HomeProfessional Website DesignStoreClerk Shopping Cart SystemBusiness HostingContact Us
We accept credit cards

so you can!
Serving Merchants Since 1996
Credit Card Store
 








Q&A






The Credit Card Store
Phone: 877-855-3300
Email: GetPaid@CreditCardStore.com

Secure Free Credit Card Machine Application

Click Here To Apply!

Click Here To Apply

www.creditcardstore.com
Apply for a Credit Card Online

Simple Integration Method (SIM)
Implementation Guide

Card-Not-Present Transactions Version 1.0

Table of Contents

INTRODUCTION

SIMPLE INTEGRATION METHOD (SIM)

What is SIM?
How does SIM work?
Collecting Payment Data
Submitting a Request to the Gateway
Rendering a Response to the Customer

SIM IMPLEMENTATION

What is required to implement SIM?

STEPS TO INTEGRATE TO THE GATEWAY USING SIM

Obtaining and Storing the Transaction Key
Creating and generating a fingerprint
Sample of fingerprint generation
Construct an HTML form to generate the fingerprint and POST transactions to the gateway

USING THE MERCHANT INTERFACE TO CONFIGURE SIM

Payment Form Settings
Receipt Page Settings
Relay Response URL Settings

SAMPLE SIM INTEGRATIONS – FORM CONSTRUCTION

Example 1 – Minimum requirements for requesting a Payment Form
Example 2 – Using a form to gather information
Example 3 – Requesting a Receipt Page
Example 4 – Requesting a Payment Form and a Relay Response

STANDARD TRANSACTION SUBMISSION API FOR SIM

Merchant Account Information
Fingerprint Fields
Payment Form Fields
Receipt Page Fields
Fields Common to Both the Payment Form and Receipt Page
Relay Response Fields
Customer Name and Billing Address
Additional Customer Data
Email Settings
Invoice Information
Customer Shipping Address
Transaction Data
Level 2 Data

TRANSACTION SUBMISSION API FOR WELLS FARGO SECURESOURCE MERCHANTS

Customer Name and Billing Address
Email Settings
Additional Customer Data

GATEWAY RESPONSE API

Fields in the Gateway Response
SIM Relay Response
SIM Transaction Response Versions
Response Code Details
Description of Response Fields
Response Reason Codes & Response Reason Text

SIM BEST PRACTICES

Best Practices Summary
Securely store the transaction key
Do not expose the transaction key to the customer
Change transaction keys often
Secure the secret answer
Generate fingerprint as late as possible in the checkout process
Ensure your system clock is set to proper time and timezone

APPENDIX A – TYPES OF CREDIT CARD TRANSACTIONS

Credit Card Transaction Types

APPENDIX B – FEATURES OF THE GATEWAY

Address Verification System
Credit Card Identification Code (CVV2/CVC2/CID)

APPENDIX C – CUSTOMIZING NOTIFICATION TO CUSTOMERS

APPENDIX D – SUBMITTING TEST TRANSACTIONS TO THE SYSTEM

Test Mode
Running a Test Transaction
Test credit card numbers

APPENDIX E – SAMPLE SCRIPTS

ASP Script
PHP Script
Perl Script

APPENDIX F – CERTIFICATION

APPENDIX G – CURRENCY CODES

Introduction

Payment gateways facilitate electronic commerce by enabling merchants to accept credit cards and electronic checks as methods of payment for goods and services sold online. The gateway acts as a bridge between the merchant’s Website and the financial institutions that process payment transactions. Payment data is collected online from the shopper and submitted to the gateway for real-time authorization.

Authorization is the process of checking the validity and available balance of a customer’s credit card before the transaction can be accepted. To authorize a given credit card transaction, the gateway transmits the transaction information to the appropriate financial institutions for validation, then returns the response (approved or declined) from the institution to the merchant or customer. The payment gateway supports real-time and offline requests for credit card authorization.

Note: The payment gateway is targeted towards merchants that process Card-Not-Present transactions. In a Card-Not-Present transaction, the merchant and the shopper are not in the same physical location and the customer usually calls in the payment data or keys in the details of the credit card on a Website. All e-commerce and mail/telephone orders are Card-Not-Present transactions.

The gateway also supports electronic check transactions. Merchants can collect consumer bank account numbers and routing numbers to pay for purchases.

This document describes how transactions can be submitted to the gateway for real-time processing using the Simple Integration Method.

Simple Integration Method (SIM)

What is SIM?

The Simple Integration Method is a relatively simple and secure method to submit transactions to the Payment Gateway. Merchants using this method have the option to let the gateway handle all the steps in transaction processing—payment data collection, data submission, and response to customer. Any request to the gateway is required to contain information that indicates to the gateway that the transaction is authentic and has been submitted for processing with the merchant’s knowledge. This information is contained in a fingerprint that has to be generated by the merchant and included with every request submitted to the gateway. The fingerprint is a hash generated using the HMAC-MD5 hashing algorithm on a set of pre-defined transaction-specific fields. If the fingerprint cannot be validated by the gateway, the request will be rejected.

How does SIM work?

The merchant collects payment information on their Website using either their own payment form or by requesting the gateway’s Payment Form. The merchant can also request the gateway’s Receipt Page to return to the customer. For each request or transaction submitted to the Payment Gateway, the merchant generates and submits a unique fingerprint.

