRequest.CreateElement("redirect-url");
xmlRedirectUrl.InnerText = Request.ServerVariables["HTTP_REFERER"];
xmlSale.AppendChild(xmlRedirectUrl);
XmlElement xmlAmount = xmlRequest.CreateElement("amount");
xmlAmount.InnerText = "12.00";
xmlSale.AppendChild(xmlAmount);
XmlElement xmlRemoteAddr = xmlRequest.CreateElement("ip-address");
xmlRemoteAddr.InnerText = Request.ServerVariables["REMOTE_ADDR"];
xmlSale.AppendChild(xmlRemoteAddr);
XmlElement xmlCurrency = xmlRequest.CreateElement("currency");
xmlCurrency.InnerText = "USD";
xmlSale.AppendChild(xmlCurrency);
XmlElement xmlOrderId = xmlRequest.CreateElement("order-id");
xmlOrderId.InnerText = "1234";
xmlSale.AppendChild(xmlOrderId);
XmlElement xmlOrderDescription = xmlRequest.CreateElement("order-description");
xmlOrderDescription.InnerText = "Small Order";
xmlSale.AppendChild(xmlOrderDescription);
XmlElement xmlMDF1 = xmlRequest.CreateElement("merchant-defined-field-1");
xmlMDF1.InnerText = "Red";
xmlSale.AppendChild(xmlMDF1);
XmlElement xmlMDF2 = xmlRequest.CreateElement("merchant-defined-field-2");
xmlMDF2.InnerText = "Medium";
xmlSale.AppendChild(xmlMDF2);
XmlElement xmlTax = xmlRequest.CreateElement("tax-amount");
xmlTax.InnerText = "0.00";
xmlSale.AppendChild(xmlTax);
XmlElement xmlShipping = xmlRequest.CreateElement("shipping-amount");
xmlShipping.InnerText = "0.00";
xmlSale.AppendChild(xmlShipping);
if (!(CustomerVaultId.Text.Equals("") || CustomerVaultId.Text.Equals('0')))
{
XmlElement xmlCustomerVaultId = xmlRequest.CreateElement("customer-vault-id");
xmlCustomerVaultId.InnerText = CustomerVaultId.Text;
xmlSale.AppendChild(xmlCustomerVaultId);
}
//To Add a customer
/* else
{
XmlElement xmlAddCustomer = xmlRequest.CreateElement("add-customer");
XmlElement xmlCustomerVaultId = xmlRequest.CreateElement("customer-vault-id");
xmlCustomerVaultId.InnerText = "411";
xmlAddCustomer.AppendChild(xmlCustomerVaultId);
xmlSale.AppendChild(xmlAddCustomer);
}
*/
XmlElement xmlBillingAddress = xmlRequest.CreateElement("billing");
XmlElement xmlFirstName = xmlRequest.CreateElement("first-name");
xmlFirstName.InnerText = billingAddressFirstName.Text;
xmlBillingAddress.AppendChild(xmlFirstName);
XmlElement xmlLastName = xmlRequest.CreateElement("last-name");
xmlLastName.InnerText = billingAddressLastName.Text;
xmlBillingAddress.AppendChild(xmlLastName);
XmlElement xmlAddress1 = xmlRequest.CreateElement("address1");
xmlAddress1.InnerText = billingAddressAddress1.Text;
xmlBillingAddress.AppendChild(xmlAddress1);
XmlElement xmlCity = xmlRequest.CreateElement("city");
xmlCity.InnerText = billingAddressCity.Text;
xmlBillingAddress.AppendChild(xmlCity);
XmlElement xmlState = xmlRequest.CreateElement("state");
xmlState.InnerText = billingAddressState.Text;
xmlBillingAddress.AppendChild(xmlState);
XmlElement xmlZip = xmlRequest.CreateElement("postal");
xmlZip.InnerText = billingAddressZip.Text;
xmlBillingAddress.AppendChild(xmlZip);
XmlElement xmlCountry = xmlRequest.CreateElement("country");
xmlCountry.InnerText = billingAddressCountry.Text;
xmlBillingAddress.AppendChild(xmlCountry);
XmlElement xmlPhone = xmlRequest.CreateElement("phone");
xmlPhone.InnerText = billingAddressPhone.Text;
xmlBillingAddress.AppendChild(xmlPhone);
XmlElement xmlCompany = xmlRequest.CreateElement("company");
xmlCompany.InnerText = billingAddressCompany.Text;
xmlBillingAddress.AppendChild(xmlCompany);
XmlElement xmlAddress2 = xmlRequest.CreateElement("address2");
xmlAddress2.InnerText = billingAddressAddress1.Text;
xmlBillingAddress.AppendChild(xmlAddress2);
XmlElement xmlFax = xmlRequest.CreateElement("fax");
xmlFax.InnerText = "";
xmlBillingAddress.AppendChild(xmlFax);
xmlSale.AppendChild(xmlBillingAddress);
//////////
XmlElement xmlShippingAddress = xmlRequest.CreateElement("shipping");
XmlElement xmlSFirstName = xmlRequest.CreateElement("first-name");
xmlSFirstName.InnerText = shippingAddressFirstName.Text;
xmlShippingAddress.AppendChild(xmlSFirstName);
XmlElement xmlSLastName = xmlRequest.CreateElement("last-name");
xmlSLastName.InnerText = shippingAddressLastName.Text;
xmlShippingAddress.AppendChild(xmlSLastName);
XmlElement xmlSAddress1 = xmlRequest.CreateElement("address1");
xmlSAddress1.InnerText = shippingAddressAddress1.Text;
xmlShippingAddress.AppendChild(xmlSAddress1);
XmlElement xmlSCity = xmlRequest.CreateElement("city");
xmlSCity.InnerText = shippingAddressCity.Text;
xmlShippingAddress.AppendChild(xmlSCity);
XmlElement xmlSState = xmlRequest.CreateElement("state");
xmlSState.InnerText = shippingAddressState.Text;
xmlShippingAddress.AppendChild(xmlSState);
XmlElement xmlSZip = xmlRequest.CreateElement("postal");
xmlSZip.InnerText = shippingAddressZip.Text;
xmlShippingAddress.AppendChild(xmlSZip);
XmlElement xmlSCountry = xmlRequest.CreateElement("country");
xmlSCountry.InnerText = shippingAddressCountry.Text;
xmlShippingAddress.AppendChild(xmlSCountry);
XmlElement xmlSPhone = xmlRequest.CreateElement("phone");
xmlSPhone.InnerText = shippingAddressPhone.Text;
xmlShippingAddress.AppendChild(xmlSPhone);
XmlElement xmlSCompany = xmlRequest.CreateElement("company");
xmlSCompany.InnerText = "";
xmlShippingAddress.AppendChild(xmlSCompany);
XmlElement xmlSAddress2 = xmlRequest.CreateElement("address2");
xmlSAddress2.InnerText = shippingAddressAddress1.Text;
xmlShippingAddress.AppendChild(xmlSAddress2);
XmlElement xmlSFax = xmlRequest.CreateElement("fax");
xmlFax.InnerText = "";
xmlShippingAddress.AppendChild(xmlSFax);
xmlSale.AppendChild(xmlShippingAddress);
////////////////
XmlElement xmlProduct = xmlRequest.CreateElement("product");
XmlElement xmlSku = xmlRequest.CreateElement("product-code");
xmlSku.InnerText = "SKU-123456";
xmlProduct.AppendChild(xmlSku);
XmlElement xmlDescription = xmlRequest.CreateElement("description");
xmlDescription.InnerText = "Books";
xmlProduct.AppendChild(xmlDescription);
XmlElement xmlQuantity = xmlRequest.CreateElement("quantity");
xmlQuantity.InnerText = "1";
xmlProduct.AppendChild(xmlQuantity);
XmlElement xmlUnit = xmlRequest.CreateElement("unit-of-measure");
xmlUnit.InnerText = "1";
xmlProduct.AppendChild(xmlUnit);
XmlElement xmlUnitAmount = xmlRequest.CreateElement("total-amount");
xmlUnitAmount.InnerText = "1";
xmlProduct.AppendChild(xmlUnitAmount);
XmlElement xmlUnitDiscount = xmlRequest.CreateElement("discount-amount");
xmlUnitDiscount.InnerText = "0.00";
xmlProduct.AppendChild(xmlUnitDiscount);
XmlElement xmlUnitTax = xmlRequest.CreateElement("tax-amount");
xmlUnitTax.InnerText = "0.00";
xmlProduct.AppendChild(xmlUnitTax);
XmlElement xmlTaxRate = xmlRequest.CreateElement("tax-rate");
xmlTaxRate.InnerText = "0.01";
xmlProduct.AppendChild(xmlTaxRate);
xmlSale.AppendChild(xmlProduct);
///////////////
XmlElement xmlProduct2 = xmlRequest.CreateElement("product");
XmlElement xmlSku2 = xmlRequest.CreateElement("product-code");
xmlSku2.InnerText = "SKU-654321";
xmlProduct2.AppendChild(xmlSku2);
XmlElement xmlDescription2 = xmlRequest.CreateElement("description");
xmlDescription2.InnerText = "Videos";
xmlProduct2.AppendChild(xmlDescription2);
XmlElement xmlQuantity2 = xmlRequest.CreateElement("quantity");
xmlQuantity2.InnerText = "1";
xmlProduct2.AppendChild(xmlQuantity2);
XmlElement xmlUnit2 = xmlRequest.CreateElement("unit-of-measure");
xmlUnit2.InnerText = "";
xmlProduct2.AppendChild(xmlUnit2);
XmlElement xmlUnitAmount2 = xmlRequest.CreateElement("total-amount");
xmlUnitAmount2.InnerText = "2";
xmlProduct2.AppendChild(xmlUnitAmount2);
XmlElement xmlUnitDiscount2 = xmlRequest.CreateElement("discount-amount");
xmlUnitDiscount2.InnerText = "0.00";
xmlProduct2.AppendChild(xmlUnitDiscount2);
XmlElement xmlUnitTax2 = xmlRequest.CreateElement("tax-amount");
xmlUnitTax2.InnerText = "0.00";
xmlProduct2.AppendChild(xmlUnitTax2);
XmlElement xmlTaxRate2 = xmlRequest.CreateElement("tax-rate");
xmlTaxRate2.InnerText = "0.01";
xmlProduct2.AppendChild(xmlTaxRate2);
xmlSale.AppendChild(xmlProduct2);
xmlRequest.AppendChild(xmlSale);
string responseFromServer = this.sendXMLRequest(xmlRequest);
XmlReader responseReader = XmlReader.Create(new StringReader(responseFromServer));
XmlDocument xDoc = new XmlDocument();
xDoc.Load(responseReader);
XmlNodeList response = xDoc.GetElementsByTagName("result");
if (response[0].InnerText.Equals("1"))
{
XmlNodeList formUrl = xDoc.GetElementsByTagName("form-url");
Session["formURL"] = "";
Session["formURL"] = formUrl[0].InnerText;
responseReader.Close();
Server.Transfer("step2.aspx");
}
}
protected string sendXMLRequest(XmlDocument xmlRequest)
{
ServicePointManager.CertificatePolicy = new Program ();
string uri = "https://secure.apsmerchantgateway.com/api/v2/three-step";
WebRequest req = WebRequest.Create(uri);
//req.Proxy = WebProxy.GetDefaultProxy(); // Enable if using proxy
req.Method = "POST"; // Post method
req.ContentType = "text/xml"; // content type
// Wrap the request stream with a text-based writer
StreamWriter writer = new StreamWriter(req.GetRequestStream());
// Write the XML text into the stream
xmlRequest.Save(writer);
writer.Close();
// Send the data to the webserver
WebResponse rsp = req.GetResponse();
Stream dataStream = rsp.GetResponseStream();
// Open the stream using a StreamReader
StreamReader reader = new StreamReader(dataStream);
// Read the content.
string responseFromServer = reader.ReadToEnd();
// int index = responseFromServer.IndexOf("<?");
//string substr = responseFromServer.Substring(index);
// Display the content.
//MessageBox.Show(responseFromServer);
// Clean up the streams.
reader.Close();
dataStream.Close();
rsp.Close();
return responseFromServer;
}
}
}
[ Back to Top ]
// ------------------------------------------------------------------------------
// <autogenerated>
// This code was generated by a tool.
// Mono Runtime Version: 4.0.30319.1
//
// Changes to this file may cause incorrect behavior and will be lost if
// the code is regenerated.
// </autogenerated>
// ------------------------------------------------------------------------------
namespace ThreeStepExample {
public partial class _Default {
protected System.Web.UI.HtmlControls.HtmlForm form1;
protected System.Web.UI.WebControls.TextBox CustomerVaultId;
protected System.Web.UI.WebControls.TextBox billingAddressCompany;
protected System.Web.UI.WebControls.TextBox billingAddressFirstName;
protected System.Web.UI.WebControls.TextBox billingAddressLastName;
protected System.Web.UI.WebControls.TextBox billingAddressAddress1;
protected System.Web.UI.WebControls.TextBox billingAddressCity;
protected System.Web.UI.WebControls.TextBox billingAddressState;
protected System.Web.UI.WebControls.TextBox billingAddressZip;
protected System.Web.UI.WebControls.TextBox billingAddressCountry;
protected System.Web.UI.WebControls.TextBox billingAddressPhone;
protected System.Web.UI.WebControls.TextBox billingAddressEmail;
protected System.Web.UI.WebControls.TextBox shippingAddressFirstName;
protected System.Web.UI.WebControls.TextBox shippingAddressLastName;
protected System.Web.UI.WebControls.TextBox shippingAddressAddress1;
protected System.Web.UI.WebControls.TextBox shippingAddressAddress2;
protected System.Web.UI.WebControls.TextBox shippingAddressCity;
protected System.Web.UI.WebControls.TextBox shippingAddressState;
protected System.Web.UI.WebControls.TextBox shippingAddressZip;
protected System.Web.UI.WebControls.TextBox shippingAddressCountry;
protected System.Web.UI.WebControls.TextBox shippingAddressPhone;
protected System.Web.UI.WebControls.Button submitStepOne;
}
}
[ Back to Top ]
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="step2.aspx.cs" Inherits="ThreeStepExample.WebForm1" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server" action="step2.aspx" >
<h2>Step Two: Collect sensitive payment information and POST directly to payment gateway<br /></h2>
<h3> Payment Information</h3>
<table>
<tr><td>Credit Card Number </td><td><asp:TextBox ID="cc_number" name="cc_number" runat="server" >4111111111111111</asp:TextBox></td></tr>
<tr><td>Expiration Date</td><td><asp:TextBox ID="cc_exp" name="cc_exp" runat="server">1012</asp:TextBox> </td></tr>
<tr><td>CVV </td><td><asp:TextBox ID="cvv" name="cvv" runat="server"> </asp:TextBox></td></tr>
<tr><td colspan="2"> </td></tr>
<tr><td colspan="2" align="center">Total Amount $12.00 </td></tr>
<tr><td colspan="2" align="center"><asp:Button runat="server" Text="Submit Step Two"
ID="submitStepTwo"></asp:Button> </td></tr>
</table>
</form>
</body>
</html>
[ Back to Top ]
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Windows.Forms;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace ThreeStepExample
{
public partial class WebForm1 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
form1.Action = (string)Session["formUrl"];
}
}
}
[ Back to Top ]
// ------------------------------------------------------------------------------
// <autogenerated>
// This code was generated by a tool.
// Mono Runtime Version: 4.0.30319.1
//
// Changes to this file may cause incorrect behavior and will be lost if
// the code is regenerated.
// </autogenerated>
// ------------------------------------------------------------------------------
namespace ThreeStepExample {
public partial class WebForm1 {
protected System.Web.UI.HtmlControls.HtmlForm form1;
protected System.Web.UI.WebControls.TextBox cc_number;
protected System.Web.UI.WebControls.TextBox cc_exp;
protected System.Web.UI.WebControls.TextBox cvv;
protected System.Web.UI.WebControls.Button submitStepTwo;
}
}
[ Back to Top ]
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="step3.aspx.cs" Inherits="ThreeStepExample.step3" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Step Three - Complete Transaciton</title>
</head>
<body>
<form id="form1" runat="server">
<pre>
<p><h2>Step Three: Script automatically completes the transaction </h2></p>
<% if(Session["result"].Equals("1"))
{ %>
<p><h3> Transaction was Approved.</h3></p>
<% }
else if (Session["result"].Equals("2"))
{ %>
<p><h3> Transaction was Declined.</h3>Decline Description: </p>
<% }
else
{ %>
<p><h3> Transaction caused an Error.</h3></p>
Error Description:
<%} %>
<asp:Label ID="LabelResponseText" runat="server" Height="20px" Text="Label" Width="20px"></asp:Label>
<p><h3>XML response was:</h3></p>
<asp:Label ID="LabelResponse" runat="server" Height="150px" Text="Label" Width="350px"></asp:Label>
</pre>
</form>
</body>
</html>
[ Back to Top ]
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace ThreeStepExample
{
public partial class step3 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
LabelResponse.Text = Server.HtmlEncode(Session["data"].ToString());
if (!Session["result"].Equals("1"))
{
LabelResponseText.Text = (string)Session["result-text"];
}
else
{
LabelResponseText.Text = "";
}
}
}
}
[ Back to Top ]
// ------------------------------------------------------------------------------
// <autogenerated>
// This code was generated by a tool.
// Mono Runtime Version: 4.0.30319.1
//
// Changes to this file may cause incorrect behavior and will be lost if
// the code is regenerated.
