Secure Checkout (hosted redirect)

How to setup and use our hosted Checkout form

Why our hosted secure Checkout form?

We provide our secure Checkout forms to remove the PCI data and security requirements and responsibilities from the merchant server by placing a small snip of code we provide on the payment page that creates a payment button and payment methods to accept and mange data and the payment lifecycle.

When a customer is ready to make a payment and presses the payment button they will be redirected to a hosted payment page to collect data and process the payment.

In order to successfully complete each transaction, online shoppers will temporarily leave your site, key in their credit card information in our secure payment form and then return to your e-commerce store when payment is complete.

The Checkout form will accept input parameters to process a transaction such as amount and customer details and will return a full payment response to your supplied return urls.

How it works

  1. A shopper / customer browses the merchant’s site and adds items to their cart, the merchant's site simply calls up our Checkout form or an ISV's application calls up our Checkout form. When the shopper / customer wishes to make a payment, they will click a button link on the merchant’s site or ISV's application.
  2. This shopper / customer will be redirected to a secure checkout server where they will see the amount to pay and can select their payment type (Bank Transfer or Credit/Debit Card).
  3. The shopper will then provide payment details in fields provided for the payment type selected and press SUBMIT to process the payment.
  4. The sale detail and payment information is passed securely from our Checkout servers (not the merchant server) to the QorCommerce payment platform for processing.
  5. When the QorCommerce payment platform responds with the payment processing result, the shopper / customer will be redirected back to a specified page on the merchant's server or ISV's application server with the full response data for display or further action as required in their payments workflow.

Setup and Configuration


  • Create a SHA512 Signature hash calculated from the transaction request data
  • Build and format the request
  • Send request and user to the QorCommerce URL

1. Create a signature

Calculate a sha512 cryptographic hash signature by creating a string made from the transaction parameter values shown. The calculated hash should then be inserted into the transaction_data object as the sign parameter value.

The following example demonstrates how to generate sha512 hash in PHP, all parameters (defined below) are separted by a '|' and the structure is as represented in $str:

$str = "<mid>|<gwtoken>|<txnid>|<amount>||<cfirstname>|<cemail>|<order_id>||||||||||<your salt>";
$hash = strtolower(hash('sha512', $str));

2. Build the request

Create a JSON object for the transaction request using the following parameters:

client_keyThe client key assigned by QorCommerce or your merchant service account provider (use the assigned Qor-Client-Key)Y
transaction_dataAn object containing paramters and values of data to be processedY

The following params are available for the transaction_data object:

midThe merchant ID assigned to this merchantY
storenameThe Store Name you would like to use on the formY
order_idThe order id / number for this transaction. This value must be unique for the mid for this transaction or a duplicate error will be returnedY
signA calculated hash value used to sign this transaction used for security and data integrity.Y
amountThe total amount to process. Format as a string with up to 2 decimal number.
  • "12", "12.1", "12.11"
txnidmerchant provided transaction idY
accnt_tokentoken to be used for paymentN
store_cardif true will store card in the QorCommerce Secure Vault and return a card token - defaults to 'no' (used only when accnt_token is not present)N
returnurlurl to return to - with trxn responseY
cancelurlurl to return to - if form is cancelledY
cardfullnameThe cardholder name embossed or printed on credit cardN
billingwhether or not to show the billing address information (yes / no) - defaults to 'yes' - AVS requirementN
recurringwhether or not this is a recurring trxn (yes / no) - defaults to 'no'N

  "GWToken": "01dffeb784c64d098c8c691ea589eb82",
  "transaction_data": {
    "mid": "887728202",
    "storename": "Store Name",
    "orderid": "oid_12345",
    "sign": "<<signature>>",
    "amount": "36.00",
    "txnid": "txn_12345",
    "returnurl": "",
    "cancelurl": "",
    "cfirstname": "Hosted",
    "clastname": "Checkout",
    "baddress": "123 hosted Server",
    "bcity": "Tampa",
    "bstate": "FL",
    "bzip": "33605",
    "bcountry": "US",
    "sfirstname": "Some",
    "slastname": "Customer",
    "saddress": "2820 Customer Ln",
    "scity": "Houston",
    "sstate": "TX",
    "scountry": "US",
    "cemail": "[email protected]",
    "cphone": "123-456-7890",
    "semail": "[email protected]",
    "sphone": "987-654-3210",
    "ipaddress": "",
    "items": {
      "prodct_name": [
        "sku-123123|widget01|1|2.00|product 1",
        "sku-456456|widget02|6|4.00|product 2",
        "sku-789789|widget03|2|6.00|product 3"


Here are a few examples of how the secure Checkout forms will appear when the customer is redirected to QorCommerce.