Collecting Payment Data

The merchant can choose to host the Web page where the customer enters payment data, or request that the gateway host the page. The page hosted by the gateway to collect payment data is referred to as the Payment Form, and can be configured by the merchant to look like their Website. Using the gateway-hosted Payment Form, merchants can collect payment data securely without having a secure Website.

Submitting a Request to the Gateway

A request to generate the gateway’s Payment Form must include a unique merchant-generated fingerprint. This fingerprint is used to authenticate that the request originated from an authorized merchant.

If the merchant hosts their own secure payment form, the fingerprint must be submitted along with transaction information to the gateway.

Rendering a Response to the Customer

The response returned by the gateway to the customer’s browser is referred to as a Recipt Page. The merchant can configure the Receipt Page to look like their Website. However, the merchant also has the option to receive the transaction response from the gateway, customize it, and send back a receipt page to the gateway. The gateway then relays the merchant-generated receipt page to the customer’s browser. This response option is referred to as Relay Response. Merchants who use Relay Response can exercise a greater degree of control over the messaging of a response to the customer.

SIM Implementation

In order to integrate to the Payment Gateway using the Simple Integration Method, the merchant needs to be able to construct an HTML form that can generate a fingerprint and post information including the fingerprint to https://secure.authorize.net/gateway/transact.dll.

What is required to implement SIM?

  • The merchant’s hosting provider must have server scripting or CGI capability like ASP, PHP, Perl, JSP
  • Merchants should be able to securely store files containing sensitive account information and apply access controls. They also have to be able to store sensitive information in a secure, restricted-access database.
  • Merchant’s hosting their own payment form need to have secure servers.

Steps to Integrate to the gateway using SIM

1. The merchant obtains a transaction key from the Merchant Interface. (The gateway-generated transaction key is similar to a password and is used to generate a fingerprint. The Merchant Interface is a tool through which merchants can manage their accounts and transaction activity. A Login ID and password are required to access this tool. The URL to the Merchant Interface is available to the merchant from their merchant service provider)

2. The merchant needs to modify their Web pages to contain the fingerprint-generating function, or script. The script, whether on a server or embedded in the HTML page itself, generates the unique fingerprint.

3. The merchant can create the fingerprint by modifying sample scripts provided in the Merchant Interface, or by writing and implementing their own script.

4. The fingerprint and the information required to process the transaction are posted to the gateway. The Standard Transaction Submission API for SIM describes the information that is required to submit a transaction to the gateway.

Obtaining and Storing the Transaction Key

The transaction key is a gateway-generated, random alphanumeric string that is one of the inputs to the fingerprint-generating function. The transaction key is a unique value that is exchanged between the gateway and the merchant. It is used by the gateway to authenticate the fingerprint and the transaction as originating from an authorized merchant. It is therefore extremely important that the transaction key is stored securely on the merchant’s server once it has been obtained from the Merchant Interface.

To obtain the Transaction Key from the Merchant Interface:

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on the Obtain Transaction Key in the Security section

4. Type in the answer to your secret question (The secret question and answer is setup during account activation. It is required to authenticate the merchant before the transaction key is generated.)

5. Click Submit

6. The transaction key is returned by the Merchant Interface

Creating and generating a fingerprint

The fingerprint is a hash generated using an HMAC-MD5 algorithm on the following fields:

  • Merchant Login. This is the merchant Login ID sent in the x_Login field in the Standard Transaction Submission API for SIM
  • Transaction Key
  • Timestamp of generation of the fingerprint. This must match the time sent in in x_FP_Timestamp field in the Standard Transaction Submission API for SIM.
  • Sequence number of the transaction. This can be a merchant-specific invoice number or a randomly-generated number. This number needs to be sent in the x_FP_Sequence field in the Standard Transaction Submission API for SIM.
  • Amount of the transaction. The final transaction amount used to generate the fingerprint has to correspond with the amount sent in the x_Amount field in the Standard Transaction Submission API for SIM.
  • For transactions that include the currency code, the x_Currency_Code value must also be used as an input for fingerprint generation. For transactions sent with x_Currency_Code, the Payment Gateway will use this value as an additional input for regenerating the transaction fingerprint.

Sample of fingerprint generation

The following sample shows the above fingerprint input values and the order in which they are placed to generate the transaction fingerprint. Input values must be ordered as shown in this sample, otherwise the gateway-generated fingerprint will not match the merchant-generated fingerprint, and the transaction will be rejected.

Example values for the fingerprint parameters are:

• x_Login = authnettest

• x_FP_Sequence = 789

• x_FP_Timestamp = 67897654

• x_Amount = 10.50

• x_Currency_Code = GBP

• x_Tran_Key = ab34986jg5678655

Sample of fingerprint generation without the currency code (x_Currency_Code):

Fingerprint = HMAC-MD5 (“authnettest^789^67897654^10.50^”, “ab34986jg5678655”)

Note: The fields are concatenated and separated by the “^” character. Please note the trailing “^” in the concatenated string in the case of fingerprint generation without currency code. Here, the transaction key is the cryptographic key used in the HMAC calculation.

Sample of fingerprint generation with the currency code (x_Currency_Code):

Fingerprint = HMAC-MD5 (“authnettest^789^67897654^10.50^GBP”, “ab34986jg5678655”)

Note: The fields are concatenated and separated by the “^” character. Here, the transaction key is the cryptographic key used in the HMAC calculation.

