Credomatic Integration Resources. Browser Redirect API Documentation June 2007



Similar documents
Merchant One Payment Systems Integration Resources. Direct Post API Documentation June 2007

Network Merchants Inc (NMI) Integration Resources. Direct Post API Documentation April 2010

Gateway Direct Post API

Durango Merchant Services Customer Vault API

Methodology Three-Step

Inspire Commerce &.pay. Customer Vault API. Inspire Commerce

Three Step Redirect API V2.0 Patent Pending

Volume PLANETAUTHORIZE PAYMENT GATEWAY. vtiger CRM Payment Module. User Guide

Three Step Redirect API

Response Code Details

Merchant Integration Guide

Bank and SecurePay Response Codes

Merchant Integration Guide

Card-Present Transactions Implementation Guide Version 1.0

Web Services Credit Card Errors A Troubleshooter

Process Transaction API

PROCESS TRANSACTION API

API Integration Payment21 Button

MiGS Virtual Payment Client Integration Guide. July 2011 Software version: MR 27

Web Services Credit Card Errors A Troubleshooter

Hosted Credit Card Forms Implementation Guide

Gateway Integration Specifications Credit Card Processing

DIRECT INTEGRATION GUIDE DIRECT INTEGRATION GUIDE. Version: 9.16

MasterCard In tern et Gateway Service (MIGS)

Authorize.net modules for oscommerce Online Merchant.

USA epay Gateway Commonly Asked Questions

Server-to-Server Credit Card Implementation Guide

Web Services Credit Card Errors A Troubleshooter

DalPay Internet Billing. Checkout Integration Guide Recurring Billing

Merchant Interface Online Help Files

Swedbank Payment Portal Implementation Overview

Virtual Payment Client Integration Reference. April 2009 Software version:

A: This will depend on a number of factors. Things to consider and discuss with a member of our ANZ Merchant Services team are:

Elavon Payment Gateway- Reporting User Guide

itransact Gateway Fast Start Guide

Virtual Terminal Solution

Secure XML API Integration Guide. (with FraudGuard add in)

Transaction Details Guide

ANZ Secure Gateway Virtual Terminal QUICK REFERENCE GUIDE NOVEMBER 2015

Address Verification System (AVS) Checking

Merchant Console User Manual

Advanced Integration Method (AIM) Developer Guide

USER GUIDE. Rev 9/05

WEB TERMINAL AND RECURRING BILLING

Virtual Terminal & Online Portal

Advanced Integration Method (AIM) Developer Guide

ipayment Gateway API (IPG API)

Credit Card Overview & Processing Guide entrée Version 3

Merchant Interface Online Help Files

Merchant Web Services API

The Wells Fargo Payment Gateway Business Center. User Guide

Secure Payment Form User s Guide

Direct Payment Protocol Errors A Troubleshooter

Setting Up epayment Processing

MyGate Response Codes. Version 2.1

Realex Payments. Magento Community / Enterprise Plugin. Configuration Guide. Version: 1.1

I. Simplifying Payment Processing. II. Authorizing Your Transactions Correctly page 6

6. REPONSE CODE DEFINITION

Direct Post. Integration Guide

MasterCard In tern et Gatew ay Service (MIGS)

Global Transport Secure ecommerce Decision Tree

API Integration Payment21 Recurring Billing

Merchant e-solutions Payment Gateway Back Office User Guide. Merchant e-solutions January 2011 Version 2.5

NAB TRANSACT. XML API Integration Guide

Netswipe Processing Implementation

ANZ egate Virtual Payment Client

XML Messenger API Document Version: Issue Date: 03/05/2014

SENTRY Payment Gateway

Merchant Plug-In. Specification. Version SIX Payment Services

Secure XML API Integration Guide - Periodic and Triggered add in

How To Reverse A Credit Card Transaction On A Credit Cards Card On A Microsoft Card (Iota) On A Pc Or Macbook (Macro) On An Iphone Or Ipad (Macromax) On The Pc Or Ip

Advanced Integration Method (AIM) Developer Guide

Global Transport Secure ecommerce. Web Service Implementation Guide

TrustCommerce Vault Users Guide Version 4.22

Merchant Card Payment Engine

Skipjack Merchant Services Guide

MERCHANT MANAGEMENT SYSTEM

PathwayLINK Recurring Billing Document Version 1.7 Published NOV 2011

MiGS Merchant Administration Guide. July 2013 Software version: MR 29

SFTP Batch Processor. Version 1.0

Merchant Web Services API Advanced Integration Method (AIM)