// </autogenerated>
// ------------------------------------------------------------------------------
namespace ThreeStepExample {
public partial class step3 {
protected System.Web.UI.HtmlControls.HtmlForm form1;
protected System.Web.UI.WebControls.Label LabelResponseText;
protected System.Web.UI.WebControls.Label LabelResponse;
}
}
// API Setup parameters
$gatewayURL = 'https://secure.apsmerchantgateway.com/api/v2/three-step';
$APIKey = '2F822Rw39fx762MaV7Yy86jXGTC7sCDy';
// If there is no POST data or a token-id, print the initial shopping cart form to get ready for Step One.
if (empty($_POST['DO_STEP_1']) && empty($_GET['token-id'])) {
print ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
print '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Collect non-sensitive Customer Info </title>
</head>
<body>
<p><h2>Step One: Collect non-sensitive payment information.<br /></h2></p>
<h3> Customer Information</h3>
<h4> Billing Details</h4>
<form action="" method="post">
<table>
<tr><td>Customer Vault Id </td><td><input type="text" name="customer-vault-id" value=""></td></tr>
<tr><td>Company</td><td><input type="text" name="billing-address-company" value="Acme, Inc."></td></tr>
<tr><td>First Name </td><td><input type="text" name="billing-address-first-name" value="John"></td></tr>
<tr><td>Last Name </td><td><input type="text" name="billing-address-last-name" value="Smith"></td></tr>
<tr><td>Address </td><td><input type="text" name="billing-address-address1" value="1234 Main St."></td></tr>
<tr><td>Address 2 </td><td><input type="text" name="billing-address-address2" value="Suite 205"></td></tr>
<tr><td>City </td><td><input type="text" name="billing-address-city" value="Beverly Hills"></td></tr>
<tr><td>State/Province </td><td><input type="text" name="billing-address-state" value="CA"></td></tr>
<tr><td>Zip/Postal </td><td><input type="text" name="billing-address-zip" value="90210"></td></tr>
<tr><td>Country </td><td><input type="text" name="billing-address-country" value="US"></td></tr>
<tr><td>Phone Number </td><td><input type="text" name="billing-address-phone" value="555-555-5555"></td></tr>
<tr><td>Fax Number </td><td><input type="text" name="billing-address-fax" value="555-555-5555"></td></tr>
<tr><td>Email Address </td><td><input type="text" name="billing-address-email" value="test@example.com"></td></tr>
<tr><td><h4><br /> Shipping Details</h4>
<tr><td>Company</td><td><input type="text" name="shipping-address-company" value="Acme, Inc."></td></tr>
<tr><td>First Name </td><td><input type="text" name="shipping-address-first-name" value="Mary"></td></tr>
<tr><td>Last Name </td><td><input type="text" name="shipping-address-last-name" value="Smith"></td></tr>
<tr><td>Address </td><td><input type="text" name="shipping-address-address1" value="1234 Main St."></td></tr>
<tr><td>Address 2</td><td><input type="text" name="shipping-address-address2" value="Suite 205"></td></tr>
<tr><td>City </td><td><input type="text" name="shipping-address-city" value="Beverly Hills"></td></tr>
<tr><td>State/Province </td><td><input type="text" name="shipping-address-state" value="CA"></td></tr>
<tr><td>Zip/Postal </td><td><input type="text" name="shipping-address-zip" value="90210"></td></tr>
<tr><td>Country</td><td><input type="text" name="shipping-address-country" value="US"></td></tr>
<tr><td>Phone Number </td><td><input type="text" name="shipping-address-phone" value="555-555-5555"></td></tr>
<tr><td colspan="2"> </td>
<tr><td colspan="2" align=center>Total Amount $12.00 </td></tr>
<tr><td colspan="2" align=center><input type="submit" value="Submit Step One"><input type="hidden" name ="DO_STEP_1" value="true"></td></tr>
</table>
</form>
</body>
</html>
';
}else if (!empty($_POST['DO_STEP_1'])) {
// Initiate Step One: Now that we've collected the non-sensitive payment information, we can combine other order information and build the XML format.
$xmlRequest = new DOMDocument('1.0','UTF-8');
$xmlRequest->formatOutput = true;
$xmlSale = $xmlRequest->createElement('sale');
// Amount, authentication, and Redirect-URL are typically the bare minimum.
appendXmlNode($xmlRequest, $xmlSale,'api-key',$APIKey);
appendXmlNode($xmlRequest, $xmlSale,'redirect-url',$_SERVER['HTTP_REFERER']);
appendXmlNode($xmlRequest, $xmlSale, 'amount', '12.00');
appendXmlNode($xmlRequest, $xmlSale, 'ip-address', $_SERVER["REMOTE_ADDR"]);
//appendXmlNode($xmlRequest, $xmlSale, 'processor-id' , 'processor-a');
appendXmlNode($xmlRequest, $xmlSale, 'currency', 'USD');
// Some additonal fields may have been previously decided by user
appendXmlNode($xmlRequest, $xmlSale, 'order-id', '1234');
appendXmlNode($xmlRequest, $xmlSale, 'order-description', 'Small Order');
appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-1' , 'Red');
appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-2', 'Medium');
appendXmlNode($xmlRequest, $xmlSale, 'tax-amount' , '0.00');
appendXmlNode($xmlRequest, $xmlSale, 'shipping-amount' , '0.00');
/*if(!empty($_POST['customer-vault-id'])) {
appendXmlNode($xmlRequest, $xmlSale, 'customer-vault-id' , $_POST['customer-vault-id']);
}else {
$xmlAdd = $xmlRequest->createElement('add-customer');
appendXmlNode($xmlRequest, $xmlAdd, 'customer-vault-id' ,411);
$xmlSale->appendChild($xmlAdd);
}*/
// Set the Billing and Shipping from what was collected on initial shopping cart form
$xmlBillingAddress = $xmlRequest->createElement('billing');
appendXmlNode($xmlRequest, $xmlBillingAddress,'first-name', $_POST['billing-address-first-name']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'last-name', $_POST['billing-address-last-name']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'address1', $_POST['billing-address-address1']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'city', $_POST['billing-address-city']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'state', $_POST['billing-address-state']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'postal', $_POST['billing-address-zip']);
//billing-address-email
appendXmlNode($xmlRequest, $xmlBillingAddress,'country', $_POST['billing-address-country']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'email', $_POST['billing-address-email']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'phone', $_POST['billing-address-phone']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'company', $_POST['billing-address-company']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'address2', $_POST['billing-address-address2']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'fax', $_POST['billing-address-fax']);
$xmlSale->appendChild($xmlBillingAddress);
$xmlShippingAddress = $xmlRequest->createElement('shipping');
appendXmlNode($xmlRequest, $xmlShippingAddress,'first-name', $_POST['shipping-address-first-name']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'last-name', $_POST['shipping-address-last-name']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'address1', $_POST['shipping-address-address1']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'city', $_POST['shipping-address-city']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'state', $_POST['shipping-address-state']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'postal', $_POST['shipping-address-zip']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'country', $_POST['shipping-address-country']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'phone', $_POST['shipping-address-phone']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'company', $_POST['shipping-address-company']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'address2', $_POST['shipping-address-address2']);
$xmlSale->appendChild($xmlShippingAddress);
// Products already chosen by user
$xmlProduct = $xmlRequest->createElement('product');
appendXmlNode($xmlRequest, $xmlProduct,'product-code' , 'SKU-123456');
appendXmlNode($xmlRequest, $xmlProduct,'description' , 'test product description');
appendXmlNode($xmlRequest, $xmlProduct,'commodity-code' , 'abc');
appendXmlNode($xmlRequest, $xmlProduct,'unit-of-measure' , 'lbs');
appendXmlNode($xmlRequest, $xmlProduct,'unit-cost' , '5.00');
appendXmlNode($xmlRequest, $xmlProduct,'quantity' , '1');
appendXmlNode($xmlRequest, $xmlProduct,'total-amount' , '7.00');
appendXmlNode($xmlRequest, $xmlProduct,'tax-amount' , '2.00');
appendXmlNode($xmlRequest, $xmlProduct,'tax-rate' , '1.00');
appendXmlNode($xmlRequest, $xmlProduct,'discount-amount', '2.00');
appendXmlNode($xmlRequest, $xmlProduct,'discount-rate' , '1.00');
appendXmlNode($xmlRequest, $xmlProduct,'tax-type' , 'sales');
appendXmlNode($xmlRequest, $xmlProduct,'alternate-tax-id' , '12345');
$xmlSale->appendChild($xmlProduct);
$xmlProduct = $xmlRequest->createElement('product');
appendXmlNode($xmlRequest, $xmlProduct,'product-code' , 'SKU-123456');
appendXmlNode($xmlRequest, $xmlProduct,'description' , 'test 2 product description');
appendXmlNode($xmlRequest, $xmlProduct,'commodity-code' , 'abc');
appendXmlNode($xmlRequest, $xmlProduct,'unit-of-measure' , 'lbs');
appendXmlNode($xmlRequest, $xmlProduct,'unit-cost' , '2.50');
appendXmlNode($xmlRequest, $xmlProduct,'quantity' , '2');
appendXmlNode($xmlRequest, $xmlProduct,'total-amount' , '7.00');
appendXmlNode($xmlRequest, $xmlProduct,'tax-amount' , '2.00');
appendXmlNode($xmlRequest, $xmlProduct,'tax-rate' , '1.00');
appendXmlNode($xmlRequest, $xmlProduct,'discount-amount', '2.00');
appendXmlNode($xmlRequest, $xmlProduct,'discount-rate' , '1.00');
appendXmlNode($xmlRequest, $xmlProduct,'tax-type' , 'sales');
appendXmlNode($xmlRequest, $xmlProduct,'alternate-tax-id' , '12345');
$xmlSale->appendChild($xmlProduct);
$xmlRequest->appendChild($xmlSale);
// Process Step One: Submit all transaction details to the Payment Gateway except the customer's sensitive payment information.
// The Payment Gateway will return a variable form-url.
$data = sendXMLviaCurl($xmlRequest,$gatewayURL);
// Parse Step One's XML response
$gwResponse = @new SimpleXMLElement($data);
if ((string)$gwResponse->result ==1 ) {
// The form url for used in Step Two below
$formURL = $gwResponse->{'form-url'};
} else {
throw New Exception(print " Error, received " . $data);
}
// Initiate Step Two: Create an HTML form that collects the customer's sensitive payment information
// and use the form-url that the Payment Gateway returns as the submit action in that form.
print ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
print '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Collect sensitive Customer Info </title>
</head>
<body>';
// Uncomment the line below if you would like to print Step One's response
// print '<pre>' . (htmlentities($data)) . '</pre>';
print '
<p><h2>Step Two: Collect sensitive payment information and POST directly to payment gateway<br /></h2></p>
<form action="'.$formURL. '" method="POST">
<h3> Payment Information</h3>
<table>
<tr><td>Credit Card Number</td><td><INPUT type ="text" name="billing-cc-number" value="4111111111111111"> </td></tr>
<tr><td>Expiration Date</td><td><INPUT type ="text" name="billing-cc-exp" value="1012"> </td></tr>
<tr><td>CVV</td><td><INPUT type ="text" name="cvv" > </td></tr>
<tr><Td colspan="2" align=center><INPUT type ="submit" value="Submit Step Two"></td> </tr>
</table>
</form>
</body>
</html>
';
} elseif (!empty($_GET['token-id'])) {
// Step Three: Once the browser has been redirected, we can obtain the token-id and complete
// the transaction through another XML HTTPS POST including the token-id which abstracts the
// sensitive payment information that was previously collected by the Payment Gateway.
$tokenId = $_GET['token-id'];
$xmlRequest = new DOMDocument('1.0','UTF-8');
$xmlRequest->formatOutput = true;
$xmlCompleteTransaction = $xmlRequest->createElement('complete-action');
appendXmlNode($xmlRequest, $xmlCompleteTransaction,'api-key',$APIKey);
appendXmlNode($xmlRequest, $xmlCompleteTransaction,'token-id',$tokenId);
$xmlRequest->appendChild($xmlCompleteTransaction);
// Process Step Three
$data = sendXMLviaCurl($xmlRequest,$gatewayURL);
$gwResponse = @new SimpleXMLElement((string)$data);
print ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
print '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Step Three - Complete Transaction</title>
</head>
<body>';
print "
<p><h2>Step Three: Script automatically completes the transaction <br /></h2></p>";
if ((string)$gwResponse->result == 1 ) {
print " <p><h3> Transaction was Approved, XML response was:</h3></p>\n";
print '<pre>' . (htmlentities($data)) . '</pre>';
} elseif((string)$gwResponse->result == 2) {
print " <p><h3> Transaction was Declined.</h3>\n";
print " Decline Description : " . (string)$gwResponse->{'result-text'} ." </p>";
print " <p><h3>XML response was:</h3></p>\n";
print '<pre>' . (htmlentities($data)) . '</pre>';
} else {
print " <p><h3> Transaction caused an Error.</h3>\n";
print " Error Description: " . (string)$gwResponse->{'result-text'} ." </p>";
print " <p><h3>XML response was:</h3></p>\n";
print '<pre>' . (htmlentities($data)) . '</pre>';
}
print "</body></html>";
} else {
print "ERROR IN SCRIPT<BR>";
}
function sendXMLviaCurl($xmlRequest,$gatewayURL) {
// helper function demonstrating how to send the xml with curl
$ch = curl_init(); // Initialize curl handle
curl_setopt($ch, CURLOPT_URL, $gatewayURL); // Set POST URL
$headers = array();
$headers[] = "Content-type: text/xml";
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); // Add http headers to let it know we're sending XML
$xmlString = $xmlRequest->saveXML();
curl_setopt($ch, CURLOPT_FAILONERROR, 1); // Fail on errors
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // Allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
curl_setopt($ch, CURLOPT_PORT, 443); // Set the port number
curl_setopt($ch, CURLOPT_TIMEOUT, 30); // Times out after 30s
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlString); // Add XML directly in POST
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
// This should be unset in production use. With it on, it forces the ssl cert to be valid
// before sending info.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
if (!($data = curl_exec($ch))) {
print "curl error =>" .curl_error($ch) ."\n";
throw New Exception(" CURL ERROR :" . curl_error($ch));
}
curl_close($ch);
return $data;
}
// Helper function to make building xml dom easier
function appendXmlNode($domDocument, $parentNode, $name, $value) {
$childNode = $domDocument->createElement($name);
$childNodeValue = $domDocument->createTextNode($value);
$childNode->appendChild($childNodeValue);
$parentNode->appendChild($childNode);
}
// API Setup Parameters
$gatewayURL = 'https://secure.apsmerchantgateway.com/api/v2/three-step';
$APIKey = '2F822Rw39fx762MaV7Yy86jXGTC7sCDy';
// If there is no POST data or a token-id, print the initial Customer Information form to get ready for Step One.
if (empty($_POST['DO_STEP_1'])&& empty($_GET['token-id'])) {
print ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
print '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Collect non-sensitive Customer Vault Info </title>
</head>
<body>
<p><h2>Step One: Collect non-sensitive Customer Vault information.<br /></h2></p>
<h3> Customer Information</h3>
<h4> Billing Details</h4>
<form action="" method="post">
<table>
<tr><td>Customer Vault Id </td><td><input type="text" name="customer-vault-id" value=""></td></tr>
<tr><td>Company</td><td><input type="text" name="billing-address-company" value="Acme, Inc."></td></tr>
<tr><td>First Name </td><td><input type="text" name="billing-address-first-name" value="John"></td></tr>
<tr><td>Last Name </td><td><input type="text" name="billing-address-last-name" value="Smith"></td></tr>
<tr><td>Address </td><td><input type="text" name="billing-address-address1" value="1234 Main St."></td></tr>
<tr><td>City </td><td><input type="text" name="billing-address-city" value="Beverly Hills"></td></tr>
<tr><td>State/Province </td><td><input type="text" name="billing-address-state" value="CA"></td></tr>
<tr><td>Zip/Postal </td><td><input type="text" name="billing-address-zip" value="90210"></td></tr>
<tr><td>Country </td><td><input type="text" name="billing-address-country" value="US"></td></tr>
<tr><td>Phone Number </td><td><input type="text" name="billing-address-phone" value="555-555-5555"></td></tr>
<tr><td>Email Address </td><td><input type="text" name="billing-address-email" value="test@example.com"></td></tr>
<tr><td><h4><br /> Shipping Details</h4>
<tr><td>First Name </td><td><input type="text" name="shipping-address-first-name" value="Mary"></td></tr>
<tr><td>Last Name </td><td><input type="text" name="shipping-address-last-name" value="Smith"></td></tr>
<tr><td>Address </td><td><input type="text" name="shipping-address-address1" value="1234 Main St."></td></tr>
<tr><td>Suite</td><td><input type="text" name="shipping-address-address2" value="Unit #2"></td></tr>
<tr><td>City </td><td><input type="text" name="shipping-address-city" value="Beverly Hills"></td></tr>
<tr><td>State/Province </td><td><input type="text" name="shipping-address-state" value="CA"></td></tr>
<tr><td>Zip/Postal </td><td><input type="text" name="shipping-address-zip" value="90210"></td></tr>
<tr><td>Country</td><td><input type="text" name="shipping-address-country" value="US"></td></tr>
<tr><td colspan="2"> </td>
<tr><td colspan="2" align=center><input type="submit" value="Submit Step One"><input type="hidden" name ="DO_STEP_1" value="true"></td></tr>
</table>
</form>
</body>
</html>
';
}else if (!empty($_POST['DO_STEP_1'])) {
// Initiate Step One: Now that we've collected the non-sensitive customer information, we can combine other customer information and build the XML format.