Sample fingerprint-generating functions, or scripts, are provided in the Merchant Interface. Please refer to Appendix E for details on the sample scripts and integrations.

Construct an HTML form to generate the fingerprint and POST transactions to the gateway

The post string will consist of a set of NAME/ VALUE pairs. The NAME is the field name and indicates to the gateway what information is being submitted. The VALUE contains the content of the field. The response rendered by the gateway depends on the information in the post string. (Please refer to the Sample SIM Integration – Form Construction section of this document)

Merchant collects payment data

If the merchant hosts their own payment form then the information posted to the gateway needs to contain the minimum set of fields required to process the transaction. The set of required fields is described in the section Standard Transaction Submission API for SIM.

Merchant Requests the Gateway’s Payment Form

If the merchant does not have the ability to host secure Web pages then the post string needs to contain only the information required to identify the merchant and request the gateway’s Payment Form. If the merchant has collected information from a customer on their site before requesting the gateway’s Payment Form, the merchant can include that information in the post string as hidden fields. This results in the gateway rendering a Payment Form populated with the information passed in by the merchant.

Configuring the Gateway Response (Receipt Page or Relay Response)

The post string can contain information that indicates to the gateway how the Receipt Page rendered by the gateway should be formatted. Merchants requesting Relay Response can also provide a URL in the post string to which the gateway will post a response. The merchant’s site can receive, parse, and customize the response and post it back to the gateway. The gateway will then relay the response to the customer.

Using the Merchant Interface to Configure SIM

The merchant has the option to submit information in the post string regarding the format of the Receipt Page, the Payment Form, and the destination URL of the Relay Respone for each transaction. Alternatively, the merchant can configure these in the Merchant Interface. (The Merchant Interface is a tool through which merchants can manage their accounts and their transaction activity. A Login ID and password are required to access this tool. The URL to the Merchant Interface is available to the merchant from their merchant service provider.) It is recommended implementation is to not send in configuration data on a per-transaction basis.

Payment Form Settings

The merchant can configure the following on the Payment Form:

• The background color of the form

• The color of the text on the form

• The header text

• The footer text

• The merchant can also configure the set of fields on the Payment Form that should be displayed to the customer, as well as the set of fields the customer will be required to fill out

To configure Payment Form fields, header and footer text and color: 1. 2. 3. • • • •

Log into the Merchant Interface

Select Settings from the Main Menu

Click on the Payment Forms link in the Transaction Submission section

Note: When creating headers and footers for receipt pages avoid using double quotes.

Receipt Page Settings

• The merchant can configure the following on the Receipt Page:

The background color of the form

The color of the text on the form

The header text

The footer text

• The merchant can also define the method by which the customer should be returned to the merchant Website and the destination URL to which the customer will be returned.

To configure the Receipt Page:

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on the Receipt Page link in the Transaction Response section

Note: When creating headers and footers for receipt pages avoid using double quotes.

Relay Response URL Settings

The merchant can configure the default URL to which the gateway should send the response in the Merchant Interface by doing the following:

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on Relay Response in the Transaction Response section

4. Enter the URL to which the gateway should send the response by default

The merchant can configure one or more valid Relay Response URLs. To configure valid relay response URLs in addition to the default specified

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on the Response /Receipt URL link in the Transaction Response section

4. Click on the Add URL link

5. Add a valid URL

6. Click Submit

The gateway will reject the transaction if the URL sent in the transaction is not configured through the Merchant Interface.

Sample SIM Integrations – Form Construction

This section describes how to create an HTML form to post transactions to the gateway with a fingerprint. The basic HTML tags used to construct a form to post a transaction to the gateway would be written as follows:

<FORM METHOD=POST

ACTION="https://secure.authorize.net/gateway/transact.dll">

</FORM>’

Any form fields that need to be sent to the system would be enclosed as <INPUT> fields within the opening <FORM> tag and the closing </FORM> tag. For example, a form that contained a merchant’s Login ID would look like this:

<INPUT TYPE=HIDDEN NAME="x_Login" VALUE="your login ID goes here">

Some things to note about the sample line above:

  <INPUT> is an HTML tag that does not need a closing tag (unlike <FORM> which needs a closing tag </FORM>).

  TYPE in the sample above is an attribute of the INPUT tag and has a value HIDDEN. In this case it means the information being passed to the gateway server would be hidden from the customer’s HTML page (since the information that is being passed is the merchant’s Login ID).

  The NAME="x_Login" is the category, or field, of information that is being passed, in this case the Login ID of the merchant.

  The VALUE="your Login ID goes here" is where the merchant would put their merchant Login ID (inside the double quotes).

  The NAME/VALUE pair is one of the things that the gateway server looks for when a transaction is submitted. If part of the NAME/VALUE pair is not present or improperly formed, the transaction will be rejected.

The gateway will accept fields that are not specified in the API so long as the name used to describe the field is not identical to a field name in the API. These fields are called “user” fields and can contain any information that might be useful in the transaction. User fields will be echoed back with the results of the transaction and will be displayed on the merchant's receipts; they will not be displayed on the customer’s receipts

The following are some examples of HTML code, along with the server-side script, that can be customized and inserted into a merchant’s Website to provide easy ways to integrate the Website with the system. Server-side scripting capability on the merchant Website is required for this integration, as the script needs access to a secret transaction key that is stored securely in the merchant’s Web server. Sample code and library in ASP, PHP, and Perl are provided in the Merchant Interface. As part of the integration, the merchant Website must provide the appropriate parameters to the InsertFP or CalculateFP library functions that are provided with the sample code.