Rapid 3.0 Transparent Redirect API. Official eway Documentation. Version 0.82

My Sage Pay User Manual

Payment Gateway HTTP and XML API Developers Documentation. HTTP/XML API Last Modified: 28 September 2015

Emdeon ecashiering Manual. February 22, 2010

MySagePay. User Manual. Page 1 of 48

Card-Present Transactions

Audi Virtual Payment Client Integration Manual

Sage Pay Direct Integration and Protocol Guidelines Published: 01/08/2014

Authorize.Net. Reference Guide

Server Protocol and Integration Guideline (Protocol v3.00) Published Date 27/08/2013

Refer to the Integration Guides for the Connect solution and the Web Service API for integration instructions and issues.

Authorize.Net. Reference Guide

Elavon Payment Gateway Integration Guide- Remote

Realex Payments Gateway Extension with 3D Secure for Magento. User Guide to Installation and Configuration. StudioForty9

Absorb Single Sign-On (SSO) V3.0

Payflow Link User s Guide

Authorize.Net Mobile Application

Transcription:

Credomatic Integration Resources Browser Redirect API Documentation June 2007

Table of Contents Methodology... 2 Browser Redirect Method (Browser to Server) FIG. 1... 2 API Authentication Parameters... 3 Inbound Hash... 3 Response Hash... 4 Transaction Types... 5 Sale (sale)... 5 Authorization (auth)... 5 Capture (capture)... 5 Void (void)... 5 Refund (refund)... 5 Credit (credit)... 5 Update (update)... 5 Transaction POST URL... 6 Transaction Variables... 6 Sale/Authorization/Credit... 6 Capture... 7 Void... 7 Refund... 7 Update... 8 Transaction Response Variables... 8 Standard Response... 8 Testing Information... 9 Test Transaction Information... 9 Triggering Errors in Test Mode... 9 Changelog... 10 Appendix 1 AVS Response Codes... 10 Appendix 2 CVV Response Codes... 10 Appendix 3 response_code Lookup Table... 11 Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 1

Methodology Browser Redirect Method (Browser to Server) FIG. 1 1. The customer begins the merchant s checkout process. 2. The merchant returns a payment page to the customer with the form's action pointing to the Payment Gateway. 3. The customer posts payment data to the Payment Gateway by submitting the form. 4. The Payment Gateway processes the transaction and redirects the customer back to the merchant s website with the appropriate results in the GET query string. 5. Because of the redirect, the customer s browser automatically requests the previously passed redirect page on the merchant s web site. 6. The merchant s web site interprets the query string variables and displays the appropriate message to the customer. Please note that the merchant may be required to use the Browser Redirect method if they are enrolled in 3D Secure Technology (Verified by Visa / MasterCard SecureCode). When using the Browser Redirect method, the cardholder submits payment data directly to the Payment Gateway but the response must be relayed back to the merchant s web site. FIG. 1 Upon the cardholder s request to checkout (Step 1), the merchant must display a form to the cardholder (Step 2) that contains or collects the appropriately named variables (as defined below). The additional redirect variable (as defined below) will indicate to the Payment Gateway where the cardholder should be directed and essentially what file will parse the transaction results. This will typically be passed as a hidden field. This form should also have an action of the Payment Gateway s URL. When the cardholder submits the form, the data is posted to the Payment Gateway (Step 3). The Payment Gateway processes the transaction and sends a header redirect back to the cardholder (Step 4). In Step 5, the cardholder requests the URL defined by the previously posted redirect variable and the results of the transaction are included in the GET query string. The merchant must create a script that parses these response variables, updates their database/ordering system appropriately, and displays the receipt or decline message to the cardholder. (Step 6) Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 2

API Authentication Parameters To completely protect the authenticity of a merchant's API requests and responses, Security Keys must be used when using the Browser Redirect Method. You may not use a username and password for Browser Redirect API Authentication. The appropriate authentication method is described below. Inbound Hash The inbound hash protects the authenticity of the data in the request. The key_id and hash variables replace a standard username and password for best-in-class security authentication. Specifically, the following fields are protected by the hash: OrderId Amount Additional Field Requirements: 'time' 'key_id' 'hash' Example: A time value is also associated with the request to protect against hashes being used over an extended period of time. The gateway will reject times that are over 15 minutes old. The time should be passed in the 'time' field and should represent a C-style/Unix timestamp (number of seconds since Jan 1, 1970 UTC, epoch) This key value can be obtained under the Security Keys section within the Gateway Options inside the Merchant Control Panel. The hash should be the values of the following variables delimited by pipes and hashed with an md5 algorithm. orderid amount time Key The Key can be obtained under the Security Keys section within the Gateway Options and is associated with the passed key_id above. <?php $time = time();?> <input type=text name=key_id value=449510> <input type=text name=hash value=<?= md5("test 1.00 $time \!b2#i/wu%)4_tudpaxo GDWW?20:V.w");?>> Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 3