$xmlRequest = new DOMDocument('1.0','UTF-8');
$xmlRequest->formatOutput = true;
$xmlSale = $xmlRequest->createElement('add-customer');
// Authentication, Redirect-URL are typically the bare minimum.
appendXmlNode($xmlRequest, $xmlSale,'api-key',$APIKey);
appendXmlNode($xmlRequest, $xmlSale,'redirect-url',$_SERVER['HTTP_REFERER']);
// Some additonal fields may have been previously decided by user
appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-1' , 'Red');
appendXmlNode($xmlRequest, $xmlSale, 'merchant-defined-field-2', 'Medium');
if(!empty($_POST['customer-vault-id'])) {
appendXmlNode($xmlRequest, $xmlSale, 'customer-vault-id' , $_POST['customer-vault-id']);
}
// Set the Billing & Shipping from what was collected on initial shopping cart form
$xmlBillingAddress = $xmlRequest->createElement('billing');
appendXmlNode($xmlRequest, $xmlBillingAddress,'first-name', $_POST['billing-address-first-name']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'last-name', $_POST['billing-address-last-name']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'address1', $_POST['billing-address-address1']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'city', $_POST['billing-address-city']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'state', $_POST['billing-address-state']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'postal', $_POST['billing-address-zip']);
//billing-address-email
appendXmlNode($xmlRequest, $xmlBillingAddress,'country', $_POST['billing-address-country']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'email', $_POST['billing-address-email']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'phone', $_POST['billing-address-phone']);
appendXmlNode($xmlRequest, $xmlBillingAddress,'company', $_POST['billing-address-company']);
$xmlSale->appendChild($xmlBillingAddress);
$xmlShippingAddress = $xmlRequest->createElement('shipping');
appendXmlNode($xmlRequest, $xmlShippingAddress,'first-name', $_POST['shipping-address-first-name']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'last-name', $_POST['shipping-address-last-name']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'address1', $_POST['shipping-address-address1']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'city', $_POST['shipping-address-city']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'state', $_POST['shipping-address-state']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'postal', $_POST['shipping-address-zip']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'country', $_POST['shipping-address-country']);
appendXmlNode($xmlRequest, $xmlShippingAddress,'address2', $_POST['shipping-address-address2']);
$xmlSale->appendChild($xmlShippingAddress);
$xmlRequest->appendChild($xmlSale);
// Process Step One: Submit all customer details to the Payment Gateway except the customer's sensitive payment information.
// The Payment Gateway will return a variable form-url.
$data = sendXMLviaCurl($xmlRequest,$gatewayURL);
// Parse Step One's XML response
$gwResponse = @new SimpleXMLElement($data);
if ((string)$gwResponse->result ==1 ) {
// The form url for used in Step Two below
$formURL = $gwResponse->{'form-url'};
} else {
throw New Exception(print " Error, received " . $data);
}
// Initiate Step Two: Create an HTML form that collects the customer's sensitive payment information
// and use the form-url that the Payment Gateway returns as the submit action in that form.
print ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
print '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Collect sensitive Customer Info </title>
</head>
<body>';
// Uncomment the line below if you would like to print Step One's response
// print '<pre>' . (htmlentities($data)) . '</pre>';
print '
<p><h2>Step Two: Collect sensitive payment information and POST directly to payment gateway<br /></h2></p>
<form action="'.$formURL. '" method="POST">
<h3> Payment Information</h3>
<table>
<tr><td>Credit Card Number</td><td><INPUT type ="text" name="billing-cc-number" value="4111111111111111"> </td></tr>
<tr><td>Expiration Date</td><td><INPUT type ="text" name="billing-cc-exp" value="1014"> </td></tr>
<tr><Td colspan="2" align=center><INPUT type ="submit" value="Submit Step Two"></td> </tr>
</table>
</form>
</body>
</html>
';
// NOTE: CVV cannot be stored, per PCI Requirements
} elseif (!empty($_GET['token-id'])) {
// Step Three: Once the browser has been redirected, we can obtain the token-id and complete
// the Customer Vault Add through another XML HTTPS POST including the token-id which abstracts the
// sensitive payment information that was previously collected by the Payment Gateway.
$tokenId = $_GET['token-id'];
$xmlRequest = new DOMDocument('1.0','UTF-8');
$xmlRequest->formatOutput = true;
$xmlCompleteTransaction = $xmlRequest->createElement('complete-action');
appendXmlNode($xmlRequest, $xmlCompleteTransaction,'api-key',$APIKey);
appendXmlNode($xmlRequest, $xmlCompleteTransaction,'token-id',$tokenId);
$xmlRequest->appendChild($xmlCompleteTransaction);
// Process Step Three
$data = sendXMLviaCurl($xmlRequest,$gatewayURL);
$gwResponse = @new SimpleXMLElement((string)$data);
print ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
print '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Step Three - Complete Add Customer </title>
</head>
<body>';
print "
<p><h2>Step Three: Script automatically completes the process of adding the Customer Vault record <br /></h2></p>";
if ((string)$gwResponse->result == 1 ) {
print " <p><h3> Customer Vault was Added, XML response was:</h3></p>\n";
print '<pre>' . (htmlentities($data)) . '</pre>';
} elseif((string)$gwResponse->result == 2) {
print " <p><h3> Customer Vault was Not Added</h3>\n";
print " Reason : " . (string)$gwResponse->{'result-text'} ." </p>";
print " <p><h3>XML response was:</h3></p>\n";
print '<pre>' . (htmlentities($data)) . '</pre>';
} else {
print " <p><h3> Customer Vault Add caused an Error.</h3>\n";
print " Error Description: " . (string)$gwResponse->{'result-text'} ." </p>";
print " <p><h3>XML response was:</h3></p>\n";
print '<pre>' . (htmlentities($data)) . '</pre>';
}
print "</body></html>";
} else {
print "ERROR IN SCRIPT<BR>";
}
function sendXMLviaCurl($xmlRequest,$gatewayURL) {
// helper function demonstrating how to send the xml with curl
$ch = curl_init(); // Initialize curl handle
curl_setopt($ch, CURLOPT_URL, $gatewayURL); // Set POST URL
$headers = array();
$headers[] = "Content-type: text/xml";
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); // Add http headers to let it know we're sending XML
$xmlString = $xmlRequest->saveXML();
curl_setopt($ch, CURLOPT_FAILONERROR, 1); // Fail on errors
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // Allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
curl_setopt($ch, CURLOPT_PORT, 443); // Set the port number
curl_setopt($ch, CURLOPT_TIMEOUT, 30); // Times out after 30s
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlString); // Add XML directly in POST
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
// This should be unset in production use. With it on, it forces the ssl cert to be valid
// before sending info.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
if (!($data = curl_exec($ch))) {
print "curl error =>" .curl_error($ch) ."\n";
throw New Exception(" CURL ERROR :" . curl_error($ch));
}
curl_close($ch);
return $data;
}
// Helper function to make building xml dom easier
function appendXmlNode($domDocument, $parentNode, $name, $value) {
$childNode = $domDocument->createElement($name);
$childNodeValue = $domDocument->createTextNode($value);
$childNode->appendChild($childNodeValue);
$parentNode->appendChild($childNode);
}
1. The customer sends their payment information to the merchant’s web site.
2. The merchant web site posts the payment data to the Payment Gateway.
3. The Payment Gateway responds immediately with the results of the transactions.
4. The merchant web site displays the appropriate message to the customer.
The communication method used to send messages to the Payment Gateway’s server is the standard HTTP protocol over an SSL connection.
In the Direct Post method, the communications with the cardholder (Steps 1 and 4) are developed completely by the merchant and therefore are not defined by the Payment Gateway. Step 1 should simply collect the payment data from the cardholder and Step 4 should display the appropriate transaction receipt or declined message.
In Step 2, transaction details should be delivered to the Payment Gateway using the POST method with the appropriate variables defined below posted along with the request.
In Step 3, the transaction responses are returned in the body of the HTTP response in a query string name/value format delimited by ampersands. For example: variable1=value1&variable2=value2&variable3=value3
The Customer Vault was designed specifically for businesses of any size to address concerns about handling customer payment information. Visa and MasterCard have instituted the Payment Card Industry (PCI) Data Security to protect cardholder data, wherever it resides, ensuring that members, merchants, and service providers maintain the highest information security standards.
These associations have also deemed that merchants will be held liable for any breach of cardholder data. This has become a major concern for merchants who handle credit card or electronic check payments. The Customer Vault is designed for these merchants who desire to avoid the tremendous costs and resources involved in becoming PCI compliant under these circumstances.
The Customer Vault does this by allowing merchants to transmit their payment information through a Secure Sockets Layer (SSL) connection for storage in our Level 1 PCI certified data facility. Once the customer record has been securely transmitted to the Customer Vault, the merchant can then initiate transactions remotely without having to access cardholder information directly. This process is accomplished without the merchant storing the customer’s payment information in their local database or payment application.
Transaction sales are submitted and immediately flagged for settlement.
Transaction authorizations are authorized immediately but are not flagged for settlement. These transactions must be flagged for settlement using the capture transaction type.
Transaction captures flag existing authorizations for settlement. Only authorizations can be captured. Captures can be submitted for an amount equal to or less than the original authorization.
Transaction voids will cancel an existing sale or captured authorization. In addition, non-captured authorizations can be voided to prevent any future capture. Voids can only occur if the transaction has not been settled.
Transaction refunds will reverse a previously settled or pending settlement transaction. If the transaction has not been settled, a transaction void can also reverse it.
Transaction credits apply an amount to the cardholder’s card that was not originally processed through the Gateway. In most situations credits are disabled as transaction refunds should be used instead.
This action is used for doing an “Account Verification” on the cardholder’s credit card without actually doing an authorization.
Transaction updates can be used to update previous transactions with specific order information, such as a tracking number and shipping carrier.
Variable Name | Description |
---|---|
type* | The type of transaction to be processed. Values: ‘sale’, ‘auth’, ‘credit’, ‘validate’, or ‘offline’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
payment_token | The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once. |
ccnumber** | Credit card number. |
ccexp** | Credit card expiration date. Format: MMYY |
cvv | The card security code. While this is not required, it is strongly recommended. |
checkname*** | The name on the customer’s ACH account. |
checkaba*** | The customer’s bank routing number. |
checkaccount*** | The customer’s bank account number. |
account_holder_type | The type of ACH account the customer has. Values: ‘business’ or ‘personal’ |
account_type | The ACH account entity of the customer. Values: ‘checking’ or ‘savings’ |
sec_code | The Standard Entry Class code of the ACH transaction. Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’ |
amount | Total amount to be charged. For validate, the amount must be omitted or set to 0.00. Format: x.xx |
surcharge | Surcharge amount. Format: x.xx |
currency | The transaction currency. Format: ISO 4217 |
payment*** | The type of payment. Default: ‘creditcard’ Values: ‘creditcard’, ‘check’, or ‘cash’ |
processor_id | If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel). |
authorization_code‡ | Specify authorization code. For use with “offline” action only. |
dup_seconds | Sets the time in seconds for duplicate transaction checking on supported processors. Set to 0 to disable duplicate checking. This value should not exceed 7862400. |
descriptor | Set payment descriptor on supported processors. |
descriptor_phone | Set payment descriptor phone on supported processors. |
descriptor_address | Set payment descriptor address on supported processors. |
descriptor_city | Set payment descriptor city on supported processors. |
descriptor_state | Set payment descriptor state on supported processors. |
descriptor_postal | Set payment descriptor postal code on supported processors. |
descriptor_country | Set payment descriptor country on supported processors. |
descriptor_mcc | Set payment descriptor mcc on supported processors. |
descriptor_merchant_id | Set payment descriptor merchant id on supported processors. |
descriptor_url | Set payment descriptor url on supported processors. |
billing_method | Should be set to ‘recurring’ to mark payment as a recurring transaction or ‘installment’ to mark payment as an installment transaction. Values: ‘recurring’, ‘installment’ |
billing_number | Specify installment billing number, on supported processors. For use when “billing_method” is set to installment. Values: 0-99 |
billing_total | Specify installment billing total on supported processors. For use when “billing_method” is set to installment. |
order_template | Order template ID. |
order_description | Order description. Legacy variable includes: orderdescription |
orderid | Order Id |
ipaddress | IP address of cardholder, this field is recommended. Format: xxx.xxx.xxx.xxx |
tax**** | Total tax amount. |
shipping**** | Total shipping amount |
ponumber**** | Original purchase order |
first_name | Cardholder’s first name. Legacy variable includes: firstname |
last_name | Cardholder’s last name Legacy variable includes: lastname |
company | Cardholder’s company |
address1 | Card billing address |
address2 | Card billing address, line 2 |
city | Card billing city |
state | Card billing state. Format: CC |
zip | Card billing zip code |
country | Card billing country. Country codes are as shown in ISO 3166. Format: CC |
phone | Billing phone number |
fax | Billing fax number |
Billing email address | |
social_security_number | Customer’s social security number, checked against bad check writers database if check verification is enabled. |
drivers_license_number | Driver’s license number. |
drivers_license_dob | Driver’s license date of birth. |
drivers_license_state | The state that issued the customer’s driver’s license. |
shipping_firstname | Shipping first name |
shipping_lastname | Shipping last name |
shipping_company | Shipping company |
shipping_address1 | Shipping address |
shipping_address2 | Shipping address, line 2 |
shipping_city | Shipping city |
shipping_state | Shipping state Format: CC |
shipping_zip | Shipping zip code |
shipping_country | Shipping country Country codes are as shown in ISO 3166. Format: CC |
shipping_email | Shipping email address |
merchant_defined_field_# | You can pass custom information in up to 20 fields. Format: merchant_defined_field_1=Value |
customer_receipt | If set to true, when the customer is charged, they will be sent a transaction receipt. Values: ‘true’ or ‘false’ |
signature_image | Cardholder signature image. For use with “sale” and “auth” actions only. Format: base64 encoded raw PNG image. (16kiB maximum) |
cardholder_auth‡‡ | Set 3D Secure condition. Values: ‘verified’ or ‘attempted’ |
eci‡‡ | E-commerce indicator. Values: ‘0’, ‘1’, ‘2’, ‘5’, ‘6’, or ‘7’ |
cavv‡‡ | Cardholder authentication verification value. Format: base64 encoded |
xid‡‡ | Cardholder authentication transaction id. Format: base64 encoded |
three_ds_version‡‡ | 3DSecure version. Examples: “1.0.2” or “2.0” |
directory_server_id | Directory Server Transaction ID. May be provided as part of 3DSecure 2.0 authentication. Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
source_transaction_id | Specifies a payment gateway transaction id in order to associate payment information with a Subscription or Customer Vault record. Must be set with a ‘recurring’ or ‘customer_vault’ action. |
Recurring specific fields | |
recurring | Recurring action to be processed. Values: add_subscription |
plan_id | Create a subscription tied to a Plan ID if the sale/auth transaction is successful. |
plan_payments | The number of payments before the recurring plan is complete. Note: Use ‘0’ for ‘until canceled’ |
plan_amount | The plan amount to be charged each billing cycle. Format: x.xx |
day_frequency | How often, in days, to charge the customer. Cannot be set with ‘month_frequency’ or ‘day_of_month’. |
month_frequency | How often, in months, to charge the customer. Cannot be set with ‘day_frequency’. Must be set with ‘day_of_month’. Values: 1 through 24 |
day_of_month | The day that the customer will be charged. Cannot be set with ‘day_frequency’. Must be set with ‘month_frequency’. Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day |
start_date | The first day that the customer will be charged. Format: YYYYMMDD |
Customer Vault specific fields | |
customer_vault | Associate payment information with a Customer Vault record if the transaction is successful. Values: ‘add_customer’ or ‘update_customer’ |
customer_vault_id | Specifies a customer vault id. If not set, the payment gateway will randomly generate a customer vault id. |
Stored Credentials (CIT/MIT) | |
initiated_by | Who initiated the transaction. Values: ‘customer’ or ‘merchant’ |
initial_transaction_id | Original payment gateway transaction id. |
stored_credential_indicator | The indicator of the stored credential. Values: ‘stored’ or ‘used’ Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system. Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method. |
Level III specific order fields | |
shipping | Freight or shipping amount included in the transaction amount Default: ‘0.00’ Format: x.xx |
tax | The sales tax, included in the transaction amount, associated with the purchase. Setting tax equal to ‘-1’ indicates an order that is exempt from sales tax. Default: ‘0.00’ Format: x.xx |