Example 1 – Minimum requirements for requesting a Payment Form

The following HTML code along with the server-side script represents the minimum data that would need to be inserted into a page to provide a connection to the system. It shows that the fingerprint, time stamp, and the sequence number are inserted into the HTML form POST along with Login ID and other required fields. The result of this HTML code snippet is a button. Clicking on the button will take the user to the gateway’s Payment Form.

A call to generate the fingerprint should be made when the button is clicked and before the Payment Form request is made to the gateway. A sequence number should be generated and the total amount of the tranaction calculated before the call to generate the fingerprint is made. The function used to generate the fingerprint takes these fields (amount, transaction key, Login ID, and sequence number) The transaction amount should not change after the fingerprint is generated. All trailing spaces need to be removed from the fields used to generate the fingerprint

<!--#INCLUDE FILE="simlib.asp"-->

<FORM METHOD=POST ACTION="https://secure.authorize.net/gateway/transact.dll">

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

<INPUT TYPE=HIDDEN NAME="x_Login" VALUE="your login ID goes here">

<INPUT TYPE=HIDDEN NAME="x_Show_Form" VALUE="PAYMENT_FORM">

<INPUT TYPE=HIDDEN NAME="x_Amount" VALUE="amount goes here">

<INPUT TYPE=SUBMIT VALUE="Click here for secure payment form">

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface. This function must be called within a server-side script on the merchant Web server. The above example shows the call being made in an ASP scripting environment.

Example 2 – Using a form to gather information

The following HTML code along with the server-side script demonstrates the ability to send additional information to the system, including information that is specified by the customer. The result of this HTML code snippet is a page that displays a form allowing the customer to specify their name and any specific shipping instructions. The x_First_Name and x_Last_Name fields are normal fields recognized by the system. The Shipping_Instructions field is not a field recognized by the system, and so it is treated as a user field. System-recognized fields can also be used for normal shipping information. The code also shows that the fingerprint, time stamp, and the sequence number are inserted into the HTML form POST along with Login ID and other required fields.

<!--#INCLUDE FILE="simlib.asp"-->

<FORM METHOD=POST ACTION="https://secure.authorize.net/gateway/transact.dll">

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

<INPUT TYPE=HIDDEN NAME="x_Login" VALUE="your login ID goes here">

<INPUT TYPE=HIDDEN NAME="x_Show_Form" VALUE="PAYMENT_FORM">

<INPUT TYPE=HIDDEN NAME="x_Amount" VALUE="amount goes here">

<INPUT TYPE=HIDDEN NAME="x_Cust_ID" VALUE="a unique customer ID goes here">

<INPUT TYPE=HIDDEN NAME="x_Description" VALUE="description of transaction">

<INPUT TYPE=HIDDEN NAME="x_Invoice_Num" VALUE="invoice number goes here">

Enter your first name:

<INPUT TYPE=TEXT NAME="x_First_Name"><BR>

Enter your last name:

<INPUT TYPE=TEXT NAME="x_Last_Name"><BR>

Enter Any special shipping instructions:

<INPUT TYPE=TEXT NAME="Shipping_Instructions"><BR>

<INPUT TYPE=SUBMIT VALUE="Click here for secure payment form">

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface.

Example 3 – Requesting a Receipt Page

The following HTML code shows the request for the Receipt Page, including generating the fingerprint and sending it along with rest of the fields.

<!--#INCLUDE FILE="simlib.asp"--><FORM METHOD=POST ACTION="https://secure.authorize.net/gateway/transact.dll”>

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

<INPUT TYPE=HIDDEN NAME="x_Version" VALUE="3.1">

<INPUT TYPE=HIDDEN NAME="x_Login" VALUE="your login ID goes here">

<INPUT TYPE=HIDDEN NAME="x_Card_Num" VALUE="customer’s credit card number">

<INPUT TYPE=HIDDEN NAME="x_Exp_Date" VALUE="customer’s credit card expiration date goes here">

<INPUT TYPE=HIDDEN NAME="x_Amount" VALUE="amount goes here">

<INPUT TYPE=SUBMIT VALUE="Submit">

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface.

Example 4 – Requesting a Payment Form and a Relay Response

The following are the minimum requirements for requesting a Relay Response from the gateway. This code includes the function for generating the fingerprint and sending it along with rest of the fields.

<!--#INCLUDE FILE="simlib.asp"--><FORM METHOD=POST ACTION="https://secure.authorize.net/gatewaytransact.dll/">

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

<INPUT TYPE=HIDDEN NAME="x_Login" VALUE="your login ID goes here">

<INPUT TYPE=HIDDEN NAME="x_Amount" VALUE="amount goes here">

<INPUT TYPE=HIDDEN NAME="x_Relay_Response" VALUE="True">

<INPUT TYPE=HIDDEN NAME="x_Relay_URL" VALUE="Any valid URL">

<INPUT TYPE=SUBMIT VALUE="Click here for secure payment form">

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface.

