Secure Checkout (hosted redirect)
How to setup and use our hosted Checkout form
Why our hosted secure Checkout form?
We provide our secure Checkout forms to remove the PCI data and security requirements and responsibilities from the merchant server by placing a small snip of code we provide on the payment page that creates a payment button and payment methods to accept and mange data and the payment lifecycle.
When a customer is ready to make a payment and presses the payment button they will be redirected to a hosted payment page to collect data and process the payment.
In order to successfully complete each transaction, online shoppers will temporarily leave your site, key in their credit card information in our secure payment form and then return to your e-commerce store when payment is complete.
The Checkout form will accept input parameters to process a transaction such as amount and customer details and will return a full payment response to your supplied return urls.
How it works
- A shopper / customer browses the merchant’s site and adds items to their cart, the merchant's site simply calls up our Checkout form or an ISV's application calls up our Checkout form. When the shopper / customer wishes to make a payment, they will click a button link on the merchant’s site or ISV's application.
- This shopper / customer will be redirected to a secure checkout server where they will see the amount to pay and can select their payment type (Bank Transfer or Credit/Debit Card).
- The shopper will then provide payment details in fields provided for the payment type selected and press SUBMIT to process the payment.
- The sale detail and payment information is passed securely from our Checkout servers (not the merchant server) to the QorCommerce payment platform for processing.
- When the QorCommerce payment platform responds with the payment processing result, the shopper / customer will be redirected back to a specified page on the merchant's server or ISV's application server with the full response data for display or further action as required in their payments workflow.
Setup and Configuration
URL: https://secure.qorcommerce.io/chkout.php
METHOD: POST
- Create a SHA512 Signature hash calculated from the transaction request data
- Build and format the request
- Send request and user to the QorCommerce URL
1. Create a signature
Calculate a sha512 cryptographic hash signature by creating a string made from the transaction parameter values shown. The calculated hash should then be inserted into the transaction_data object as the sign parameter value.
The following example demonstrates how to generate sha512 hash in PHP, all parameters (defined below) are separted by a '|' and the structure is as represented in $str:
$str = "<mid>|<gwtoken>|<txnid>|<amount>||<cfirstname>|<cemail>|<order_id>||||||||||<your salt>";
$hash = strtolower(hash('sha512', $str));
2. Build the request
Create a JSON object for the transaction request using the following parameters:
| parameter | description | required |
|---|---|---|
| client_key | The client key assigned by QorCommerce or your merchant service account provider (use the assigned Qor-Client-Key) | Y |
| transaction_data | An object containing paramters and values of data to be processed | Y |
The following params are available for the transaction_data object:
| parameter | description | required |
|---|---|---|
| mid | The merchant ID assigned to this merchant | Y |
| storename | The Store Name you would like to use on the form | Y |
| order_id | The order id / number for this transaction. This value must be unique for the mid for this transaction or a duplicate error will be returned | Y |
| sign | A calculated hash value used to sign this transaction used for security and data integrity. | Y |
| amount | The total amount to process. Format as a string with up to 2 decimal number.
| Y |
| txnid | merchant provided transaction id | Y |
| accnt_token | token to be used for payment | N |
| store_card | if true will store card in the QorCommerce Secure Vault and return a card token - defaults to 'no' (used only when accnt_token is not present) | N |
| returnurl | url to return to - with trxn response | Y |
| cancelurl | url to return to - if form is cancelled | Y |
| cardfullname | The cardholder name embossed or printed on credit card | N |
| billing | whether or not to show the billing address information (yes / no) - defaults to 'yes' - AVS requirement | N |
| recurring | whether or not this is a recurring trxn (yes / no) - defaults to 'no' | N |
EXAMPLE JSON REQUEST
{
"GWToken": "01dffeb784c64d098c8c691ea589eb82",
"transaction_data": {
"mid": "887728202",
"storename": "Store Name",
"orderid": "oid_12345",
"sign": "<<signature>>",
"amount": "36.00",
"txnid": "txn_12345",
"returnurl": "https://mysite.com/return.html",
"cancelurl": "https://mysite.com/cancelled.html",
"cfirstname": "Hosted",
"clastname": "Checkout",
"baddress": "123 hosted Server",
"bcity": "Tampa",
"bstate": "FL",
"bzip": "33605",
"bcountry": "US",
"sfirstname": "Some",
"slastname": "Customer",
"saddress": "2820 Customer Ln",
"scity": "Houston",
"sstate": "TX",
"scountry": "US",
"cemail": "[email protected]",
"cphone": "123-456-7890",
"semail": "[email protected]",
"sphone": "987-654-3210",
"ipaddress": "192.168.10.1",
"items": {
"prodct_name": [
"sku-123123|widget01|1|2.00|product 1",
"sku-456456|widget02|6|4.00|product 2",
"sku-789789|widget03|2|6.00|product 3"
]
}
}
}
SAMPLE CHECKOUT FORMS
Here are a few examples of how the secure Checkout forms will appear when the customer is redirected to QorCommerce.
Updated almost 3 years ago