ponumber† | Purchase order number supplied by cardholder |
orderid† | Identifier assigned by the merchant. This defaults to gateway transaction id. |
shipping_country† | Shipping country (e.g. US) Format: CC |
shipping_postal† | Postal/ZIP code of the address where purchased goods will be delivered. This field can be identical to the ‘ship_from_postal’ if the customer is present and takes immediate possession of the goods. |
ship_from_postal† | Postal/ZIP code of the address from where purchased goods are being shipped, defaults to merchant profile postal code. |
summary_commodity_code† | 4 character international description code of the overall goods or services being supplied. The acquirer or processor will provide a list of current codes. |
duty_amount | Amount included in the transaction amount associated with the import of purchased goods. Default: ‘0.00’ Format: x.xx |
discount_amount | Amount included in the transaction amount of any discount applied to complete order by the merchant. Default: ‘0.00’ Format: x.xx |
national_tax_amount | The national tax amount included in the transaction amount. Default: ‘0.00’ Format: x.xx |
alternate_tax_amount | Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases. Default: ‘0.00’ Format: x.xx |
alternate_tax_id | Tax identification number of the merchant that reported the alternate tax amount. |
vat_tax_amount | Contains the amount of any value added taxes which can be associated with the purchased item. Default: ‘0.00’ Format: x.xx |
vat_tax_rate | Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, e.g. 1% = 1.00. Default: ‘0.00’ Format: x.xx |
vat_invoice_reference_number | Invoice number that is associated with the VAT invoice. |
customer_vat_registration | Value added tax registration number supplied by the cardholder. |
merchant_vat_registration | Government assigned tax identification number of the merchant for whom the goods or services were purchased from. |
order_date | Purchase order date, defaults to the date of the transaction. Format: YYMMDD |
Level III specific line item detail fields | |
item_product_code_#† | Merchant defined description code of the item being purchased. |
item_description_#† | Description of the item(s) being supplied. |
item_commodity_code_#† | International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes. |
item_unit_of_measure_#† | Code for units of measurement as used in international trade. Default: ‘EACH’ |
item_unit_cost_#† | Unit cost of item purchased, may contain up to 4 decimal places. |
item_quantity_#† | Quantity of the item(s) being purchased. Default: ‘1’ |
item_total_amount_#† | Purchase amount associated with the item. Defaults to: ‘item_unit_cost_#’ x ‘item_quantity_#’ rounded to the nearest penny. |
item_tax_amount_#† | Amount of tax on specific item, amount should not be included in ‘total_amount_#’. Default: ‘0.00’ |
item_tax_rate_#† | Percentage representing the value-added tax applied. Default: ‘0.00’ |
item_discount_amount_# | Discount amount which can have been applied by the merchant on the sale of the specific item. Amount should not be included in ‘total_amount_#’. |
item_discount_rate_# | Discount rate for the line item. 1% = 1.00. Default: ‘0.00’ |
item_tax_type_# | Type of value-added taxes that are being used. |
item_alternate_tax_id_# | Tax identification number of the merchant that reported the alternate tax amount. |
* | Always required |
** | Required for credit card transactions |
*** | Required for ACH transactions |
**** | Required for Level 2 transactions |
† | Required for Level 3 transactions |
‡ | Required for offline transactions |
‡‡ | Required for 3D Secure transactions |
Variable Name | Description |
---|---|
type* | Type of transaction. Values: ‘capture’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
transactionid* | Original payment gateway transaction id |
amount* | Total amount to be settled. This amount must be equal to or less than the original authorized amount. Format: x.xx |
tracking_number | Shipping tracking number |
shipping_carrier | Shipping carrier. Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’ |
orderid | Order id. |
signature_image | Cardholder signature image. Format: base64 encoded raw PNG image. (16kiB maximum) |
* | Always required |
Variable Name | Description |
---|---|
type* | Type of transaction. Values: ‘void’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
transactionid* | Original payment gateway transaction id |
void_reason** | Reason the EMV transaction is being voided. Values: ‘fraud’, ‘user_cancel’, ‘icc_rejected’, ‘icc_card_removed’, ‘icc_no_confirmation’, or ‘pos_timeout’ |
payment*** | The type of payment. Default: ‘creditcard’ Values: ‘creditcard’ or ‘check’ |
* | Always required |
** | Conditionally required for EMV transactions |
*** | Required for ACH transactions |
Variable Name | Description |
---|---|
type* | Type of transaction. Values: ‘refund’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
transactionid* | Original payment gateway transaction id |
amount | Total amount to be refunded. This amount may be equal to or less than the settled amount. Setting the amount to 0.00 will refund the entire amount. Format: x.xx |
payment** | The type of payment. Default: ‘creditcard’ Values: ‘creditcard’ or ‘check’ |
* | Always required |
** | Required for ACH transactions |
Variable Name | Description |
---|---|
type* | Type of transactions. Values: ‘update’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
transactionid* | Original payment gateway transaction id |
payment** | The type of payment. Default: ‘creditcard’ Values: ‘creditcard’ or ‘check’ |
tracking_number | Shipping tracking number |
shipping | Total shipping amount. Format: x.xx |
shipping_postal | Postal/ZIP code of the address where purchased goods will be delivered. This field can be identical to the ‘ship_from_postal’ if the customer is present and takes immediate possession of the goods. |
ship_from_postal | Postal/ZIP code of the address from where purchased goods are being shipped, defaults to merchant profile postal code. |
shipping_country | Shipping Country Code. |
shipping_carrier | Shipping carrier. Values: ‘ups’, ‘fedex’, ‘dhl’, or ‘usps’ |
shipping_date | Shipping date. Format: YYYYMMDD |
order_description | Order Description. Legacy variable includes: orderdescription |
order_date | Order date. Format: YYYYMMDD |
customer_receipt | If set to true, when the customer is charged, they will be sent a transaction receipt. Values: ‘true’ or ‘false’ |
signature_image | Cardholder signature image. Format: base64 encoded raw PNG image. (16kiB maximum) |
ponumber | Cardholder’s purchase order number. |
summary_commodity_code | 4 character international description code of the overall goods or services being supplied. The acquirer or processor will provide a list of current codes. |
duty_amount | Amount included in the transaction amount associated with the import of purchased goods. Format: x.xx |
discount_amount | Amount included in the transaction amount of any discount applied to complete order by the merchant. Format: x.xx |
tax | Tax amount. Format: x.xx |
national_tax_amount | The national tax amount included in the transaction amount. Format: x.xx |
alternate_tax_amount | Second tax amount included in the transaction amount in countries where more than one type of tax can be applied to the purchases. Format: x.xx |
alternate_tax_id | Tax identification number of the merchant that reported the alternate tax amount. |
vat_tax_amount | Contains the amount of any value added taxes which can be associated with the purchased item. |
vat_tax_rate | Contains the tax rate used to calculate the sales tax amount appearing. Can contain up to 2 decimal places, e.g. 1% = 1.00. |
vat_invoice_reference_number | Invoice number that is associated with the VAT invoice. |
customer_vat_registration | Value added tax registration number supplied by the cardholder. |
merchant_vat_registration | Government assigned tax identification number of the merchant for whom the goods or services were purchased from. |
merchant_defined_field_# | Merchant Defined Fields. Format: merchant_defined_field_1=Value |
* | Always required |
** | Required for ACH transactions |
Variable Name | Description |
---|---|
recurring* | Add a recurring plan that subscriptions can be added to in the future. Value: ‘add_plan’ |
plan_payments* | The number of payments before the recurring plan is complete. Notes: ‘0’ for until canceled |
plan_amount* | The plan amount to be charged each billing cycle. Format: x.xx |
plan_name* | The display name of the plan. |
plan_id* | The unique plan ID that references only this recurring plan. |
day_frequency** | How often, in days, to charge the customer. Cannot be set with ‘month_frequency’ or ‘day_of_month’. |
month_frequency*** | How often, in months, to charge the customer. Cannot be set with ‘day_frequency’. Must be set with ‘day_of_month’. Values: 1 through 24 |
day_of_month*** | The day that the customer will be charged. Cannot be set with ‘day_frequency’. Must be set with ‘month_frequency’. Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day |
* | Always required |
** | Required unless ‘month_frequency’ and ‘day_of_month’ is set. |
*** | Required unless ‘day_frequency’ is set. |
Variable Name | Description |
---|---|
recurring* | Associate payment information with a recurring plan. Value: add_subscription |
plan_id* | The plan ID of the plan that the subscription will be associated with. |
start_date | The first day that the customer will be charged. Format: YYYYMMDD |
payment_token | The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once. |
ccnumber** | Credit card number. |
ccexp** | Credit card expiration. Format: MMYY |
payment*** | The type of payment. Default: ‘creditcard’ Values: ‘creditcard’ or ‘check’ |
checkname*** | The name on the customer’s ACH account. |
checkaccount*** | The customer’s bank account number. |
checkaba*** | The customer’s bank routing number. |
account_type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
currency | Set transaction currency. |
account_holder_type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
sec_code | ACH standard entry class codes. Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’ |
first_name | Cardholder’s first name. Legacy variable includes: firstname |
last_name | Cardholder’s last name. Legacy variable includes: lastname |
address1 | Card billing address. |
city | Card billing city |
state | Card billing state. |
zip | Card billing postal code. |
country | Card billing country code. |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
orderid | Order ID |
order_description | Order Description |
merchant_defined_field_# | Can be set up in merchant control panel under ‘Settings’->’Merchant Defined Fields’. |
ponumber | Cardholder’s purchase order number. |
processor_id | If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel). |
customer_receipt | If set to true, when the customer is charged, they will be sent a transaction receipt. Values: ‘true’ or ‘false’ |
source_transaction_id | Specifies a payment gateway transaction id in order to associate payment information with a Subscription record. |
* | Always required |
** | Required for credit card transactions |
*** | Required for ACH transactions |
Variable Name | Description |
---|---|
recurring* | Add a custom recurring subscription that is NOT associated with an existing plan Value: ‘add_subscription’ |
plan_payments* | The number of payments before the recurring plan is complete. Notes: ‘0’ for until canceled |
plan_amount* | The plan amount to be charged each billing cycle. Format: x.xx |
day_frequency** | How often, in days, to charge the customer. Cannot be set with ‘month_frequency’ or ‘day_of_month’. |
month_frequency*** | How often, in months, to charge the customer. Cannot be set with ‘day_frequency’. Must be set with ‘day_of_month’. Values: 1 through 24 |
day_of_month*** | The day that the customer will be charged. Cannot be set with ‘day_frequency’. Must be set with ‘month_frequency’. Values: 1 through 31 – for months without 29, 30, or 31 days, the charge will be on the last day |
start_date | The first day that the customer will be charged. Format: YYYYMMDD |
payment_token | The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once. |
ccnumber**** | Credit card number. |
ccexp**** | Credit card expiration. Format: MMYY |
payment† | The type of payment. Default: ‘creditcard’ Values: ‘creditcard’ or ‘check’ |
checkname† | The name on the customer’s ACH account. |
checkaccount† | The customer’s bank account number. |
checkaba† | The customer’s bank routing number. |
account_type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
account_holder_type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
sec_code | ACH standard entry class codes. Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’ |
first_name | Cardholder’s first name. Legacy variable includes: firstname |
last_name | Cardholder’s last name. Legacy variable includes: lastname |
address1 | Card billing address. |
city | Card billing city |
state | Card billing state. |
zip | Card billing postal code. |
country | Card billing country code. |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
orderid | Order ID |
order_description | Order Description Legacy variable includes: orderdescription |
merchant_defined_field_# | Can be set up in merchant control panel under ‘Settings’->’Merchant Defined Fields’. |
ponumber | Cardholder’s purchase order number. |
processor_id | If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel). |
customer_receipt | If set to true, when the customer is charged, they will be sent a transaction receipt. Values: ‘true’ or ‘false’ |
source_transaction_id | Specifies a payment gateway transaction id in order to associate payment information with a Subscription record. |
* | Always required |
** | Required unless ‘month_frequency’ and ‘day_of_month’ is set. |
*** | Required unless ‘day_frequency’ is set. |
**** | Required for credit card transactions |
† | Required for ACH transactions |
Variable Name | Description |
---|---|
recurring* | Update the subscription’s billing information. Value: ‘update_subscription’ |
subscription_id* | The subscription ID that will be updated. |
* | Always required |
Variable Name | Description |
---|---|
recurring* | Delete the subscription. Customer will no longer be charged. Value: ‘delete_subscription’ |
subscription_id* | The subscription ID that will be deleted. |
* | Always required |
Variable Name | Description |
---|---|
invoicing* | Create a new invoice and email it to the customer. Values: ‘add_invoice’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
amount* | Total amount to be invoiced. Must be greater than 0.00. Format: x.xx |
email* | Billing email address An invoice will be sent to this address when it is created. |
payment_terms | When the invoice should be paid Default: ‘upon_receipt’ Values: ‘upon_receipt’, or integers from 0-999. |
payment_methods_allowed | What payment methods a customer may use when paying invoice. Defaults to all available payment methods available in your merchant account Values: ‘cc’, ‘ck’, and ‘cs’. Multiple payment types can be selected by comma-separating values. |
currency | The transaction currency. Format: ISO 4217 |
order_description | Order description. Legacy variable includes: orderdescription |
orderid | Order ID. |
customer_id | Customer ID. |
customer_tax_id | Customer Tax ID. |
tax | Total tax amount. |
shipping | Total shipping amount. |
ponumber | Original purchase order. |
first_name | Cardholder’s first name. Legacy variable includes: firstname |
last_name | Cardholder’s last name. Legacy variable includes: lastname |
company | Cardholder’s company. |
address1 | Card billing address. |
address2 | Card billing address, line 2. |
city | Card billing city. |
state | Card billing state. Format: CC |
zip | Card billing zip code. |
country | Card billing country. Country codes are as shown in ISO 3166. Format: CC |
phone | Billing phone number. |
fax | Billing fax number. |
website | Customer website. |
shipping_firstname | Shipping first name. |
shipping_lastname | Shipping last name. |
shipping_company | Shipping company. |
shipping_address1 | Shipping address. |
shipping_address2 | Shipping address, line 2. |
shipping_city | Shipping city. |
shipping_state | Shipping state. Format: CC |
shipping_zip | Shipping zip code. |
shipping_country | Shipping country. Country codes are as shown in ISO 3166. Format: CC |
shipping_email | Shipping email address. |
merchant_defined_field_# | You can pass custom information in up to 20 fields. Format: merchant_defined_field_1=Value |
Product Information | |
item_product_code_# | Merchant defined description code of the item being purchased. |
item_description_# | Description of the item(s) being supplied. |
item_commodity_code_# | International description code of the individual good or service being supplied. The acquirer or processor will provide a list of current codes. |
item_unit_of_measure_# | Code for units of measurement as used in international trade. Default: ‘EACH’ |
item_unit_cost_# | Unit cost of item purchased, may contain up to 4 decimal places. |
item_quantity_# | Quantity of the item(s) being purchased. Default: ‘1’ |
item_total_amount_# | Purchase amount associated with the item. Defaults to: ‘item_unit_cost_#’ x ‘item_quantity_#’ rounded to the nearest penny. |
item_tax_amount_# | Amount of tax on specific item, amount should not be included in ‘total_amount_#’. Default: ‘0.00’ |
item_tax_rate_# | Percentage representing the value-added tax applied. Default: ‘0.00’ |
item_discount_amount_# | Discount amount which can have been applied by the merchant on the sale of the specific item. Amount should not be included in ‘total_amount_#’. |
item_discount_rate_# | Discount rate for the line item. 1% = 1.00. Default: ‘0.00’ |
item_tax_type_# | Type of value-added taxes that are being used. |
item_alternate_tax_id_# | Tax identification number of the merchant that reported the alternate tax amount. |
* | Always required |
Variable Name | Description |
---|---|
invoicing* | Update an existing invoice. Values: ‘update_invoice’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
invoice_id* | The invoice ID to be updated. |
* | Always required |
All variables (besides currency) on an invoice may be updated. Updating an invoice will not result in a new invoice being sent to the customer. To send the invoice after updating an invoice, use the send_invoice request after making changes.
Variable Name | Description |
---|---|
invoicing* | Send an existing invoice to a customer. Values: ‘send_invoice’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
invoice_id* | The invoice ID to be emailed. |
* | Always required |
The invoice will be sent to the billing email address assigned to the invoice.
Variable Name | Description |
---|---|
invoicing* | The invoice to be closed. Values: ‘close_invoice’ |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
invoice_id* | The invoice ID to be closed. |
* | Always required |
Variables | Description |
---|---|
customer_vault* | Add/Update a secure customer vault record. Values: ‘add_customer’ or ‘update_customer’ |
customer_vault_id | Specifies a customer vault id. If not set, the payment gateway will randomly generate a customer vault id. |
billing_id | Billing id to be assigned or updated. If none is provided, one will be created or the billing id with priority ‘1’ will be updated. |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
payment_token | The tokenized version of the customer’s card or check information. This will be generated by Collect.js and is usable only once. |
ccnumber** | Credit card number. |
ccexp** | Credit card expiration. Format: MMYY |
checkname*** | The name on the customer’s ACH account. |
checkaba*** | The customer’s bank routing number. |
checkaccount*** | The customer’s bank account number. |
account_holder_type | The customer’s ACH account entity. Values: ‘personal’ or ‘business’ |
account_type | The customer’s ACH account type. Values: ‘checking’ or ‘savings’ |
sec_code | ACH standard entry class codes. Values: ‘PPD’, ‘WEB’, ‘TEL’, or ‘CCD’ |
currency | Set transaction currency. |
payment | Set payment type to ACH or credit card. Values: ‘creditcard’ or ‘check’ |
orderid | Order id |
order_description | Order Description Legacy variable includes: orderdescription |
merchant_defined_field_# | Can be set up in merchant control panel under ‘Settings’->’Merchant Defined Fields’. Format: merchant_defined_field_1=Value |
first_name | Cardholder’s first name. Legacy variable includes: firstname |
last_name | Cardholder’s last name. Legacy variable includes: lastname |
address1 | Card billing address. |
city | Card billing city |
state | Card billing state. |
zip | Card billing postal code. |
country | Card billing country code. |
phone | Billing phone number. |
Billing email address. | |
company | Cardholder’s company. |
address2 | Card billing address, line 2. |
fax | Billing fax number. |
shipping_id | Shipping entry id. If none is provided, one will be created or the billing id with priority ‘1’ will be updated. |
shipping_firstname | Shipping first name. |
shipping_lastname | Shipping last name. |
shipping_company | Shipping company. |
shipping_address1 | Shipping address. |
shipping_address2 | Shipping address, line 2. |
shipping_city | Shipping city |
shipping_state | Shipping state. |
shipping_zip | Shipping postal code. |
shipping_country | Shipping country code. |
shipping_phone | Shipping phone number. |
shipping_fax | Shipping fax number. |
shipping_email | Shipping email address. |
source_transaction_id | Specifies a payment gateway transaction id in order to associate payment information with a Customer Vault record. |
* | Always required |
** | Required for credit card transactions |
*** | Required for ACH transactions |
Variable | Description |
---|---|
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
customer_vault_id* | Specifies a customer vault id. |
amount | Total amount to be charged. For validate, the amount must be omitted or set to 0.00. Format: x.xx |
currency | The transaction currency. Format: ISO 4217 |
processor_id | If using Multiple MIDs, route to this processor (processor_id is obtained under Settings->Transaction Routing in the Control Panel). |
descriptor | Set payment descriptor on supported processors. |
descriptor_phone | Set payment descriptor phone on supported processors. |
order_description | Order description. Legacy variable includes: orderdescription |
orderid | Order ID |
Stored Credentials (CIT/MIT) | |
initiated_by | Who initiated the transaction. Values: ‘customer’ or ‘merchant’ |
initial_transaction_id | Original payment gateway transaction id. |
stored_credential_indicator | The indicator of the stored credential. Values: ‘stored’ or ‘used’ Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system. Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method. |
* | Always required |
Variable | Description |
---|---|
customer_vault* | Deletes a secure customer vault record. Values: ‘delete_customer’ |
customer_vault_id* | Specifies a customer vault id. |
security_key* |
API Security Key assigned to a merchant account. New keys can be generated from the merchant control panel in Settings > Security Keys |
* | Always required |
Variable Name | Description |
---|---|
track_1 | Raw Magnetic Stripe Data |
track_2 | Raw Magnetic Stripe Data |
track_3 | Raw Magnetic Stripe Data |
Variable Name | Description |
---|---|
magnesafe_track_1 | Raw MagTek Magensa Data |
magnesafe_track_2 | Raw MagTek Magensa Data |
magnesafe_magneprint | Raw MagTek Magensa Data |
magnesafe_ksn | Raw MagTek Magensa Data |
magnesafe_magneprint_status | Raw MagTek Magensa Data |
Variable Name | Description |
---|---|
encrypted_track_1 | Raw encrypted data |
encrypted_track_2 | Raw encrypted data |
encrypted_track_3 | Raw encrypted data |
encrypted_ksn | Raw encrypted data |
Variable Name | Description |
---|---|
encrypted_data | Raw encrypted data |
Variable Name | Description |
---|---|
entry_mode | The type of transaction data to be processed. Value: ’emv_icc’ |
emv_auth_request_data | EMV Data for the transaction as received from the EMV Chip Card SDK. |
emv_device | The EMV – capable card reader. Value: ‘ingenico_rba’ |
verification_method | Method used to verify the EMV transaction. Values: ‘signature’, ‘offline_pin’, ‘offline_pin_signature’, or ‘none’ |
encrypted_ksn | Raw encrypted data |
encrypted_track_2 | Raw encrypted data |
Variable Name | Description |
---|---|
entry_mode | The type of transaction data to be processed. Values: ‘swiped’ or ‘swiped_emv_fallback’ |
emv_device | The EMV – capable card reader. Value: ‘ingenico_rba’ |
encrypted_ksn | Raw encrypted data |
encrypted_track_1 | Raw encrypted data |
encrypted_track_2 | Raw encrypted data |
Variable Name | Description |
---|---|
entry_mode | The type of transaction data to be processed. Value: ‘nfc_msd’ |
emv_device | The EMV – capable card reader. Value: ‘ingenico_rba’ |
encrypted_ksn | Raw encrypted data |
encrypted_track_2 | Raw encrypted data |
Variable Name | Description |
---|---|
entry_mode | The type of transaction data to be processed. Value: ‘keyed’ |
emv_device | The EMV – capable card reader. Value: ‘ingenico_rba’ |
encrypted_ksn | Raw encrypted data |
encrypted_track_2 | Raw encrypted data |
Currently Apple Pay is supported only on the TSYS – EMV platform.
Creating an Apple Merchant ID
First, you must obtain an Apple Merchant ID before you can generate the Certificate Signing Request that Apple requires. You will need to set up an Apple Merchant ID in your iOS Developer Account. Follow these steps to complete the setup:
Generating the Certificate Signing Request
Next, you will need to associate a Certificate with the Merchant ID in Apple’s Developer Portal. After downloading the Certificate Signing Request from the gateway’s options page, follow these steps.
PassKit provides the payment data in the (PKPayment *)payment that is returned to your app’s paymentAuthorizationViewController:didAuthorizePayment:completion method. The Apple Pay encrypted payment data is found in payment.token.paymentData.
payment.token.paymentData is a binary (NSData) object, so you must encode it as a hexadecimal string before it can be passed to the Gateway.
To submit a payment with Apple Pay, send the encrypted token data into the applepay_payment_data variable. There is no need to decrypt the data in your app. Only the Gateway will have access to the private key that can decrypt the token.
When passing in applepay_payment_data, you should not include the variables ccnumber or ccexp; they are extracted from the token data.
Important Note: The authorization amount must match the amount the customer approves in the app. If you pass in a currency, that must also match the currency approved in the app. If omitted, the currency from the app is used.
For working example code, including how to obtain the PKPayment object and how to pass a simple transaction to the Gateway, download the sample project.
Variable Name | Description |
---|---|
applepay_payment_data | The encrypted Apple Pay payment data (payment.token.paymentData) from PassKit encoded as a hexadecimal string |
If you receive the error “Failed to decrypt Apple Pay data. Ensure that the Apple Pay Merchant ID is correct in the Gateway Settings and that the certificate was generated from a Gateway Certificate Signing Request.”, try these steps:
Variable | Description |
---|---|
partial_payment_id | Unique identifier returned when making the original transaction. This should only be used for secondary transactions. |
partial_payments | This variable allows the following two values to be passed to it: |
settle_partial: Settles any amount of tender collected (captured partial auth’s and approved partial sales) at cut off. | |
payment_in_full: Required that any split tendered transaction is collected in-full before settlement gets initiated. | |
type | This variable can be passed the value ‘complete_partial_payment’ which will complete a payment_in_full transaction that has not been collected in full. This allows industries that require payment_in_full but subsequently decide to still settle the transaction even though it has not been collected in full. |
Variable | Description |
---|---|
partial_payment_id | A numeric identifier which is used when submitting subsequent transactions. |
partial_payment_balance | Returns the payment’s remaining balance. |
amount_authorized | Provides the amount that was authorized. |
Example 1: In this request, if nothing more was done, a transaction for 30.00 would settle at the next cut-off.
Request | …type=sale&partial_payments=settle_partial&ccnumber=4111111111111111&ccexp=1016&amount=100.00… |
Response | …response=1&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=30.00… |
Example 2: In this request, payment_in_full was required and two transaction were collected – this transaction would settle at the next cut-off.
Request 1 | …type=sale&partial_payments=payment_in_full&ccnumber=4111111111111111&ccexp=1016&amount=100.00… |
Response 1 | …response=1&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=30.00… |
Request 2 | …type=sale&partial_payment_id=123456789&partial_payments=payment_in_full&ccnumber=4000000000000002&ccexp=1016&amount=70.00… |
Response 2 | …response=1& partial_payment_id=123456789&partial_payment _balance=0.00&amount_authorized=70.00… |
Example 3: In this example, payment_in_full was required and two transactions were attempted, but only one collected. The merchant decided to force it out anyways – this transaction would settle at the next cut-off.
Request 1 | …type=sale&partial_payments=payment_in_full&ccnumber=4111111111111111&ccexp=1016&amount=100.00… |
Response 1 | …response=1&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=30.00… |
Request 2 | …type=sale&partial_payment_id=123456789&partial_payments=payment_in_full&ccnumber=4000000000000002&ccexp=1016&amount=70.00… |
Response 2 | …response=2&partial_payment_id=123456789&partial_payment_balance=70.00&amount_authorized=70.00… |
Request 3 | …type=complete_partial_payment& partial_payment_id=123456789&partial_payments=payment_in_full&amount=70.00… |
Response 3 | …response=1& partial_payment_id=123456789&partial_payment_balance=0.00&amount_authorized=70.00… |
Please note the below is meant to be a guide for how the platform supports CIT and MIT use cases. This is not meant to be an exhaustive list of items needed in order to be compliant. For more information on CIT/MIT compliance, please consult your processor.
Credential on File regulations apply any time data is stored to process future purchases for a cardholder.
Customer vs Merchant Initiated
When a customer is actively engaged in checkout – either physical present in a store, or checking out online in their browser, that is a Customer Initiated Transaction (CIT).
When the customer isn’t actively engaged, but has given permission for their card to be charged, that is a Merchant Initiated Transaction (MIT). In order for a merchant to submit a Merchant Initiated Transaction, a Customer Initiated transaction is required first.
Overview
A cardholder’s consent is required for the initial storage of credentials. When a card is stored, an initial transaction should be submitted (Validate, Sale, or Auth) with the correct credential-on-file type. The transaction must be approved (not declined or encounter an error.) Then, store the transaction ID of the initial customer initiated transaction. The transaction ID must then be submitted with any follow up transactions (MIT or CIT.)
Credential on File types include Recurring, Installment, and Unscheduled types.
For simplicity – we are using the Direct Post API variables. These match the names of the Batch Upload, Collect.js, or the Browser Redirect APIs. The Three-Step API follows the same pattern, and the variables should be submitted on Step 1.
Variable | Description |
---|---|
initiated_by | Who initiated the transaction. Values: ‘customer’ or ‘merchant’ |
initial_transaction_id | Original payment gateway transaction id. |
stored_credential_indicator | The indicator of the stored credential. Values: ‘stored’ or ‘used’ Use ‘stored’ when processing the initial transaction in which you are storing a customer’s payment details (customer credentials) in the Customer Vault or other third-party payment storage system. Use ‘used’ when processing a subsequent or follow-up transaction using the customer payment details (customer credentials) you have already stored to the Customer Vault or third-party payment storage method. |
Variable | Description |
---|---|
cof_supported | Credential on File support indicator specific to the transaction. Values: ‘stored’ or ‘used’ Value will be ‘stored’ if CIT/MIT transaction was sent to a processor that supports the feature. Value will be ‘used’ if CIT/MIT transaction was sent to a processor that does not support the feature or if a merchant-initiated transaction cannot occur due to Cross-Processor limitations. |
Please Note: For Three-Step Redirect transactions, the request details must be sent in Step 1 and the ‘cof-supported’ element will be returned in the response of Step 3.
Recurring:
A transaction in a series of transactions that uses a stored credential and are processed at fixed, regular intervals (not to exceed one year between transactions), and represents cardholder agreement for the merchant to initiate future transactions for the purchase of goods or services provided at regular intervals.
If a customer is signing up for a recurring subscription, the merchant is expected to send “an initial recurring transaction” every time the customer signs up for a new recurring subscription.
For an initial transaction:
Either transaction MUST INCLUDE three items:
Example 1: In this request, an initial recurring sale is sent and an approved transaction is returned in the response. Store this transaction for the follow up request.
Request | …type=sale&billing_method=recurring&initiated_by=customer&stored_credential_indicator=stored… |
Response | …response=1&responsetext=Approved&transactionid=1234567890… |
The transaction ID would be stored and submitted on follow up transactions. The follow up transaction(s) would include:
Example 2: In this request, the subsequent merchant initiated sale is processed using the stored transaction from Example 1.
Request | …type=sale&billing_method=recurring&initiated_by=merchant&stored_credential_indicator=used&initial_transaction_id=1234567890… |
Response | …response=1&responsetext=Approved&transactionid=1234567891… |
Please Note: This transaction ID cannot be used for “unscheduled” or “installment” credential-on-file transactions.
Installment:
An “installment” transaction is a series of transactions that uses a stored credential and represents cardholder agreement with the merchant to initiate one or more future transactions over a period of time for a single purchase of goods or services.
Installment transactions work just like Recurring in that you need a customer initiated transaction for a subsequent installment transaction. The difference is the billing_method will be “installment”.
The customer initiated transaction MUST INCLUDE at least three items (* recommended to send, if available):
Example 3: In this request, an initial installment sale is sent and an approved transaction is returned in the response. Store this transaction for the follow up request.
Request | …type=sale&billing_method=installment&initiated_by=customer&stored_credential_indicator=stored&billing_total=100.00&billing_number=1&amount=25.00… |
Response | …response=1&responsetext=Approved&transactionid=1234567890… |
The transaction ID would be stored and submitted on follow up transactions. The follow up transaction(s) would include (* recommended to send, if available):
Example 4: In this request, the subsequent merchant initiated sale is processed using the stored transaction from Example 3.
Request | …type=sale&billing_method=installment&initiated_by=merchant&stored_credential_indicator=used&initial_transaction_id=1234567890&billing_total=100.00&billing_number=1&amount=25.00… |
Response | …response=1&responsetext=Approved&transactionid=1234567891… |
Please Note: This transaction ID cannot be used for “unscheduled” or “recurring” card on file transactions.
Unscheduled Credential On File:
For payments that aren’t recurring or installment – there are unscheduled options as well.
The first customer initiated transaction will include these two items (no billing method):
Example 5: In this request, an initial unscheduled sale is sent and an approved transaction is returned in the response. Store this transaction for the follow up request.
Request | …type=sale&initiated_by=customer&stored_credential_indicator=stored… |
Response | …response=1&responsetext=Approved&transactionid=1234567890… |
The transaction ID can be used, without a billing method, for a customer initiated or merchant initiated transaction.
Please Note: The transaction ID cannot be used for a “recurring” or “installment” transaction.
Unscheduled, Customer Initiated: A card-absent transaction initiated by the cardholder where the cardholder does not need to enter their card details as the merchant uses the payment credential previously stored by the cardholder to perform the transaction. Examples include a transaction using customer’s merchant profile or digital wallet.
This is your typical shopping cart scenario where the customer checks out without having to re-enter their card details.
The follow up transaction(s) would include:
Example 6: In this request, a subsequent unscheduled sale is sent and an approved transaction is returned in the response.
Request | …type=sale&initiated_by=customer&stored_credential_indicator=used… |
Response | …response=1&responsetext=Approved&transactionid=1234567891… |
Unscheduled, Merchant Initiated: A transaction using a stored credential for a fixed or variable amount that does not occur on a scheduled or regularly occurring transaction date, where the cardholder has provided consent for the merchant to initiate one or more future transactions. An example of this transaction is an account auto-top up transaction.
An example of an account auto-top up would be a customer with an account with a balance. When that balance gets low, the customer’s card is charged automatically, without the customer’s involvement.
The follow up transaction(s) would include:
Example 7: In this request, a subsequent unscheduled sale is sent and an approved transaction is returned in the response.
Request | …type=sale&initiated_by=merchant&stored_credential_indicator=used&initial_transaction_id=1234567890… |
Response | …response=1&responsetext=Approved&transactionid=1234567892… |
Appendix 1: Recommend Further Reading:
If there is any question where a transaction type falls, we recommend reviewing the official card brand documentation. Visa’s guidelines are the most stringent, and generally if you follow those guidelines, you’ll also be compliant for MasterCard, American Express and Discover.
MasterCard:
https://www.mastercard.us/en-us/consumers/offers-promotions/credential-on-file-payments.html
Variable Name | Description |
---|---|
response |
1 = Transaction Approved 2 = Transaction Declined 3 = Error in transaction data or system error |
responsetext | Textual response |
authcode | Transaction authorization code. |
transactionid | Payment gateway transaction id. |
avsresponse | AVS response code (See Appendix 1). |
cvvresponse | CVV response code (See Appendix 2). |
orderid | The original order id passed in the transaction request. |
response_code | Numeric mapping of processor responses (See Appendix 3). |
emv_auth_response_data | This will optionally come back when any chip card data is provided on the authorization. This data needs to be sent back to the SDK after an authorization. |
Transactions can be tested using one of two methods. First, transactions can be submitted to any merchant account that is in test mode. Keep in mind that if an account is in test mode, all valid credit cards will be approved but no charges will actually be processed.
The Payment Gateway demo account can also be used for testing at any time. Please use the following security key for testing with this account:
security_key: | 6457Thfj624V5r7WUwc5v6a68Zsd6YEm |
Transaction details should be POST’ed to the following URL:
POST URL: | https://secure.apsmerchantgateway.com/api/transact.php |
Transactions can be submitted using the following information:
Visa: | 4111111111111111 |
MasterCard: | 5431111111111111 |
Discover: | 6011601160116611 |
American Express: | 341111111111111 |
Diner’s Club: | 30205252489926 |
JCB: | 3541963594572595 |
Maestro: | 6799990100000000019 |
Credit Card Expiration: | 10/25 |
account (ACH): | 123123123 |
routing (ACH): | 123123123 |
X | Exact match, 9-character numeric ZIP |
Y | Exact match, 5-character numeric ZIP |
D | Exact match, 5-character numeric ZIP |
M | Exact match, 5-character numeric ZIP |
2 | Exact match, 5-character numeric ZIP, customer name |
6 | Exact match, 5-character numeric ZIP, customer name |
A | Address match only |
B | Address match only |
3 | Address, customer name match only |
7 | Address, customer name match only |
W | 9-character numeric ZIP match only |
Z | 5-character ZIP match only |
P | 5-character ZIP match only |
L | 5-character ZIP match only |
1 | 5-character ZIP, customer name match only |
5 | 5-character ZIP, customer name match only |
N | No address or ZIP match only |
C | No address or ZIP match only |
4 | No address or ZIP or customer name match only |
8 | No address or ZIP or customer name match only |
U | Address unavailable |
G | Non-U.S. issuer does not participate |
I | Non-U.S. issuer does not participate |
R | Issuer system unavailable |
E | Not a mail/phone order |
S | Service not supported |
0 | AVS not available |
O | AVS not available |
B | AVS not available |
M | CVV2/CVC2 match |
N | CVV2/CVC2 no match |
P | Not processed |
S | Merchant has indicated that CVV2/CVC2 is not present on card |
U | Issuer is not certified and/or has not provided Visa encryption keys |
100 | Transaction was approved. |
200 | Transaction was declined by processor. |
201 | Do not honor. |
202 | Insufficient funds. |
203 | Over limit. |
204 | Transaction not allowed. |
220 | Incorrect payment information. |
221 | No such card issuer. |
222 | No card number on file with issuer. |
223 | Expired card. |
224 | Invalid expiration date. |
225 | Invalid card security code. |
226 | Invalid PIN. |
240 | Call issuer for further information. |
250 | Pick up card. |
251 | Lost card. |
252 | Stolen card. |
253 | Fraudulent card. |
260 | Declined with further instructions available. (See response text) |
261 | Declined-Stop all recurring payments. |
262 | Declined-Stop this recurring program. |
263 | Declined-Update cardholder data available. |
264 | Declined-Retry in a few days. |
300 | Transaction was rejected by gateway. |
400 | Transaction error returned by processor. |
410 | Invalid merchant configuration. |
411 | Merchant account is inactive. |
420 | Communication error. |
421 | Communication error with issuer. |
430 | Duplicate transaction at processor. |
440 | Processor format error. |
441 | Invalid transaction information. |
460 | Processor feature not available. |
461 | Unsupported card type. |
' ***** DISCLAIMER *****
' This code is to be used as an example and not in production.
' It lacks thorough testing and debugging. The Results below will be
' returned when posting against a gateway Test Account or an Active Account with Test Mode Enabled
GatewaySecurityKey = "[[Gateway Security Key Here]]"
' Returns True on Success, False on Failure
Function GatewaySale(amount, ccnumber, ccexp, cvv, name, address, zip)
Set OGateway = Server.CreateObject("MSXML2.ServerXMLHTTP")
OGateway.Open "POST", "https://secure.apsmerchantgateway.com/api/transact.php", false
OGateway.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
DataToSend = "security_key=" & Server.URLEncode(GatewaySecurityKey) &_
"&ccnumber=" & Server.URLEncode(ccnumber) &_
"&ccexp=" & Server.URLEncode(ccexp) &_
"&cvv=" & Server.URLEncode(cvv) &_
"&amount=" & Server.URLEncode(amount) &_
"&firstname=" & Server.URLEncode(name) &_
"&address1=" & Server.URLEncode(address) &_
"&zip=" & Server.URLEncode(zip)
OGateway.Send DataToSend
ResponseString = OGateway.responseText
Results = Split(ResponseString, "&")
GatewaySale = False
For Each i in Results
Result = Split(i,"=")
If UBound(Result)>0 Then
If LCase(Result(0))="response" Then
If Result(1) = "1" Then
GatewaySale = True
End If
End If
End If
Next
End Function
Results = GatewaySale("10.00","4111111111111111","0112","","John Smith","123 Main St", "60123")
Response.Write("This should be true: " & Results & "
")
Results = GatewaySale("0.99","4111111111111111","0112","","John Smith","123 Main St", "60123")
Response.Write("This should be false: " & Results & "
")
///###########################################################
///# #
///# D I S C L A I M E R #
///# #
///# WARNING: ANY USE BY YOU OF THE SAMPLE CODE PROVIDED #
///# IS AT YOUR OWN RISK. #
///# #
///# This code is provided "as is" without #
///# warranty of any kind, either express or implied, #
///# including but not limited to the implied warranties #
///# of merchantability and/or fitness for a particular #
///# purpose. #
///# #
///# #
///###########################################################
///###########################################################
///# #
///# Direct Post Transaction Submission Methodology #
///# #
///###########################################################
///# #
///# 1. You gather all the required transaction data on #
///# your secure web site. #
///# #
///# 2. The transaction data gets submitted (via HTTPS #
///# POST) to the gateway as one long string, consisting #
///# of specific name/value pairs. #
///# #
///# 3. When performing the HTTPS POST operation, you #
///# remain on the same web page from which you've #
///# performed the operation. #
///# #
///# 4. The Gateway immediately returns a transaction #
///# response string to the same web page from which you #
///# have performed the HTTPS POST operation. #
///# #
///# 5. You may then parse the response string and act #
///# upon certain response criteria, according to your #
///# business needs. #
///# #
///# #
///###########################################################
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<script language="C#" runat="server">
void Page_Load(Object Src, EventArgs E) {
// Process readHtmlPage function
myPage.Text = readHtmlPage("https://secure.apsmerchantgateway.com/api/transact.php");
}
private String readHtmlPage(string url)
{
//setup some variables
String security_key = "6457Thfj624V5r7WUwc5v6a68Zsd6YEm";
String firstname = "John";
String lastname = "Smith";
String address1 = "1234 Main St.";
String city = "Chicago";
String state = "IL";
String zip = "60193";
//setup some variables end
String result = "";
String strPost = "security_key=" + security_key
+ "&firstname=" + firstname + "&lastname=" + lastname
+ "&address1=" + address1 + "&city=" + city + "&state=" + state
+ "&zip=" + zip + "&payment=creditcard&type=sale"
+ "&amount=1.00&ccnumber=4111111111111111&ccexp=1015&cvv=123";
StreamWriter myWriter = null;
HttpWebRequest objRequest = (HttpWebRequest)WebRequest.Create(url);
objRequest.Method = "POST";
objRequest.ContentLength = strPost.Length;
objRequest.ContentType = "application/x-www-form-urlencoded";
try
{
myWriter = new StreamWriter(objRequest.GetRequestStream());
myWriter.Write(strPost);
}
catch (Exception e)
{
return e.Message;
}
finally {
myWriter.Close();
}
HttpWebResponse objResponse = (HttpWebResponse)objRequest.GetResponse();
using (StreamReader sr =
new StreamReader(objResponse.GetResponseStream()) )
{
result = sr.ReadToEnd();
// Close and clean up the StreamReader
sr.Close();
}
return result;
}
</script>
<html>
<body>
<b>The content on this web page is the result of an HTTP POST operation to the Gateway, using the Direct Post method.<br>
<br/>
</b><hr/>
<asp:literal id="myPage" runat="server"/>
</body>
</html>
<CFLOCK Name="#session.sessionID#" timeout="10" Type ="Exclusive">
<CFPARAM NAME="session.status" Default="none">
<CFPARAM NAME="emsg" Default="A connection with the financial gateway failed.">
<CFSET oid = ''>
<CFSET em = 0>
<CFIF not IsDefined('URL.ccinterim')>
<CFSET em = 100>
<CFELSEIF not IsDefined('session.store')>
<CFSET em = 101>
<CFELSEIF not session.active>
<CFSET em = 102>
<CFELSEIF not session.store>
<CFSET em = 103>
<CFELSEIF #session.retry# gt 2>
<CFSET em = 400>
</CFIF>
<CFIF em gt 0>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLtoken#&em=#em#">
</CFIF>
<CFSET start = GetTickCount()>
<CFPARAM NAME="result" DEFAULT="false">
<CFPARAM NAME="com_error" DEFAULT="none">
<CFPARAM NAME="session.redirect" Default="x">
<CFPARAM NAME="session.status" Default="none">
<CFPARAM NAME="theactioncode" Default="">
<CFSET oid = session.ponumber>
<!--- fix date for 4 digits only now 09/09--->
<CFSET ccmonth = SpanExcluding(session.exprdate, '/')>
<CFSET ccyear = Mid(session.exprdate, 4, 2)>
<CFSET session.exprdate = '#ccmonth##ccyear#'>
<!--- the session.cvv value is set to a form default in ccinterim --->
<!--- the session order values come from paydirect and the cc values from ccinterim --->
<!--- Tax(default=0), shipping(default=0), and PO Number provide Level II processing --->
<CFHTTP url="https://secure.apsmerchantgateway.com/api/transact.php"
method="POST" resolveurl="yes" throwonerror="yes"
PATH="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\" FILE="tempfile.txt">
<CFHTTPPARAM type="FORMFIELD" name="security_key" value="#session.TRNSKEY#">
<CFHTTPPARAM type="FORMFIELD" name="type" value="#session.TRNSTYPE#">
<CFHTTPPARAM type="FORMFIELD" name="amount" value="#session.ustotal#">
<CFHTTPPARAM type="FORMFIELD" name="ccnumber" value="#session.ccnumber#">
<CFHTTPPARAM type="FORMFIELD" name="ccexp" value="#session.exprdate#">
<CFHTTPPARAM type="FORMFIELD" name="address1" value="#session.ccaddress#">
<CFHTTPPARAM type="FORMFIELD" name="zip" value="#session.cczip#">
<CFHTTPPARAM type="FORMFIELD" name="orderid" value="#session.ponumber#">
<CFHTTPPARAM type="FORMFIELD" name="cvv" value="#session.cvv#">
<CFHTTPPARAM type="FORMFIELD" name="tax" value="#session.ustax#">
<CFHTTPPARAM type="FORMFIELD" name="shipping" value="#session.usshipping#">
<!---CFHTTPPARAM type="FORMFIELD" name="transactionid" value="#form.transid#"--->
</CFHTTP>
<!---CFSET result = cfhttp.filecontent would be the usual method of getting the
stored reply; however, when working in a shared server environment with ColdFusion,
the user may not have authorization to access this storage area and instead will
have to specify the full path within their domain for the file storage location
and again specify the path for a file read action. With multiple domains in a
sandbox environment, any of the domains can be used for saving the reply file. On
each transaction this file gets over written.--->
<CFFILE ACTION="read"
FILE="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\tempfile.txt"
VARIABLE="result">
<CFIF IsDefined('result')>
<!--- create array of names and then loop to populate a query structure
called "crdck". Map mynames to Island names for standardization. If
this is a first time gateway setup, the mapping will not be necessary. Simply
parse the names and values.--->
<CFSET mystring = result>
<!--- CFSET mynames = "response,responsetext,authcode,transactionid,avsresponse,cvvresponse,orderid,type" --->
<!--- create arrays from the strings --->
<CFSET myarray = ListToArray(mystring, "&")>
<CFSET islandnames = "ActionCode,Status,AuthNumber,MerchantTransaction,AVSCode,CVVcode,OrderID,Referencecode">
<CFSET islandnamearray = ListToArray(islandnames, ",")>
<!--- create a new array called crdck and then populate it in a loop with the Island
names and the values. This is done to remain compatible with previous
instances of other gateways without having to change all of the downstream syntax. --->
<CFSET crdck = QueryNew(islandnames)>
<CFSET temp = QueryAddRow(crdck)>
<!--- loop to populate array with desired names (island names) and values --->
<CFLOOP INDEX="k" FROM="1" TO="#ArrayLen(myarray)#">
<CFSET sz = Len(myarray[k])>
<CFSET m = FindNoCase("=", myarray[k], 1)>
<CFIF m is 0><!--- create dummy value in case the = sign not found --->
<CFSET temp = QuerySetCell(crdck, islandnamearray[k], "xxx")>
<CFELSE>
<CFSET n = Find("=", myarray[k], m+sz)>
<CFSET avalue = Mid(myarray[k], m+1, sz)>
<CFSET temp = QuerySetCell(crdck, islandnamearray[k], avalue)>
</CFIF>
<CFIF #k# gt 20><CFBREAK></CFIF><!--- prevent an endless loop for any reason --->
</CFLOOP>
</CFIF>
<CFIF IsDefined('crdck.Actioncode')>
<CFSET theactioncode = crdck.Actioncode>
<!--- this call will timeout based on server configuration --->
<CFSET thedate = DateFormat(now(), 'mm/dd/yy')>
<!--- some mapping is required because CardTech gateway uses their Responsetext
field, our STATUS field, for both status and error messages. --->
<!--- In our database STATUS is a short advisory to the merchant on the order
summary page. Their 'response' is our actioncode--->
<CFSET thestatus = crdck.Actioncode>
<CFIF thestatus eq 1>
<CFSET thestatus = 'auth-settle::1'>
<CFELSEIF thestatus eq 2>
<CFSET thestatus = 'retry-auth(credit)::2'>
<CFELSEIF thestatus eq 3>
<CFSET thestatus = 'retry-auth(data)::3'>
<CFELSEIF thestatus eq "">
<CFSET thestatus = 'retry-auth(comm)::'>
</CFIF>
<!--- A short statement for the 'trnsmsg' on the order detail page. CardTech
returns 'success' in their responsetext field when actioncode=1 --->
<CFSET msg = crdck.status>
<CFIF crdck.Actioncode is not 1>
<CFSET msg = 'declined'>
</CFIF>
<!--- CardTech Responsetext(our status) is a message which is mapped to our
error message when 'success' (CardTech actioncode is not equal to 1)is not
returned. The emsg(error message) is for the customer and order detail page. --->
<CFSET emsg = crdck.status>
<CFIF crdck.Actioncode is 1>
<CFSET emsg = 'no-error'>
</CFIF>
<!--- zero lenth not allowed in database table entry --->
<CFSET oid = crdck.OrderID>
<CFIF #Len(oid)# is 0>
<CFSET oid = #session.ponumber#>
</CFIF>
<CFSET avs = crdck.AVSCode>
<CFIF Len(avs) is 0>
<CFSET avs = 'no return'>
</CFIF>
<CFSET cvv = crdck.CVVCode>
<CFIF Len(cvv) is 0>
<CFSET cvv = 'no return'>
</CFIF>
<CFSET authnum = crdck.AuthNumber>
<CFIF Len(authnum) is 0>
<CFSET authnum = 'xxx'>
</CFIF>
<CFSET trnsmsg = '#authnum#::#msg#::#crdck.ActionCode#'>
<CFSET trnsid = '#crdck.MerchantTransaction#::#crdck.ReferenceCode#'>
<CFQUERY NAME="logpayment" DATASOURCE="#application.ordersDSN#">
UPDATE #session.table#
SET TRNSMSG = '#trnsmsg#',<!--- this is RESULT entry on order detail page --->
STATUS = '#thestatus#',
AVS = '#avs#',
TRNSRSV = '#cvv#',
ERRORMSG = '#emsg#',
TRANSID = '#trnsid#' <!--- this is Authorize ID on order detail page --->
WHERE
PONUMBER = '#oid#'
</CFQUERY>
<CFSET session.retry = session.retry +1>
<CFSET end = GetTickCount()>
<CFSET session.duration = evaluate((end - session.start)/1000)>
<CFIF crdck.Actioncode is 1>
<CFLOCATION URL = "../Templates/cc_good.cfm?#session.URLToken#&ccon=1">
<CFELSEIF crdck.Actioncode is 2>
<CFSET em = 401>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">
<CFELSEIF crdck.ActionCode is 3 AND FindNoCase('expiration', emsg,1) gt 0>
<CFSET em = 402>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">
<CFELSEIF crdck.ActionCode is 3 AND FindNoCase('invalid', emsg,1) gt 0>
<CFSET em = 405>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">
<CFELSEIF crdck.ActionCode is 3>
<CFSET em = 404>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=#emsg#">
</CFIF>
</CFIF><!--- end of crdck.actioncode defined --->
<CFIF theactioncode is ""><!--- from the default value modified by crdck.actioncode --->
<CFSET em = 406>
<CFLOCATION URL="../Templates/process_error.cfm?#session.URLToken#&em=#em#&emsg=""">
</CFIF>
</CFLOCK>
<DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><head><title>ColdFusion test</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta http-equiv="Expires" content="Mon,23 Sept 1998 00:00:00 GMT">
<meta name='description' content=''>
<meta name='keywords' content=''>
<meta name='author' content='ImagineNation'>
<meta name='url' content='http://www.ImagineNation.com'>
<!--- COPYRIGHT:===============================================
Any commercial use or duplication, in part or in whole, of this
copyright material without prior licensing is forbidden by
federal law. Violators may be subject to civil and/or criminal
penalties, (Title 17, Sections 501 and 506).
========================================================== --->
<!-- script language="JavaScript1.1" src="whatever.js" type="text/javascript" -->
<script language="JavaScript1.1" type="text/javascript">
//<!-- ==========================Hide SCRIPT=============================
//onError = null
//===============================The End============================= -->
</script>
<style>
body{background-color:#cadaca; margin: 5px 0px 0px 5px;
font-family:verdana; font-size:12pt; font-weight:bold; color:#000000;
}
.toptable{background-color:#daeaca; font-family:Verdana; font-size:10pt;
font-weight:bold; color:#000000; padding:10px; width:350px; height:150px;
border-width:2px; border-color:#b07050; border-style:solid; float:left;
display:inline;
}
.cr{color:#000000; font-family:Ariel; font-size:8pt;
font-weight:normal; font-style:italic;
}
</style>
</head>
<body>
<h4>HTML Test File<br>
Submits to the ColdFusion process.cfm File</h4>
<div class="toptable" align="right">
The names in parenthesis are the processing names which are
populated with values in the form fields. The security key allows for
test transactions on the gateway.<br>
<form name="testtrans" action="process.cfm" method="post">
security_key: <input type="text" name="security_key" size=32 value="6457Thfj624V5r7WUwc5v6a68Zsd6YEm"><br>
amount: <input type="text" name="amount" size=20 value="2.00"><br>
transtype: <input type="text" name="transtype" size=20 value="auth"><br>
ccnumber: <input type="text" name="ccnumber" size=20 value="4111111111111111"><br>
ccexp: <input type="text" name="ccexp" size=20 value="0407"><br>
address1: <input type="text" name="ccaddress" size=20 value="20 demo lane"><br>
zip: <input type="text" name="cczip" size=20 value="20123"><br>
cvv: <input type="text" name="cvv" size=20 value="444"><br>
orderid: <input type="text" name="orderid" size=20 value="UM12345678"><br>
tax: <input type="text" name="tax" size=20 value="1.20"><br>
transid: <input type="text" name="transid" size=20 value=""><br>
<input type="submit" value=" SUBMIT ">
</form><br>
Transid is the transaction ID number returned and the number that must be used
to capture an authorization or make a return.
</div>
<center class="cr">
<p> <p><a href="http://ImagineNation.com" target="_blank">ImagineNation</a><br>© 1996 - 2006
</center>
</body></html>
<!--- It is advisable to run this file in a managed application with a lock on
the session to avoid interference from some other operation while waiting for
the return information. --->
<CFLOCK Name="testfiles" timeout="10" Type ="Exclusive">
<CFSET begin =GetTickCount()>
<!--- These default values are provided to prevent errors of omission. --->
<CFPARAM NAME="form.security_key" DEFAULT="xx">
<CFPARAM NAME="form.amount" DEFAULT="xx">
<CFPARAM NAME="form.transtype" DEFAULT="xx">
<CFPARAM NAME="form.ccnumber" DEFAULT="xx">
<CFPARAM NAME="form.ccexp" DEFAULT="xx">
<CFPARAM NAME="form.ccaddress" DEFAULT="xx">
<CFPARAM NAME="form.cczip" DEFAULT="xx">
<CFPARAM NAME="form.orderid" DEFAULT="xx">
<CFPARAM NAME="form.ccv" DEFAULT="">
<CFPARAM NAME="form.tax" DEFAULT="0.75">
<CFPARAM NAME="form.transid" DEFAULT="">
<CFPARAM NAME="result" DEFAULT="xx">
<!--- CFSET result = cfhttp.filecontent would be the usual method of getting the
stored reply from a post action without specifying a path; however, when working
in a shared server environment with ColdFusion, the user may not have authorization
to access this storage area and instead will have to specify the full path within
their own domain for the file storage location and again specify the same path for
a file read action. With multiple domains in a sandbox environment, any of the
domains can be used for saving the reply file. On each transaction this file gets
over written. The example below is specific to ImagineNation and must be changed
for your own testing.--->
<!--- This is the post to the gateway server. --->
<cfhttp url="https://secure.apsmerchantgateway.com/api/transact.php"
method="POST" resolveurl="yes" throwonerror="yes"
PATH="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\" FILE="tempfile.txt">
<cfhttpparam type="FORMFIELD" name="security_key" value="#form.security_key#">
<cfhttpparam type="FORMFIELD" name="amount" value="#form.Amount#">
<cfhttpparam type="FORMFIELD" name="type" value="#form.transtype#">
<cfhttpparam type="FORMFIELD" name="ccnumber" value="#form.CCNumber#">
<cfhttpparam type="FORMFIELD" name="ccexp" value="#form.CCExp#">
<cfhttpparam type="FORMFIELD" name="address1" value="#form.ccaddress#">
<cfhttpparam type="FORMFIELD" name="zip" value="#form.cczip#">
<cfhttpparam type="FORMFIELD" name="orderid" value="#form.orderid#">
<cfhttpparam type="FORMFIELD" name="cvv" value="#form.cvv#">
<cfhttpparam type="FORMFIELD" name="tax" value="#form.tax#">
<cfhttpparam type="FORMFIELD" name="transactionid" value="#form.transid#">
</CFHTTP>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><head><title>ImagineNation: ColdFusion process</title>
<style>
body{background-color:#cadaca; margin: 5px 0px 0px 5px;
font-family:verdana; font-size:12pt; font-weight:bold; color:#000000;
}
.toptable{background-color:#daeaca; font-family:Verdana; font-size:10pt;
font-weight:bold; color:#000000; padding:10px; width:350px; height:150px;
border-width:2px; border-color:#b07050; border-style:solid; float:left;
display:inline;
}
.cr{color:#000000; font-family:Ariel; font-size:8pt;
font-weight:normal; font-style:italic;
}
</style>
</head>
<body>
<h4>Transaction results appear here.</h4>
<CFFILE ACTION="read"
FILE="d:\html\users\cfxa2\zanaducom\html\Test\CardTech\tempfile.txt"
VARIABLE="result">
<CFOUTPUT>
<CFIF IsDefined('result')>
<b>The returned string is:<br>
<font size="-1">#result#</font></b>
<CFELSE>
<b>
No return found</b>
</CFIF>
<div class="toptable">
The string can be converted to an array of name/value pairs by splitting on the "&" sign.<br><br>
<CFSET responsearray = ListToArray(result, "&")>
The array length is #ArrayLen(responsearray)#
<br><br>
The returned array values are:<br><br>
<CFLOOP INDEX="k" FROM="1" TO="#ArrayLen(responsearray)#">
#responsearray[k]#<br>
<CFIF #k# gt 20><CFBREAK></CFIF><!--- prevent an endless loop for any reason --->
</CFLOOP>
</CFOUTPUT><br><br>
If this was a type=auth transaction, you can return to the <a href="mytest.htm">
form page</a> and enter the transaction id and change type to capture to test
the capture mode.
</div>
<CFOUTPUT>
<p><CFSET end =GetTickCount()>
process duration = #Evaluate((end-begin)/1000)# seconds
</CFOUTPUT>
</CFLOCK>
<center class="cr">
<p> <p><a href="http://ImagineNation.com" target="_blank">ImagineNation</a><br>© 1996 - 2006
</center>
</body></html>
import java.util.*;
import java.io.*;
import java.net.*;
import java.security.*;
import java.text.*;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
class PaymentGateway {
protected String server;
protected String port;
protected String path;
protected String security_key;
public PaymentGateway(String key)
{
server = "secure.apsmerchantgateway.com";
port = "443";
path = "https://secure.apsmerchantgateway.com/api/transact.php";
security_key = key;
}
public HashMap doSale( double amount,
String ccNumber,
String ccExp
) throws Exception
{
HashMap result = new HashMap();
HashMap request = new HashMap();
DecimalFormat form = new DecimalFormat("#.00");
request.put("amount", form.format(amount));
request.put("type", "sale");
request.put("ccnumber", ccNumber);
request.put("ccexp", ccExp);
String data_out = prepareRequest(request);
String error = "";
String data_in = "";
boolean success = true;
try {
HashMap retval = postForm(data_out);
data_in = (String)retval.get("response");
result.put("transactionid", retval.get("transactionid"));
} catch (IOException e) {
success = false;
error = "Connect error, " + e.getMessage();
} catch (Exception e) {
success = false;
error = e.getMessage();
}
if (!success) {
throw new Exception(error);
}
return result;
}
// Utility Functions
public String prepareRequest(HashMap request) {
if (request.size() == 0) {
return "";
}
request.put("security_key", security_key);
Set s = request.keySet();
Iterator i = s.iterator();
Object key = i.next();
StringBuffer buffer = new StringBuffer();
buffer.append(key).append("=")
.append(URLEncoder.encode((String) request.get(key)));
while (i.hasNext()) {
key = i.next();
buffer.append("&").append(key).append("=")
.append(URLEncoder.encode((String) request.get(key)));
}
return buffer.toString();
}
protected HashMap postForm(String data) throws Exception {
HashMap result = new HashMap();
HttpURLConnection postConn;
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
URL post = new URL("https", server, Integer.parseInt(port), path);
postConn = (HttpURLConnection)post.openConnection();
postConn.setRequestMethod("POST");
postConn.setDoOutput(true);
PrintWriter out = new PrintWriter(postConn.getOutputStream());
out.print(data);
out.close();
BufferedReader in =
new BufferedReader(new InputStreamReader(postConn.getInputStream()));
String inputLine;
StringBuffer buffer = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
buffer.append(inputLine);
}
in.close();
String response = buffer.toString();
result.put("response", response);
// Parse Result
StringTokenizer st = new StringTokenizer(response, "&");
while (st.hasMoreTokens()) {
String varString = st.nextToken();
StringTokenizer varSt = new StringTokenizer(varString, "=");
if (varSt.countTokens() > 2 || varSt.countTokens()<1) {
throw new Exception("Bad variable from processor center: " + varString);
}
if (varSt.countTokens()==1) {
result.put(varSt.nextToken(), "");
} else {
result.put(varSt.nextToken(), varSt.nextToken());
}
}
if (result.get("response")=="") {
throw new Exception("Bad response from processor center" + response);
}
if (!result.get("response").toString().equals("1")) {
throw new Exception(result.get("responsetext").toString());
}
return result;
}
}
public class TestPaymentGateway
{
public static void main(String arg[])
{
HashMap retval = new HashMap();
PaymentGateway gw = new PaymentGateway("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");
try {
retval = gw.doSale(10.05, "4111111111111111", "0909");
System.out.println("Success\nTransId: " + retval.get("transactionid") + "\n");
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}
const https = require('https');
const querystring = require('querystring');
class DirectPost {
constructor(security_key) {
this.security_key = security_key;
}
setBilling(billingInformation) {
// Validate that passed in information contains valid keys
const validBillingKeys = ['first_name', 'last_name', 'company', 'address1',
'address2', 'city', 'state', 'zip', 'country', 'phone', 'fax', 'email'];
for (let key in billingInformation) {
if (!validBillingKeys.includes(key)) {
throw new Error(`Invalid key provided in billingInformation. '${key}'
is not a valid billing parameter.`)
}
};
this.billing = billingInformation;
}
setShipping(shippingInformation) {
// Validate that passed in information contains valid keys
const validShippingKeys = [
'shipping_first_name', 'shipping_last_name', 'shipping_company',
'shipping_address1', 'address2', 'shipping_city', 'shipping_state',
'shipping_zip', 'shipping_country', 'shipping_email'
];
for (let key in shippingInformation) {
if (!validShippingKeys.includes(key)) {
throw new Error(`Invalid key provided in shippingInformation. '${key}'
is not a valid shipping parameter.`)
}
};
this.shipping = shippingInformation;
}
doSale(amount, ccNum, ccExp, cvv) {
let requestOptions = {
'type': 'sale',
'amount': amount,
'ccnumber': ccNum,
'ccexp': ccExp,
'cvv': cvv
};
// Merge together all request options into one object
Object.assign(requestOptions, this.billing, this.shipping);
// Make request
this._doRequest(requestOptions);
}
_doRequest(postData) {
const hostName = 'secure.apsmerchantgateway.com';
const path = '/api/transact.php';
postData.security_key = this.security_key;
postData = querystring.stringify(postData);
const options = {
hostname: hostName,
path: path,
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': Buffer.byteLength(postData)
}
};
// Make request to Direct Post API
const req = https.request(options, (response) => {
console.log(`STATUS: ${response.statusCode}`);
console.log(`HEADERS: ${JSON.stringify(response.headers)}`);
response.on('data', (chunk) => {
console.log(`BODY: ${chunk}`);
});
response.on('end', () => {
console.log('No more data in response.');
});
});
req.on('error', (e) => {
console.error(`Problem with request: ${e.message}`);
});
// Write post data to request body
req.write(postData);
req.end();
}
}
const dp = new DirectPost('{security_key}');
const billingInfo = {
'first_name': 'Test',
'last_name': 'User',
'address1': '123 Main St',
'city': 'New York',
'state': 'NY',
'zip' : '12345',
}
const shippingInfo = {
'shipping_first_name': 'User',
'shipping_last_name': 'Test',
'shipping_address1': '987 State St',
'shipping_city': 'Los Angeles',
'shipping_state': 'CA',
'shipping_zip' : '98765',
}
dp.setBilling(billingInfo);
dp.setShipping(shippingInfo);
// Set dummy data for sale
dp.doSale('100.00', '4111111111111111', '1221', '123');
define("APPROVED", 1);
define("DECLINED", 2);
define("ERROR", 3);
class gwapi {
// Initial Setting Functions
function setLogin($security_key) {
$this->login['security_key'] = $security_key;
}
function setOrder($orderid,
$orderdescription,
$tax,
$shipping,
$ponumber,
$ipaddress) {
$this->order['orderid'] = $orderid;
$this->order['orderdescription'] = $orderdescription;
$this->order['tax'] = $tax;
$this->order['shipping'] = $shipping;
$this->order['ponumber'] = $ponumber;
$this->order['ipaddress'] = $ipaddress;
}
function setBilling($firstname,
$lastname,
$company,
$address1,
$address2,
$city,
$state,
$zip,
$country,
$phone,
$fax,
$email,
$website) {
$this->billing['firstname'] = $firstname;
$this->billing['lastname'] = $lastname;
$this->billing['company'] = $company;
$this->billing['address1'] = $address1;
$this->billing['address2'] = $address2;
$this->billing['city'] = $city;
$this->billing['state'] = $state;
$this->billing['zip'] = $zip;
$this->billing['country'] = $country;
$this->billing['phone'] = $phone;
$this->billing['fax'] = $fax;
$this->billing['email'] = $email;
$this->billing['website'] = $website;
}
function setShipping($firstname,
$lastname,
$company,
$address1,
$address2,
$city,
$state,
$zip,
$country,
$email) {
$this->shipping['firstname'] = $firstname;
$this->shipping['lastname'] = $lastname;
$this->shipping['company'] = $company;
$this->shipping['address1'] = $address1;
$this->shipping['address2'] = $address2;
$this->shipping['city'] = $city;
$this->shipping['state'] = $state;
$this->shipping['zip'] = $zip;
$this->shipping['country'] = $country;
$this->shipping['email'] = $email;
}
// Transaction Functions
function doSale($amount, $ccnumber, $ccexp, $cvv="") {
$query = "";
// Login Information
$query .= "security_key=" . urlencode($this->login['security_key']) . "&";
// Sales Information
$query .= "ccnumber=" . urlencode($ccnumber) . "&";
$query .= "ccexp=" . urlencode($ccexp) . "&";
$query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
$query .= "cvv=" . urlencode($cvv) . "&";
// Order Information
$query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
$query .= "orderid=" . urlencode($this->order['orderid']) . "&";
$query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
$query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
$query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
$query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
// Billing Information
$query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
$query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
$query .= "company=" . urlencode($this->billing['company']) . "&";
$query .= "address1=" . urlencode($this->billing['address1']) . "&";
$query .= "address2=" . urlencode($this->billing['address2']) . "&";
$query .= "city=" . urlencode($this->billing['city']) . "&";
$query .= "state=" . urlencode($this->billing['state']) . "&";
$query .= "zip=" . urlencode($this->billing['zip']) . "&";
$query .= "country=" . urlencode($this->billing['country']) . "&";
$query .= "phone=" . urlencode($this->billing['phone']) . "&";
$query .= "fax=" . urlencode($this->billing['fax']) . "&";
$query .= "email=" . urlencode($this->billing['email']) . "&";
$query .= "website=" . urlencode($this->billing['website']) . "&";
// Shipping Information
$query .= "shipping_firstname=" . urlencode($this->shipping['firstname']) . "&";
$query .= "shipping_lastname=" . urlencode($this->shipping['lastname']) . "&";
$query .= "shipping_company=" . urlencode($this->shipping['company']) . "&";
$query .= "shipping_address1=" . urlencode($this->shipping['address1']) . "&";
$query .= "shipping_address2=" . urlencode($this->shipping['address2']) . "&";
$query .= "shipping_city=" . urlencode($this->shipping['city']) . "&";
$query .= "shipping_state=" . urlencode($this->shipping['state']) . "&";
$query .= "shipping_zip=" . urlencode($this->shipping['zip']) . "&";
$query .= "shipping_country=" . urlencode($this->shipping['country']) . "&";
$query .= "shipping_email=" . urlencode($this->shipping['email']) . "&";
$query .= "type=sale";
return $this->_doPost($query);
}
function doAuth($amount, $ccnumber, $ccexp, $cvv="") {
$query = "";
// Login Information
$query .= "security_key=" . urlencode($this->login['security_key']) . "&";
// Sales Information
$query .= "ccnumber=" . urlencode($ccnumber) . "&";
$query .= "ccexp=" . urlencode($ccexp) . "&";
$query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
$query .= "cvv=" . urlencode($cvv) . "&";
// Order Information
$query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
$query .= "orderid=" . urlencode($this->order['orderid']) . "&";
$query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
$query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
$query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
$query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
// Billing Information
$query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
$query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
$query .= "company=" . urlencode($this->billing['company']) . "&";
$query .= "address1=" . urlencode($this->billing['address1']) . "&";
$query .= "address2=" . urlencode($this->billing['address2']) . "&";
$query .= "city=" . urlencode($this->billing['city']) . "&";
$query .= "state=" . urlencode($this->billing['state']) . "&";
$query .= "zip=" . urlencode($this->billing['zip']) . "&";
$query .= "country=" . urlencode($this->billing['country']) . "&";
$query .= "phone=" . urlencode($this->billing['phone']) . "&";
$query .= "fax=" . urlencode($this->billing['fax']) . "&";
$query .= "email=" . urlencode($this->billing['email']) . "&";
$query .= "website=" . urlencode($this->billing['website']) . "&";
// Shipping Information
$query .= "shipping_firstname=" . urlencode($this->shipping['firstname']) . "&";
$query .= "shipping_lastname=" . urlencode($this->shipping['lastname']) . "&";
$query .= "shipping_company=" . urlencode($this->shipping['company']) . "&";
$query .= "shipping_address1=" . urlencode($this->shipping['address1']) . "&";
$query .= "shipping_address2=" . urlencode($this->shipping['address2']) . "&";
$query .= "shipping_city=" . urlencode($this->shipping['city']) . "&";
$query .= "shipping_state=" . urlencode($this->shipping['state']) . "&";
$query .= "shipping_zip=" . urlencode($this->shipping['zip']) . "&";
$query .= "shipping_country=" . urlencode($this->shipping['country']) . "&";
$query .= "shipping_email=" . urlencode($this->shipping['email']) . "&";
$query .= "type=auth";
return $this->_doPost($query);
}
function doCredit($amount, $ccnumber, $ccexp) {
$query = "";
// Login Information
$query .= "security_key=" . urlencode($this->login['security_key']) . "&";
// Sales Information
$query .= "ccnumber=" . urlencode($ccnumber) . "&";
$query .= "ccexp=" . urlencode($ccexp) . "&";
$query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
// Order Information
$query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
$query .= "orderid=" . urlencode($this->order['orderid']) . "&";
$query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
$query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
$query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
$query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
// Billing Information
$query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
$query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
$query .= "company=" . urlencode($this->billing['company']) . "&";
$query .= "address1=" . urlencode($this->billing['address1']) . "&";
$query .= "address2=" . urlencode($this->billing['address2']) . "&";
$query .= "city=" . urlencode($this->billing['city']) . "&";
$query .= "state=" . urlencode($this->billing['state']) . "&";
$query .= "zip=" . urlencode($this->billing['zip']) . "&";
$query .= "country=" . urlencode($this->billing['country']) . "&";
$query .= "phone=" . urlencode($this->billing['phone']) . "&";
$query .= "fax=" . urlencode($this->billing['fax']) . "&";
$query .= "email=" . urlencode($this->billing['email']) . "&";
$query .= "website=" . urlencode($this->billing['website']) . "&";
$query .= "type=credit";
return $this->_doPost($query);
}
function doOffline($authorizationcode, $amount, $ccnumber, $ccexp) {
$query = "";
// Login Information
$query .= "security_key=" . urlencode($this->login['security_key']) . "&";
// Sales Information
$query .= "ccnumber=" . urlencode($ccnumber) . "&";
$query .= "ccexp=" . urlencode($ccexp) . "&";
$query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
$query .= "authorizationcode=" . urlencode($authorizationcode) . "&";
// Order Information
$query .= "ipaddress=" . urlencode($this->order['ipaddress']) . "&";
$query .= "orderid=" . urlencode($this->order['orderid']) . "&";
$query .= "orderdescription=" . urlencode($this->order['orderdescription']) . "&";
$query .= "tax=" . urlencode(number_format($this->order['tax'],2,".","")) . "&";
$query .= "shipping=" . urlencode(number_format($this->order['shipping'],2,".","")) . "&";
$query .= "ponumber=" . urlencode($this->order['ponumber']) . "&";
// Billing Information
$query .= "firstname=" . urlencode($this->billing['firstname']) . "&";
$query .= "lastname=" . urlencode($this->billing['lastname']) . "&";
$query .= "company=" . urlencode($this->billing['company']) . "&";
$query .= "address1=" . urlencode($this->billing['address1']) . "&";
$query .= "address2=" . urlencode($this->billing['address2']) . "&";
$query .= "city=" . urlencode($this->billing['city']) . "&";
$query .= "state=" . urlencode($this->billing['state']) . "&";
$query .= "zip=" . urlencode($this->billing['zip']) . "&";
$query .= "country=" . urlencode($this->billing['country']) . "&";
$query .= "phone=" . urlencode($this->billing['phone']) . "&";
$query .= "fax=" . urlencode($this->billing['fax']) . "&";
$query .= "email=" . urlencode($this->billing['email']) . "&";
$query .= "website=" . urlencode($this->billing['website']) . "&";
// Shipping Information
$query .= "shipping_firstname=" . urlencode($this->shipping['firstname']) . "&";
$query .= "shipping_lastname=" . urlencode($this->shipping['lastname']) . "&";
$query .= "shipping_company=" . urlencode($this->shipping['company']) . "&";
$query .= "shipping_address1=" . urlencode($this->shipping['address1']) . "&";
$query .= "shipping_address2=" . urlencode($this->shipping['address2']) . "&";
$query .= "shipping_city=" . urlencode($this->shipping['city']) . "&";
$query .= "shipping_state=" . urlencode($this->shipping['state']) . "&";
$query .= "shipping_zip=" . urlencode($this->shipping['zip']) . "&";
$query .= "shipping_country=" . urlencode($this->shipping['country']) . "&";
$query .= "shipping_email=" . urlencode($this->shipping['email']) . "&";
$query .= "type=offline";
return $this->_doPost($query);
}
function doCapture($transactionid, $amount =0) {
$query = "";
// Login Information
$query .= "security_key=" . urlencode($this->login['security_key']) . "&";
// Transaction Information
$query .= "transactionid=" . urlencode($transactionid) . "&";
if ($amount>0) {
$query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
}
$query .= "type=capture";
return $this->_doPost($query);
}
function doVoid($transactionid) {
$query = "";
// Login Information
$query .= "security_key=" . urlencode($this->login['security_key']) . "&";
// Transaction Information
$query .= "transactionid=" . urlencode($transactionid) . "&";
$query .= "type=void";
return $this->_doPost($query);
}
function doRefund($transactionid, $amount = 0) {
$query = "";
// Login Information
$query .= "security_key=" . urlencode($this->login['security_key']) . "&";
// Transaction Information
$query .= "transactionid=" . urlencode($transactionid) . "&";
if ($amount>0) {
$query .= "amount=" . urlencode(number_format($amount,2,".","")) . "&";
}
$query .= "type=refund";
return $this->_doPost($query);
}
function _doPost($query) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://secure.apsmerchantgateway.com/api/transact.php");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
curl_setopt($ch, CURLOPT_POST, 1);
if (!($data = curl_exec($ch))) {
return ERROR;
}
curl_close($ch);
unset($ch);
print "\n$data\n";
$data = explode("&",$data);
for($i=0;$i<count($data);$i++) {
$rdata = explode("=",$data[$i]);
$this->responses[$rdata[0]] = $rdata[1];
}
return $this->responses['response'];
}
}
$gw = new gwapi;
$gw->setLogin("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");
$gw->setBilling("John","Smith","Acme, Inc.","123 Main St","Suite 200", "Beverly Hills",
"CA","90210","US","555-555-5555","555-555-5556","support@example.com",
"www.example.com");
$gw->setShipping("Mary","Smith","na","124 Shipping Main St","Suite Ship", "Beverly Hills",
"CA","90210","US","support@example.com");
$gw->setOrder("1234","Big Order",1, 2, "PO1234","65.192.14.10");
$r = $gw->doSale("50.00","4111111111111111","1010");
print $gw->responses['responsetext'];
###########################################################
# #
# D I S C L A I M E R #
# #
# WARNING: ANY USE BY YOU OF THE SAMPLE CODE PROVIDED #
# IS AT YOUR OWN RISK. #
# #
# The code is provided "as is" without #
# warranty of any kind, either express or implied, #
# including but not limited to the implied warranties #
# of merchantability and/or fitness for a particular #
# purpose. #
# #
# #
###########################################################
import pycurl
import urllib
import urlparse
import StringIO
class gwapi():
def __init__(self):
self.login= dict()
self.order = dict()
self.billing = dict()
self.shipping = dict()
self.responses = dict()
def setLogin(self,security_key):
self.login['security_key'] = security_key
def setOrder(self, orderid, orderdescription, tax, shipping, ponumber,ipadress):
self.order['orderid'] = orderid;
self.order['orderdescription'] = orderdescription
self.order['shipping'] = '{0:.2f}'.format(float(shipping))
self.order['ipaddress'] = ipadress
self.order['tax'] = '{0:.2f}'.format(float(tax))
self.order['ponumber'] = ponumber
def setBilling(self,
firstname,
lastname,
company,
address1,
address2,
city,
state,
zip,
country,
phone,
fax,
email,
website):
self.billing['firstname'] = firstname
self.billing['lastname'] = lastname
self.billing['company'] = company
self.billing['address1'] = address1
self.billing['address2'] = address2
self.billing['city'] = city
self.billing['state'] = state
self.billing['zip'] = zip
self.billing['country'] = country
self.billing['phone'] = phone
self.billing['fax'] = fax
self.billing['email'] = email
self.billing['website'] = website
def setShipping(self,firstname,
lastname,
company,
address1,
address2,
city,
state,
zipcode,
country,
email):
self.shipping['firstname'] = firstname
self.shipping['lastname'] = lastname
self.shipping['company'] = company
self.shipping['address1'] = address1
self.shipping['address2'] = address2
self.shipping['city'] = city
self.shipping['state'] = state
self.shipping['zip'] = zipcode
self.shipping['country'] = country
self.shipping['email'] = email
def doSale(self,amount, ccnumber, ccexp, cvv=''):
query = ""
# Login Information
query = query + "security_key=" + urllib.quote(self.login['security_key']) + "&"
# Sales Information
query += "ccnumber=" + urllib.quote(ccnumber) + "&"
query += "ccexp=" + urllib.quote(ccexp) + "&"
query += "amount=" + urllib.quote('{0:.2f}'.format(float(amount))) + "&"
if (cvv!=''):
query += "cvv=" + urllib.quote(cvv) + "&"
# Order Information
for key,value in self.order.iteritems():
query += key +"=" + urllib.quote(str(value)) + "&"
# Billing Information
for key,value in self.billing.iteritems():
query += key +"=" + urllib.quote(str(value)) + "&"
# Shipping Information
for key,value in self.shipping.iteritems():
query += key +"=" + urllib.quote(str(value)) + "&"
query += "type=sale"
return self.doPost(query)
def doPost(self,query):
responseIO = StringIO.StringIO()
curlObj = pycurl.Curl()
curlObj.setopt(pycurl.POST,1)
curlObj.setopt(pycurl.CONNECTTIMEOUT,30)
curlObj.setopt(pycurl.TIMEOUT,30)
curlObj.setopt(pycurl.HEADER,0)
curlObj.setopt(pycurl.SSL_VERIFYPEER,0)
curlObj.setopt(pycurl.WRITEFUNCTION,responseIO.write);
curlObj.setopt(pycurl.URL,"https://secure.apsmerchantgateway.com/api/transact.php")
curlObj.setopt(pycurl.POSTFIELDS,query)
curlObj.perform()
data = responseIO.getvalue()
temp = urlparse.parse_qs(data)
for key,value in temp.iteritems():
self.responses[key] = value[0]
return self.responses['response']
# NOTE: your security_key should replace the one below
gw = gwapi()
gw.setLogin("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");
gw.setBilling("John","Smith","Acme, Inc.","123 Main St","Suite 200", "Beverly Hills",
"CA","90210","US","555-555-5555","555-555-5556","support@example.com",
"www.example.com")
gw.setShipping("Mary","Smith","na","124 Shipping Main St","Suite Ship", "Beverly Hills",
"CA","90210","US","support@example.com")
gw.setOrder("1234","Big Order",1, 2, "PO1234","65.192.14.10")
r = gw.doSale("5.00","4111111111111111","1212",'999')
print gw.responses['response']
if (int(gw.responses['response']) == 1) :
print "Approved"
elif (int(gw.responses['response']) == 2) :
print "Declined"
elif (int(gw.responses['response']) == 3) :
print "Error"
###########################################################
# #
# D I S C L A I M E R #
# #
# WARNING: ANY USE BY YOU OF THE SAMPLE CODE PROVIDED #
# IS AT YOUR OWN RISK. #
# #
# The code is provided "as is" without #
# warranty of any kind, either express or implied, #
# including but not limited to the implied warranties #
# of merchantability and/or fitness for a particular #
# purpose. #
# #
# #
###########################################################
require 'rubygems'
require 'curb'
require 'uri'
require 'addressable/uri'
class GwApi
def initialize()
@login = {}
@order = {}
@billing = {}
@shipping = {}
@responses = {}
end
def setLogin(security_key)
@login['security_key'] = security_key
end
def setOrder( orderid, orderdescription, tax, shipping, ponumber,ipadress)
@order['orderid'] = orderid;
@order['orderdescription'] = orderdescription
@order['shipping'] = "%.2f" % shipping
@order['ipaddress'] = ipadress
@order['tax'] = "%.2f" % tax
@order['ponumber'] = ponumber
end
def setBilling(
firstname,
lastname,
company,
address1,
address2,
city,
state,
zip,
country,
phone,
fax,
email,
website)
@billing['firstname'] = firstname
@billing['lastname'] = lastname
@billing['company'] = company
@billing['address1'] = address1
@billing['address2'] = address2
@billing['city'] = city
@billing['state'] = state
@billing['zip'] = zip
@billing['country'] = country
@billing['phone'] = phone
@billing['fax'] = fax
@billing['email'] = email
@billing['website'] = website
end
def setShipping(firstname,
lastname,
company,
address1,
address2,
city,
state,
zipcode,
country,
email)
@shipping['firstname'] = firstname
@shipping['lastname'] = lastname
@shipping['company'] = company
@shipping['address1'] = address1
@shipping['address2'] = address2
@shipping['city'] = city
@shipping['state'] = state
@shipping['zip'] = zipcode
@shipping['country'] = country
@shipping['email'] = email
end
def doSale(amount, ccnumber, ccexp, cvv='')
query = ""
# Login Information
query = query + "security_key=" + URI.escape(@login['security_key']) + "&"
# Sales Information
query += "ccnumber=" + URI.escape(ccnumber) + "&"
query += "ccexp=" + URI.escape(ccexp) + "&"
query += "amount=" + URI.escape("%.2f" %amount) + "&"
if (cvv!='')
query += "cvv=" + URI.escape(cvv) + "&"
end
# Order Information
@order.each do | key,value|
query += key +"=" + URI.escape(value) + "&"
end
# Billing Information
@billing.each do | key,value|
query += key +"=" + URI.escape(value) + "&"
end
# Shipping Information
@shipping.each do | key,value|
query += key +"=" + URI.escape(value) + "&"
end
query += "type=sale"
return doPost(query)
end
def doPost(query)
curlObj = Curl::Easy.new("https://secure.apsmerchantgateway.com/api/transact.php")
curlObj.connect_timeout = 30
curlObj.timeout = 30
curlObj.header_in_body = false
curlObj.ssl_verify_peer=false
curlObj.post_body = query
curlObj.perform()
data = curlObj.body_str
# NOTE: The domain name below is simply used to create a full URI to allow URI.parse to parse out the query values
# for us. It is not used to send any data
data = '"https://secure.apsmerchantgateway.com/api/transact.php?' + data
uri = Addressable::URI.parse(data)
@responses = uri.query_values
return @responses['response']
end
def getResponses()
return @responses
end
end
gw = GwApi.new()
# NOTE: your security_key should replace the one below
gw.setLogin("6457Thfj624V5r7WUwc5v6a68Zsd6YEm");
gw.setBilling("John","Smith","Acme, Inc.","123 Main St","Suite 200", "Beverly Hills",
"CA","90210","US","555-555-5555","555-555-5556","support@example.com",
"www.example.com")
gw.setShipping("Mary","Smith","na","124 Shipping Main St","Suite Ship", "Beverly Hills",
"CA","90210","US","support@example.com")
gw.setOrder("1234","Big Order",1, 2, "PO1234","65.192.14.10")
r = gw.doSale("5.00","4111111111111111","1212",'999')
myResponses = gw.getResponses
print myResponses['response'] + " "
if (myResponses['response'] == '1')
print "Approved \n"
elsif (myResponses['response'] == '2')
print "Declined \n"
elsif (myResponses['response'] == '3')
print "Error \n"
end
Collect.js is a JavaScript framework that allows merchants to collect sensitive payment information from their customers without exposing their website to the sensitive information. This can be done while allowing merchants to retain full control over the look and feel of their checkout experience.
This is a data collection and tokenization system, not a full payments API, so you can use this in conjunction with an existing transaction API (Direct Post) to submit transactions or use other gateway services that utilize payment information.
Collect.js is designed to be flexible, and its implementation can be as simple as pasting a single script tag to your checkout page, or it can be customized to interact with your website however you’d like.
Authentication is done via a “tokenization key” that you can generate in your merchant control panel under the “Security Keys” settings page. Select “Tokenization” for the key type.
This tokenization key can only be used with Collect.js and will not work with any other APIs. Similarly, any API keys already created will not work with Collect.js.
This key will be visible to customers in your website’s source code, so please make sure you only use the tokenization key here.