Since the HTML code that is returned to the browser appears to come from the gateway server, any links to images need to be absolute URLs with the full path to the server on which the images reside. If relative URLs are used, the customer’s browser will try to load the images from the gateway server and would fail.

The URL specified in x_Relay_URL should be a script that can interactively parse the information that is posted to it. The URL can be a plain HTML page if a static response is desired for every transaction. In this scenario, the merchant's Web server will need to be configured to allow the POST method to plain HTML pages.

Use of frames is not recommended. Even though the Payment Form used will be secure the lock icon on the user’s taskbar will key off the surrounding frame and not off the Payment Form. The page will not look secure to the customer.

Redirects in the relay scripts are not recommended, as the information may not be transferred properly.

When the merchant’s response is relayed back to the customer, anything that is in the HTTP headers will be replaced. This means if a developer is relying on custom information to be in these headers, such as cookies, their implementation will most likely fail.

Standard Transaction Submission API for SIM

The Standard Transaction Submission API defines the information that can be submitted to the gateway for real-time transaction processing. The API consists of a set of fields that are required for each transaction, and a set of fields that are optional. Under the API, the gateway accepts a NAME/ VALUE pair. The NAME is the field name and indicates to the gateway what information is being submitted. The VALUE contains the content of the field. In transmitting information to the gateway the merchant site should post transactions to https://secure.authorize.net/gateway/transact.dll.

The following tables contain the data fields that may be submitted to the system with any transaction. The fields are grouped logically in the tables, based on the information submitted. Each table contains the following information:

  • Field – Name of the parameter that may be submitted on a transaction
  • Required – Indicates whether the field is required on a transaction. If Conditional, indicates that the field is required based on the existence or value of another field. In cases where a dependency exists, an explanation is provided.
  • Value – Lists the possible values that may be submitted for the field. In cases where a format is validated, an explanation is provided.
  • Max Length – Indicates the maximum number of characters that may be supplied for each field.
  • Description – Provides additional details on how the field is used

Merchant Account Information

The following fields in the API allow the system to identify the merchant submitting the transaction and the state of the merchant’s account on the gateway.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Login

Required

Varies by merchant 20

 

Pass the Login ID used to access the Merchant Interface.

x_Version

Optional

If no value is specified, the value located in the Transaction Version settings within the Merchant Interface will be used.

3.1

3

Indicates to the system the set of fields that will be included in the response:

• 3.0 is the standard version

• 3.1 allows the merchant to utilize the Card Code feature

x_Test_Request

Optional

TRUE, FALSE

5

Indicates whether the transaction should be processed as a test transaction. Please refer to Appendix D for further information on this field.

Fingerprint Fields

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_FP_Hash

Required

   

This is the fingerprint generated using the HMAC-MD5 hashing algorithm on the merchant’s transaction key and the following fields:

merchant Login ID (x_Login)

the sequence number of the transaction (x_FP_Sequence)

the time when the sequence number was generated (x_FP_Timestamp)

amount of the transaction (x_Amount)

and optionally the currency code (x_Currency_Code)

The above fields are concatenated and separated by the “^” character.

x_FP_Sequence

Required

   

This is a merchant-determined value that ensures the fingerprint is unique.

x_FP_Timestamp

Required

UTC time in seconds since Jan 1, 1970.

 

This is the time of fingerprint generation. Merchant sends in this value to indicate when the fingerprint was generated.

Payment Form Fields

These fields are optional and need to be used only if the merchant is using the gateway’s Payment Form to collect payment data. All these fields except x_Show_Form can also be configured in the Merchant Interface and do not have to be submitted with each transaction.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Show_Form

Conditional

Required if the merchant is using the gateway’s Payment Form

PAYMENT FORM

 

This field should be passed in with the value of PAYMENT FORM only if the merchant wishes to use the gateway’s Payment Form to collect payment data

x_Header_HTML_Payment_Form

Optional

Valid Text or HTML

 

The text submitted in this field will be displayed as the header on the Payment Form.

x_Footer_HTML_Payment_Form

Optional

Valid Text or HTML

 

The text submitted in this field will be displayed as the footer on the Payment Form.

Receipt Page Fields

All fields in this section are optional. The merchant can configure the information captured in these fields in the Merchant Interface instead of sending it in with every transaction.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Header_HTML_Receipt

Optional

Valid Text or HTML code.

 

The text contained in this field will be displayed at the top of the Receipt Page.

x_Footer_HTML_Receipt

Optional

Valid Text or HTML code

 

The text contained in this field will be displayed at the bottom of the Receipt Page.

x_Receipt_Link_Method

Optional

LINK

POST

GET

 

This field specifies the type of link that is made back to a merchant's Website.

x_Receipt_Link_Text

Optional

Any Valid text

 

If the x_Receipt_Link_Method is LINK, the value in this field will become a hyperlinked text on the receipt page

If the x_receipt_link_method is GET or POST the value in this field becomes the text of a submit button. An HTML form is created in the Receipt Page that has hidden fields containing the results of the transaction processed.

x_Receipt_Link_URL

Optional

Any Valid URL

 

If the x_Receipt_Link_Method is LINK, the URL specified in the fields becomes the target of the hyperlinked text.

If the x_Receipt_Link_Method is GET or POST, the URL will become the action of the HTML form.

To be accepted as valid by the gateway, the URL must be configured in the Merchant Interface.