Response Hash After an API call has been made, a unique hash will immediately be returned in the response. The response hash protects the authenticity of the data returned to the merchant s servers. Performing an additional md5 check on the response hash will ensure that the response is authentic. Specifically, the following fields are protected by the response hash: OrderID Amount Response TransactionID AVS_Response CVV_Response Additional Fields Returned: 'time' 'amount' 'hash' Example: The gateway will generate a time in the format described above. The merchant's application can use this time to determine the staleness of the response. The amount will be echoed back in the response The hash should be the values of the following variables delimited by pipes and hashed with an md5 algorithm. orderid amount response transactionid avsresponse cvvresponse time Key The Key can be obtained by under the Security Keys section within the Gateway Options and is associated with the passed key_id above. Hash variable in API response equals 81e992a2a2e855bc226a785667c25889, which is authenticated as follows: <?php md5('test 1.00 1 273247169 N 1182818665 \!b2#i/wu%)4_tudpaxo GDWW?20:V.w');?> Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 4

Transaction Types Sale (sale) Transaction sales are submitted and immediately flagged for settlement. These transactions will automatically be settled. Authorization (auth) Transaction authorizations are authorized immediately but are not flagged for settlement. These transactions must be flagged for settlement using the capture transaction type. Authorizations typically remain activate for three to seven business days. Capture (capture) Void (void) Transaction captures flag existing authorizations for settlement. Only authorizations can be captured. Captures can be submitted for an amount equal to or less than the original authorization. Transaction voids will cancel an existing sale or captured authorization. In addition, non-captured authorizations can be voided to prevent any future capture. Voids can only occur if the transaction has not been settled. Refund (refund) Transaction refunds will reverse a previously settled transaction. If the transaction has not been settled, it must be voided instead of refunded. Credit (credit) Transaction credits apply a negative amount to the cardholder s card. In most situations credits are disabled as transaction refunds should be used instead. Update (update) Transaction updates can be used to update previous transactions with specific order information, such as a tracking number. Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 5

Transaction POST URL All test and live transactions should be submitted to the following URL: https://credomatic.compassmerchantsolutions.com/api/transact.php This URL is the same for both Live and Test Mode environments. Transaction Variables Sale/Authorization/Credit Variable Name Required* Format Description type Required sale / auth / credit sale = Transaction Sale auth = Transaction Auth credit = Transaction Credit key_id Required Security Key Id from Merchant Control Panel hash Required MD5 variable Hash time Required Unix Time Stamp Seconds since January 1st, 1970 (Unix Epoch) redirect Required https:// The URL the cardholder will be redirected to. This URL must also parse and respond to the response variables included in the GET query upon the redirect. ccnumber Required** Credit card number ccexp Required** MMYY Credit card expiration (ie. 0705 = 7/2005) checkname Required** The name on the customer s Checking Account. checkaba Required** The customer s bank routing number checkaccount Required** The customer s bank account number account_holder_type Required** business / personal The customer s type of ACH account account_type Required** checking / savings The customer s type of ACH account amount Required x.xx Total amount to be charged (i.e. 10.00) cvv Recommended Card security code product_sku_# Optional product_sku_1 Associate API call with Recurring SKU payment Recommended cc / check Set Payment Type to ACH or Credit Card orderdescription Optional Order description ipaddress Recommended xxx.xxx.xxx.xxx IP address of the cardholder tax Level II x.xx Total tax amount shipping Level II x.xx Total shipping amount ponumber Level II Original Purchase Order firstname Recommended Cardholder s first name lastname Recommended Cardholder s last name company Optional Cardholder s company address1 Recommended Card billing address address2 Optional Card billing address line 2 city Recommended Card billing city state Recommended CC Card billing state (2 character abbrev.) zip Recommended Card billing zip code country Recommended CC (ISO-3166) Card billing country (ie. US) phone Recommended Billing phone number fax Optional Billing fax number email Recommended Billing email address Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 6