Fields Common to Both the Payment Form and Receipt Page

All fields in this section are optional. The merchant can configure the information captured in these fields in the Merchant Interface instead of sending it in on every transaction.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Logo_URL

Optional

Any valid URL

 

This field is ideal for displaying a merchant logo on a page. The target of this URL will be displayed on the header of the Payment Form and Receipt Page.

x_Background_URL

Optional

A valid URL

 

This field will allow the merchant to customize the background image of the Payment Form and Receipt Page. The target of the specified URL will be displayed as the background.

x_Color_Background

Optional

Any valid HTML color name or color hex code

 

Value in this field will set the background color for the Payment Form and Receipt Page.

x_Color_Link

Optional

Any valid HTML color name or color hex code

 

This field allows the color of the HTML links for the Payment Form and Receipt Page to be set to the value submitted in this field.

x_Color_Text

Optional

Any valid HTML color name or color hex code

 

This field allows the color of the text on the Payment Form and the Receipt Page to be set to the value submitted in this field.

Relay Response Fields

The following fields indicate to the gateway that the merchant is requesting a Relay Response. They should not be passed in if the merchant is requesting a Receipt Page or a Payment Form

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Relay_Response

Conditional – if the merchant requires a Relay Response

TRUE

 

This is required to be set to TRUE. This indicates to the gateway that the response will be relayed to the customer’s browser

x_Relay_URL

Optional

Any valid URL

 

Contains the URL to which the gateway will post the response. The gateway will validate the URL submitted in this field with the values configured through the Merchant Interface. The gateway will reject the transaction if the value submitted does not match any of the URLs configured through the Merchant Interface.

If no value is passed in this field, gateway will post the response to the default relay URL configured in the Merchant Interface. the

Customer Name and Billing Address

The customer billing address fields listed below contain customer billing address information associated with each transaction.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_First_Name

Optional

Any string

50

Contains the first name of the customer associated with the billing address for the transaction.

x_Last_Name

Optional

Any string

50

Contains the last name of the customer associated with the billing address for the transaction.

x_Company

Optional

Any string

50

Contains the company name associated with the billing address for the transaction.

x_Address

Optional

Any string

60

Contains the address of the customer associated with the billing address for the transaction.

x_City

Optional

Any string

40

Contains the city of the customer associated with the billing address for the transaction.

x_State

Optional

If passed, the value will be verified.

Any valid two-character state code or full state name

40

Contains the state of the customer associated with the billing address for the transaction.

x_Zip

Optional

Any string

20

Contains the zip of the customer associated with the billing address for the transaction.

x_Country

Optional

If passed, the value will be verified.

Any valid two-character country code or full country name (spelled in English)

60

Contains the country of the customer associated with the billing address for the transaction.

x_Phone

Optional

Any string 25

Recommended format is (123)123-1234

 

Contains the phone number of the customer associated with the billing address for the transaction.

x_Fax

Optional

Any string 25

Recommended format is (123)123-1234

 

Contains the fax number of the customer associated with the billing address for the transaction.

Additional Customer Data

Merchants may provide additional customer information with a transaction, based on their respective requirements.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Cust_ID

Optional

Any string

20

Unique identifier to represent the customer associated with the transaction.

x_Customer_IP

Optional

Required format is 255.255.255.255. If this value is not passed, it will default to 255.255.255.255 15

 

IP address of the customer initiating the transaction.

x_Customer_Tax_ID

Optional

9 digits/numbers only

9

Tax ID or SSN of the customer initiating the transaction.

Email Settings

The following fields describe how and when emails will be sent when transactions are processed by the system.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Email

Optional

Any valid email address

255

Email address to which the customer’s copy of the confirmation email is sent.

No email will be sent to the customer if the email address does not meet standard email format checks.

x_Email_Customer

Optional

TRUE, FALSE

If no value is submitted, system will default to the value configured in the Merchant Interface.

5

Indicates whether a confirmation email should be sent to the customer.

x_Merchant_Email

Optional

Any valid email address

255

Email address to which the merchant’s copy of the customer confirmation email should be sent. If a value is submitted, an email will be sent to this address as well as the address(es) configured in the Merchant Interface.

Invoice Information

Based on their respective requirements, merchants may submit invoice information with a transaction. Two invoice fields are provided in the gateway API.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Invoice_Num

Optional

Any string

20

Merchant-assigned invoice number.

x_Description

Optional

Any string

255

Description of the transaction.

Customer Shipping Address

The following fields describe the customer shipping information that may be submitted with each transaction.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Ship_To_First_Name

Optional

Any string

50

Contains the customer shipping first name.

x_Ship_To_Last_Name

Optional

Any string

50

Contains the customer shipping last name.

x_Ship_To_Company

Optional

Any string

50

Contains the customer shipping company.

x_Ship_To_Address

Optional

Any string

60

Contains the customer shipping address.

x_Ship_To_City

Optional

Any string

40

Contains the customer shipping city.

x_Ship_To_State

Optional

If passed, the value will be verified.

Any valid two-digit state code or full state name

40

Contains the customer shipping state.

x_Ship_To_Zip

Optional

Any string

20

Contains the customer shipping zip.

x_Ship_To_Country

Optional

If passed, the value will be verified.

Any valid two-digit country code or full country name (spelled in English)

60

Contains the customer shipping country.

Transaction Data

The following fields contain transaction-specific information such as amount, payment method, and transaction type.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Amount

Required

Any amount

15

Total value to be charged or credited inclusive of tax.

x_Currency_Code

Optional

Valid currency code

3

Currency of the transaction amount. If left blank, this value will default to the value specified in the Merchant Interface. See Appendix G for other values.

x_Method

Required

CC, ECHECK

N/A

Indicates the method of payment for the transaction being sent to the system. If left blank, this value will default to CC.

x_Type

Required AUTH_

CAPTURE, AUTH_ONLY, CAPTURE_ONLY, CREDIT, VOID, PRIOR_AUTH_CAPTURE

N/A

Indicates the type of transaction. If the value in the field does not match any of the values stated, the transaction will be rejected.

If no value is submitted in this field, the gateway will process the transaction as an AUTH_CAPTURE.

x_Recurring_Billing

Optional

YES, NO

3

Indicates whether the transaction is a recurring billing transaction.

x_Bank_ABA_Code

Conditional

Required if x_Method = ECHECK

Valid routing number

9

Routing number of a bank for eCheck.Net transactions.

x_Bank_Acct_Num

Conditional

Required if x_Method = ECHECK

Valid account number

20

Checking or savings account number.

x_Bank_Acct_Type

Conditional

Required if x_Method = ECHECK

CHECKING, SAVINGS

8

Describes the type of bank account; if no value is provided, default is set to CHECKING.

x_Bank_Name

Conditional Valid

Required if x_Method = ECHECK

bank name

50

Contains the name of the customer’s financial institution.

x_Bank_Acct_Name

Conditional

Required if x_Method = ECHECK

Name on the Customer’s bank account

 

Is the customer’s name as it appears on their bank account

x_Echeck_Type

Conditional WEB

Required if x_Method = ECHECK

   

This indicates that the e-check payment request originated from a Website. The system will default this value to WEB if no value is sent.

x_Card_Num

Conditional Numeric

Required if x_Method = CC

credit card number

22

Contains the credit card number.

x_Exp_Date

Conditional MMYY,

Required if x_Method = CC

MM/YY,

MM-YY,

MMYYYY,

MM/YYYY,

MM-YYYY,

YYYY-MM-DD,

YYYY/MM/DD

N/A

Contains the date on which the credit card expires.

x_Card_Code

Optional

Valid CVV2, CVC2 or CID value 4

 

Three- or four- digit number on the back of a credit card.

x_Trans_ID

Conditional Valid

Required if x_Type = CREDIT,

VOID, or PRIOR_AUTH_CAPTURE

transaction ID

10

ID of a transaction previously authorized by the gateway.

x_Auth_Code

Conditional Valid

Required if x_Type = CAPTURE_ONLY

authorization code

6

Authorization code for a previous transaction not authorized on the gateway that is being submitted for capture.

Level 2 Data

The system supports Level 2 transaction data by providing the following fields as part of the transaction submission API.

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_PO_Num

Optional

Any string

25

Contains the purchase order number.

x_Tax

Optional

Any valid amount

15

Contains the tax amount.

x_Tax_Exempt

Optional

TRUE, FALSE

5

Indicates whether the transaction is tax exempt.

x_Freight

Optional

Any valid amount

10

Contains the freight amount charged.

x_Duty

Optional

Any valid amount

10

Contains the amount charged for duty.

Transaction Submission API for Wells Fargo SecureSource Merchants

For merchants who process transactions through the Wells Fargo SecureSource product, some additional rules apply to transaction processing. Fields that are optional in the Standard Transaction Submission API are required for Wells Fargo SecureSource merchants. The following tables describe these required fields. Only those fields that are different from the standard API are called out in this section.

Customer Name and Billing Address

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_First_Name

Required

Any string

50

Contains the first name of the customer associated with the billing address for the transaction.

x_Last_Name

Required

Any string

50

Contains the last name of the customer associated with the billing address for the transaction.

x_Company

Required

Any string

50

Contains the company name associated with the billing address for the transaction.

x_Address

Required

Any string

60

Contains the address of the customer associated with the billing address for the transaction.

x_City

Required

Any string

40

Contains the city of the customer associated with the billing address for the transaction.

x_State

Required

Any valid two-digit state code or full state name

40

Contains the state of the customer associated with the billing address for the transaction.

x_Zip

Required

Any string

20

Contains the zip of the customer associated with the billing address for the transaction.

x_Country

Required

Any valid two-digit country code or full country name (spelled in English)

60

Contains the country of the customer associated with the billing address for the transaction.

x_Phone

Required Any string
Recommended format is (123)123-1234

25

 

Contains the phone number of the customer associated with the billing address for the transaction.

Email Settings

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Email

Required

Any valid email address

255

Email address to which a confirmation email is sent.

Additional Customer Data

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Customer_IP

Required

Required format is 255.255.255.255. If this value is not passed, it will default to 255.255.255.255.