website Optional Website shipping_firstname Optional Shipping first name shipping_lastname Optional Shipping last name shipping_company Optional Shipping company shipping_address1 Optional Shipping address shipping_address2 Optional Shipping address line 2 shipping_city Optional Shipping city shipping_state Optional Shipping state shipping_zip Optional Shipping zip code shipping_country Optional CC (ISO-3166) Shipping country (ie. US) shipping_email Optional Shipping email address *These fields are required by default. Level II fields are required for Level II processing. Recommended fields help provide additional address and cardholder verification. Certain banks may require some optional fields. **You can pass only Credit Card or echeck transaction variables in a request not both in the same request. Capture Variable Name Required Format Description type Required capture capture = Transaction Capture key_id Required Security Key Id from Merchant Control Panel hash Required MD5 variable Hash time Required Unix Time Seconds since January 1 st, 1970 (Unix Epoch) Stamp redirect Required https:// The URL the cardholder will be redirected to. This URL must also parse and respond to the response variables included in the GET query upon the redirect. Transactionid Required Original Payment Gateway transaction id amount Required x.xx Total amount to be settled (i.e. 10.00) This amount must be equal to or less than the original authorized amount. Void Variable Name Required Format Description type Required void void = Transaction Capture key_id Required Security Key Id from Merchant Control Panel hash Required MD5 variable Hash time Required Unix Time Seconds since January 1 st, 1970 (Unix Epoch) Stamp redirect Required https:// The URL the cardholder will be redirected to. This URL must also parse and respond to the response variables included in the GET query upon the redirect. Transactionid Required Original Payment Gateway transaction id Refund Variable Name Required Format Description type Required refund refund = Transaction Capture key_id Required Security Key Id from Merchant Control Panel hash Required MD5 variable Hash time Required Unix Time Seconds since January 1 st, 1970 (Unix Epoch) Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 7

Stamp redirect Required https:// The URL the cardholder will be redirected to. This URL must also parse and respond to the response variables included in the GET query upon the redirect. Transactionid Required Original Payment Gateway transaction id amount Required x.xx Total amount to be refunded (i.e. 10.00) This amount must be equal to or less than the settled amount. Update Variable Name Required Format Description type Required update update = Update an un-captured Transaction key_id Required Security Key Id from Merchant Control Panel hash Required MD5 variable Hash time Required Unix Time Stamp Seconds since January 1 st, 1970 (Unix Epoch) redirect Required https:// The URL the cardholder will be redirected to. This URL must also parse and respond to the response variables included in the GET query upon the redirect. Transactionid Required Original Payment Gateway transaction id tracking_number Optional Shipping Tracking Number carrier Optional ups/fedex/dhl/usps Shipping Carrier orderid Optional Order Id Transaction Response Variables Standard Response Variable Name Format Description response 1 / 2 / 3 1 = Transaction Approved 2 = Transaction Declined 3 = Error in transaction data or system error responsetext Textual response authcode Transaction authorization code transactionid hash Payment Gateway transaction id The hash should be the values of defined variables delimited by pipes and hashed with an md5 algorithm. avsresponse C AVS Response Code (See Appendix 1) cvvresponse C CVV Response Code (See Appendix 2) orderid The original order id passed in the transaction request. response_code C Numeric mapping of processor responses (See Appendix 3) Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 8

Testing Information Test Transaction Information Test transactions can be submitted with the following information: Visa Credit Card: 4111111111111111 MasterCard Card: 5431111111111111 DiscoverCard Card: 6011601160116611 American Express Card: 341111111111111 Credit Card Expiration: Any valid expiration date Amount: >1.00 Triggering Errors in Test Mode To cause a declined message, pass an amount less than 1.00. To trigger an error message, pass an invalid card number. To simulate an AVS Match, pass 77777 in the address1 field. To simulate a CVV Match, pass 999 in the cvv field. Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 9

Changelog June 2007 July 2006 April 2006 February 2006 Added MD5 Hashing Authentication Added Transaction Type Update Added Response Code Appendix Documented Browser Redirect Capability Appendix 1 AVS Response Codes X Exact match, 9-character numeric ZIP Y Exact match, 5-character numeric ZIP D M A Address match only B W 9-character numeric ZIP match only Z 5-character Zip match only P L N No address or ZIP match C U Address unavailable G Non-U.S. Issuer does not participate I R Issuer system unavailable E Not a mail/phone order S Service not supported 0 AVS Not Available O B Appendix 2 CVV Response Codes M N P S U CVV2/CVC2 Match CVV2/CVC2 No Match Not Processed Merchant has indicated that CVV2/CVC2 is not present on card Issuer is not certified and/or has not provided Visa encryption keys Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 10

Appendix 3 response_code Lookup Table Browser Redirect API Copyright 2001-2007 All Rights Reserved. Page 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information