15

IP address of the customer initiating the transaction.

x_Customer_Organization_Type

Required

I, B

I = Individual B = Business

N/A

Required for all eCheck transactions for Wells Fargo SecureSource Merchants.

x_Customer_Tax_ID

Conditional

IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB

9 digits or numbers only

9

Tax ID or SSN of the customer initiating the transaction. If the Tax ID or SSN is not available, the customer’s driver’s license number, driver’s license state and date of birth must be used in its place.

x_Drivers_License_Num

Conditional

IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB

 

50

Required for all eCheck transactions for Wells Fargo SecureSource Merchants where the Tax ID or SSN is not provided.

x_Drivers_License_State

Conditional

IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB

2-character state abbreviation

2

Required for all eCheck transactions for Wells Fargo SecureSource Merchants where the Tax ID or SSN is not provided.

x_Drivers_License_DOB

Conditional

IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB

YYYY-MM-DDD, YYYY/MM/DD, MM/DD/YYYY, MM-DD-YYYY,

N/A

Required for all eCheck transactions for Wells Fargo SecureSource Merchants where the Tax ID or SSN is not provided.

Gateway Response API

This section describes the response returned by the gateway when a transaction is submitted for processing. The gateway response to a transaction submitted via SIM is either a Receipt Page that is displayed to the consumer or a POST string to a site designated by the merchant. The merchant can then parse the POST string, customize a response, and submit it back to the gateway. The gateway will then relay the response to the customer’s browser.

Fields in the Gateway Response

The following table indicates the order of fields returned in the SIM response from the gateway to the merchant server for a Relay Response. Any fields that were sent to the gateway in addition to the fields described in the Standard Transaction Submission API are returned in the response after the set of fields described in the table below.

FIELD NAME OF VALUE IN RESPONSE

INFORMATION

DESCRIPTION

x_Response_Code

Response Code

Indicates the result of the transaction: 1 = Approved 2 = Declined 3 = Error

x_Response_Subcode

Response Subcode

A code used by the system for internal transaction tracking.

x_Response_Reason_Code

Response Reason Code

A code representing more details about the result of the transaction.

x_Response_Reason_Text

Response Reason Text

Brief description of the result, which corresponds with the Response Reason Code.

x_Auth_Code

Approval Code

The six-digit alphanumeric authorization or approval code.

x_AVS_Code

AVS Result Code

Indicates the result of Address Verification System (AVS) checks: A = Address (Street) matches, ZIP does not

B = Address information not provided for AVS check

E = AVS error

G = Non-U.S. Card Issuing Bank

N = No Match on Address (Street) or ZIP

P = AVS not applicable for this transaction

R = Retry – System unavailable or timed out

S = Service not supported by issuer

U = Address information is unavailable

W = 9 digit ZIP matches, Address (Street) does not

X = Address (Street) and 9 digit ZIP match

Y = Address (Street) and 5 digit ZIP match

Z = 5 digit ZIP matches, Address (Street) does not

x_Trans_ID

Transaction ID

This number identifies the transaction in the system and can be used to submit a modification of this transaction at a later time, such as voiding, crediting or capturing the transaction.

x_Invoice_Num

Invoice Number

Echoed from form input value for x_Invoice_Num.

x_Description

Description

Echoed from form input value for x_Description.

x_Amount

Amount

Echoed from form input value for x_Amount.

x_Method

Method

Echoed from form input value for x_Method.

x_Type

Transaction Type

Echoed from form input value for x_Type.

x_Cust_ID

Customer ID

Echoed from form input value for x_Cust_ID.

x_First_Name

Cardholder First Name

Echoed from form input value for x_First_Name.

x_Last_Name

Cardholder Last Name

Echoed from form input value for x_Last_Name.

x_Company

Company

Echoed from form input value for x_Company.

x_Address

Billing Address

Echoed from form input value for x_Address.

x_City

City

Echoed from form input value for x_City.

x_State

State

Echoed from form input value for x_State.

x_Zip

Zip

Echoed from form input value for x_Zip.

x_Country

Country

Echoed from form input value for x_Country.

x_Phone

Phone

Echoed from form input value for x_Phone.

x_Fax

Fax

Echoed from form input value for x_Fax.

x_Email

Email

Echoed from form input value for x_Email.

x_Ship_To_First_Name

Ship to First Name

Echoed from form input value for x_Ship_To_First_Name.

x_Ship_To_Last_Name

Ship to Last Name

Echoed from form input value for x_Ship_To_Last_Name.

x_Ship_To_Company

Ship to Company

Echoed from form input value for x_Ship_To_Company.

x_Ship_To_Address

Ship to Address

Echoed from form input value for x_Ship_To_Address.

x_Ship_To_City

Ship to City

Echoed from form input value for x_Ship_To_City.

x_Ship_To_State

Ship to State

Echoed from form input value for x_Ship_To_State.

x_Ship_To_Zip

Ship to Zip

Echoed from form input value for x_Ship_To_Zip.

x_Ship_To_Country

Ship to Country

Echoed from form input value for x_Ship_To_Country.

x_Tax

Tax Amount

Echoed from form input value for x_Tax.

x_Duty

Duty Amount

Echoed from form input value for x_Duty.

x_Freight

Freight Amount

Echoed from form input value for x_Freight.

x_Tax_Exempt

Tax Exempt Flag

Echoed from form input value for x_Tax_Exempt.

x_PO_Num

PO Number

Echoed from form input value for x_PO_Num.

x_MD5_Hash

MD5 Hash

System-generated hash that may be validated by the merchant to authenticate a transaction response received from the gateway.

x_CVV2_Resp_Code

Card Code (CVV2/CVC2/CID) Response Code

Indicates the results of Card Code verification: