The Credit Card Store
Phone: 877-855-3300
Email: GetPaid@CreditCardStore.com

Apply for a Credit Card Online

Simple Integration Method (SIM)
Implementation Guide

Card-Not-Present Transactions Version 1.0

Table of Contents

INTRODUCTION

SIMPLE INTEGRATION METHOD (SIM)

What is SIM?
How does SIM work?
Collecting Payment Data
Submitting a Request to the Gateway
Rendering a Response to the Customer

SIM IMPLEMENTATION

What is required to implement SIM?

STEPS TO INTEGRATE TO THE GATEWAY USING SIM

Obtaining and Storing the Transaction Key
Creating and generating a fingerprint
Sample of fingerprint generation
Construct an HTML form to generate the fingerprint and POST transactions to the gateway

USING THE MERCHANT INTERFACE TO CONFIGURE SIM

Payment Form Settings
Receipt Page Settings
Relay Response URL Settings

SAMPLE SIM INTEGRATIONS – FORM CONSTRUCTION

Example 1 – Minimum requirements for requesting a Payment Form
Example 2 – Using a form to gather information
Example 3 – Requesting a Receipt Page
Example 4 – Requesting a Payment Form and a Relay Response

STANDARD TRANSACTION SUBMISSION API FOR SIM

Merchant Account Information
Fingerprint Fields
Payment Form Fields
Receipt Page Fields
Fields Common to Both the Payment Form and Receipt Page
Relay Response Fields
Customer Name and Billing Address
Additional Customer Data
Email Settings
Invoice Information
Customer Shipping Address
Transaction Data
Level 2 Data

TRANSACTION SUBMISSION API FOR WELLS FARGO SECURESOURCE MERCHANTS

Customer Name and Billing Address
Email Settings
Additional Customer Data

GATEWAY RESPONSE API

Fields in the Gateway Response
SIM Relay Response
SIM Transaction Response Versions
Response Code Details
Description of Response Fields
Response Reason Codes & Response Reason Text

SIM BEST PRACTICES

Best Practices Summary
Securely store the transaction key
Do not expose the transaction key to the customer
Change transaction keys often
Secure the secret answer
Generate fingerprint as late as possible in the checkout process
Ensure your system clock is set to proper time and timezone

APPENDIX A – TYPES OF CREDIT CARD TRANSACTIONS

Credit Card Transaction Types

APPENDIX B – FEATURES OF THE GATEWAY

Address Verification System
Credit Card Identification Code (CVV2/CVC2/CID)

APPENDIX C – CUSTOMIZING NOTIFICATION TO CUSTOMERS

APPENDIX D – SUBMITTING TEST TRANSACTIONS TO THE SYSTEM

Test Mode
Running a Test Transaction
Test credit card numbers

APPENDIX E – SAMPLE SCRIPTS

ASP Script
PHP Script
Perl Script

APPENDIX F – CERTIFICATION

APPENDIX G – CURRENCY CODES

Introduction

Payment gateways facilitate electronic commerce by enabling merchants to accept credit cards and electronic checks as methods of payment for goods and services sold online. The gateway acts as a bridge between the merchant’s Website and the financial institutions that process payment transactions. Payment data is collected online from the shopper and submitted to the gateway for real-time authorization.

Authorization is the process of checking the validity and available balance of a customer’s credit card before the transaction can be accepted. To authorize a given credit card transaction, the gateway transmits the transaction information to the appropriate financial institutions for validation, then returns the response (approved or declined) from the institution to the merchant or customer. The payment gateway supports real-time and offline requests for credit card authorization.

Note: The payment gateway is targeted towards merchants that process Card-Not-Present transactions. In a Card-Not-Present transaction, the merchant and the shopper are not in the same physical location and the customer usually calls in the payment data or keys in the details of the credit card on a Website. All e-commerce and mail/telephone orders are Card-Not-Present transactions.

The gateway also supports electronic check transactions. Merchants can collect consumer bank account numbers and routing numbers to pay for purchases.

This document describes how transactions can be submitted to the gateway for real-time processing using the Simple Integration Method.

Simple Integration Method (SIM)

What is SIM?

The Simple Integration Method is a relatively simple and secure method to submit transactions to the Payment Gateway. Merchants using this method have the option to let the gateway handle all the steps in transaction processing—payment data collection, data submission, and response to customer. Any request to the gateway is required to contain information that indicates to the gateway that the transaction is authentic and has been submitted for processing with the merchant’s knowledge. This information is contained in a fingerprint that has to be generated by the merchant and included with every request submitted to the gateway. The fingerprint is a hash generated using the HMAC-MD5 hashing algorithm on a set of pre-defined transaction-specific fields. If the fingerprint cannot be validated by the gateway, the request will be rejected.

How does SIM work?

The merchant collects payment information on their Website using either their own payment form or by requesting the gateway’s Payment Form. The merchant can also request the gateway’s Receipt Page to return to the customer. For each request or transaction submitted to the Payment Gateway, the merchant generates and submits a unique fingerprint.

Collecting Payment Data

The merchant can choose to host the Web page where the customer enters payment data, or request that the gateway host the page. The page hosted by the gateway to collect payment data is referred to as the Payment Form, and can be configured by the merchant to look like their Website. Using the gateway-hosted Payment Form, merchants can collect payment data securely without having a secure Website.

Submitting a Request to the Gateway

A request to generate the gateway’s Payment Form must include a unique merchant-generated fingerprint. This fingerprint is used to authenticate that the request originated from an authorized merchant.

If the merchant hosts their own secure payment form, the fingerprint must be submitted along with transaction information to the gateway.

Rendering a Response to the Customer

The response returned by the gateway to the customer’s browser is referred to as a Recipt Page. The merchant can configure the Receipt Page to look like their Website. However, the merchant also has the option to receive the transaction response from the gateway, customize it, and send back a receipt page to the gateway. The gateway then relays the merchant-generated receipt page to the customer’s browser. This response option is referred to as Relay Response. Merchants who use Relay Response can exercise a greater degree of control over the messaging of a response to the customer.

SIM Implementation

In order to integrate to the Payment Gateway using the Simple Integration Method, the merchant needs to be able to construct an HTML form that can generate a fingerprint and post information including the fingerprint to https://secure.authorize.net/gateway/transact.dll.

What is required to implement SIM?

The merchant’s hosting provider must have server scripting or CGI capability like ASP, PHP, Perl, JSP
Merchants should be able to securely store files containing sensitive account information and apply access controls. They also have to be able to store sensitive information in a secure, restricted-access database.
Merchant’s hosting their own payment form need to have secure servers.

Steps to Integrate to the gateway using SIM

1. The merchant obtains a transaction key from the Merchant Interface. (The gateway-generated transaction key is similar to a password and is used to generate a fingerprint. The Merchant Interface is a tool through which merchants can manage their accounts and transaction activity. A Login ID and password are required to access this tool. The URL to the Merchant Interface is available to the merchant from their merchant service provider)

2. The merchant needs to modify their Web pages to contain the fingerprint-generating function, or script. The script, whether on a server or embedded in the HTML page itself, generates the unique fingerprint.

3. The merchant can create the fingerprint by modifying sample scripts provided in the Merchant Interface, or by writing and implementing their own script.

4. The fingerprint and the information required to process the transaction are posted to the gateway. The Standard Transaction Submission API for SIM describes the information that is required to submit a transaction to the gateway.

Obtaining and Storing the Transaction Key

The transaction key is a gateway-generated, random alphanumeric string that is one of the inputs to the fingerprint-generating function. The transaction key is a unique value that is exchanged between the gateway and the merchant. It is used by the gateway to authenticate the fingerprint and the transaction as originating from an authorized merchant. It is therefore extremely important that the transaction key is stored securely on the merchant’s server once it has been obtained from the Merchant Interface.

To obtain the Transaction Key from the Merchant Interface:

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on the Obtain Transaction Key in the Security section

4. Type in the answer to your secret question (The secret question and answer is setup during account activation. It is required to authenticate the merchant before the transaction key is generated.)

5. Click Submit

6. The transaction key is returned by the Merchant Interface

Creating and generating a fingerprint

The fingerprint is a hash generated using an HMAC-MD5 algorithm on the following fields:

Merchant Login. This is the merchant Login ID sent in the x_Login field in the Standard Transaction Submission API for SIM
Transaction Key
Timestamp of generation of the fingerprint. This must match the time sent in in x_FP_Timestamp field in the Standard Transaction Submission API for SIM.
Sequence number of the transaction. This can be a merchant-specific invoice number or a randomly-generated number. This number needs to be sent in the x_FP_Sequence field in the Standard Transaction Submission API for SIM.
Amount of the transaction. The final transaction amount used to generate the fingerprint has to correspond with the amount sent in the x_Amount field in the Standard Transaction Submission API for SIM.
For transactions that include the currency code, the x_Currency_Code value must also be used as an input for fingerprint generation. For transactions sent with x_Currency_Code, the Payment Gateway will use this value as an additional input for regenerating the transaction fingerprint.

Sample of fingerprint generation

The following sample shows the above fingerprint input values and the order in which they are placed to generate the transaction fingerprint. Input values must be ordered as shown in this sample, otherwise the gateway-generated fingerprint will not match the merchant-generated fingerprint, and the transaction will be rejected.

Example values for the fingerprint parameters are:

• x_Login = authnettest

• x_FP_Sequence = 789

• x_FP_Timestamp = 67897654

• x_Amount = 10.50

• x_Currency_Code = GBP

• x_Tran_Key = ab34986jg5678655

**Sample of fingerprint generation without the currency code (x_Currency_Code):**

Fingerprint = HMAC-MD5 (“authnettest^789^67897654^10.50^”, “ab34986jg5678655”)

Note: The fields are concatenated and separated by the “^” character. Please note the trailing “^” in the concatenated string in the case of fingerprint generation without currency code. Here, the transaction key is the cryptographic key used in the HMAC calculation.

Sample of fingerprint generation with the currency code (x_Currency_Code):

Fingerprint = HMAC-MD5 (“authnettest^789^67897654^10.50^GBP”, “ab34986jg5678655”)

Note: The fields are concatenated and separated by the “^” character. Here, the transaction key is the cryptographic key used in the HMAC calculation.

Sample fingerprint-generating functions, or scripts, are provided in the Merchant Interface. Please refer to Appendix E for details on the sample scripts and integrations.

Construct an HTML form to generate the fingerprint and POST transactions to the gateway

The post string will consist of a set of NAME/ VALUE pairs. The NAME is the field name and indicates to the gateway what information is being submitted. The VALUE contains the content of the field. The response rendered by the gateway depends on the information in the post string. (Please refer to the Sample SIM Integration – Form Construction section of this document)

Merchant collects payment data

If the merchant hosts their own payment form then the information posted to the gateway needs to contain the minimum set of fields required to process the transaction. The set of required fields is described in the section Standard Transaction Submission API for SIM.

Merchant Requests the Gateway’s Payment Form

If the merchant does not have the ability to host secure Web pages then the post string needs to contain only the information required to identify the merchant and request the gateway’s Payment Form. If the merchant has collected information from a customer on their site before requesting the gateway’s Payment Form, the merchant can include that information in the post string as hidden fields. This results in the gateway rendering a Payment Form populated with the information passed in by the merchant.

Configuring the Gateway Response (Receipt Page or Relay Response)

The post string can contain information that indicates to the gateway how the Receipt Page rendered by the gateway should be formatted. Merchants requesting Relay Response can also provide a URL in the post string to which the gateway will post a response. The merchant’s site can receive, parse, and customize the response and post it back to the gateway. The gateway will then relay the response to the customer.

Using the Merchant Interface to Configure SIM

The merchant has the option to submit information in the post string regarding the format of the Receipt Page, the Payment Form, and the destination URL of the Relay Respone for each transaction. Alternatively, the merchant can configure these in the Merchant Interface. (The Merchant Interface is a tool through which merchants can manage their accounts and their transaction activity. A Login ID and password are required to access this tool. The URL to the Merchant Interface is available to the merchant from their merchant service provider.) It is recommended implementation is to not send in configuration data on a per-transaction basis.

Payment Form Settings

The merchant can configure the following on the Payment Form:

• The background color of the form

• The color of the text on the form

• The header text

• The footer text

• The merchant can also configure the set of fields on the Payment Form that should be displayed to the customer, as well as the set of fields the customer will be required to fill out

To configure Payment Form fields, header and footer text and color: 1. 2. 3. • • • •

Log into the Merchant Interface

Select Settings from the Main Menu

Click on the Payment Forms link in the Transaction Submission section

Note: When creating headers and footers for receipt pages avoid using double quotes.

Receipt Page Settings

• The merchant can configure the following on the Receipt Page:

The background color of the form

The color of the text on the form

The header text

The footer text

• The merchant can also define the method by which the customer should be returned to the merchant Website and the destination URL to which the customer will be returned.

To configure the Receipt Page:

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on the Receipt Page link in the Transaction Response section

Note: When creating headers and footers for receipt pages avoid using double quotes.

Relay Response URL Settings

The merchant can configure the default URL to which the gateway should send the response in the Merchant Interface by doing the following:

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on Relay Response in the Transaction Response section

4. Enter the URL to which the gateway should send the response by default

The merchant can configure one or more valid Relay Response URLs. To configure valid relay response URLs in addition to the default specified

1. Log into the Merchant Interface

2. Select Settings from the Main Menu

3. Click on the Response /Receipt URL link in the Transaction Response section

4. Click on the Add URL link

5. Add a valid URL

6. Click Submit

The gateway will reject the transaction if the URL sent in the transaction is not configured through the Merchant Interface.

Sample SIM Integrations – Form Construction

This section describes how to create an HTML form to post transactions to the gateway with a fingerprint. The basic HTML tags used to construct a form to post a transaction to the gateway would be written as follows:

<FORM METHOD=POST

ACTION="https://secure.authorize.net/gateway/transact.dll">

</FORM>’

Any form fields that need to be sent to the system would be enclosed as <INPUT> fields within the opening <FORM> tag and the closing </FORM> tag. For example, a form that contained a merchant’s Login ID would look like this:

Some things to note about the sample line above:

<INPUT> is an HTML tag that does not need a closing tag (unlike <FORM> which needs a closing tag </FORM>).

TYPE in the sample above is an attribute of the INPUT tag and has a value HIDDEN. In this case it means the information being passed to the gateway server would be hidden from the customer’s HTML page (since the information that is being passed is the merchant’s Login ID).

The NAME="x_Login" is the category, or field, of information that is being passed, in this case the Login ID of the merchant.

The VALUE="your Login ID goes here" is where the merchant would put their merchant Login ID (inside the double quotes).

The NAME/VALUE pair is one of the things that the gateway server looks for when a transaction is submitted. If part of the NAME/VALUE pair is not present or improperly formed, the transaction will be rejected.

The gateway will accept fields that are not specified in the API so long as the name used to describe the field is not identical to a field name in the API. These fields are called “user” fields and can contain any information that might be useful in the transaction. User fields will be echoed back with the results of the transaction and will be displayed on the merchant's receipts; they will not be displayed on the customer’s receipts

The following are some examples of HTML code, along with the server-side script, that can be customized and inserted into a merchant’s Website to provide easy ways to integrate the Website with the system. Server-side scripting capability on the merchant Website is required for this integration, as the script needs access to a secret transaction key that is stored securely in the merchant’s Web server. Sample code and library in ASP, PHP, and Perl are provided in the Merchant Interface. As part of the integration, the merchant Website must provide the appropriate parameters to the InsertFP or CalculateFP library functions that are provided with the sample code.

Example 1 – Minimum requirements for requesting a Payment Form

The following HTML code along with the server-side script represents the minimum data that would need to be inserted into a page to provide a connection to the system. It shows that the fingerprint, time stamp, and the sequence number are inserted into the HTML form POST along with Login ID and other required fields. The result of this HTML code snippet is a button. Clicking on the button will take the user to the gateway’s Payment Form.

A call to generate the fingerprint should be made when the button is clicked and before the Payment Form request is made to the gateway. A sequence number should be generated and the total amount of the tranaction calculated before the call to generate the fingerprint is made. The function used to generate the fingerprint takes these fields (amount, transaction key, Login ID, and sequence number) The transaction amount should not change after the fingerprint is generated. All trailing spaces need to be removed from the fields used to generate the fingerprint

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface. This function must be called within a server-side script on the merchant Web server. The above example shows the call being made in an ASP scripting environment.

Example 2 – Using a form to gather information

The following HTML code along with the server-side script demonstrates the ability to send additional information to the system, including information that is specified by the customer. The result of this HTML code snippet is a page that displays a form allowing the customer to specify their name and any specific shipping instructions. The x_First_Name and x_Last_Name fields are normal fields recognized by the system. The Shipping_Instructions field is not a field recognized by the system, and so it is treated as a user field. System-recognized fields can also be used for normal shipping information. The code also shows that the fingerprint, time stamp, and the sequence number are inserted into the HTML form POST along with Login ID and other required fields.

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

Enter your first name:

Enter your last name:

Enter Any special shipping instructions:

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface.

Example 3 – Requesting a Receipt Page

The following HTML code shows the request for the Receipt Page, including generating the fingerprint and sending it along with rest of the fields.

<FORM METHOD=POST ACTION="https://secure.authorize.net/gateway/transact.dll”>

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface.

Example 4 – Requesting a Payment Form and a Relay Response

The following are the minimum requirements for requesting a Relay Response from the gateway. This code includes the function for generating the fingerprint and sending it along with rest of the fields.

<FORM METHOD=POST ACTION="https://secure.authorize.net/gatewaytransact.dll/">

<% ret = InsertFP (loginid, txnkey, amount, sequence) %>

</FORM>

The function InsertFP is provided by the gateway and can be downloaded from the Merchant Interface.

Since the HTML code that is returned to the browser appears to come from the gateway server, any links to images need to be absolute URLs with the full path to the server on which the images reside. If relative URLs are used, the customer’s browser will try to load the images from the gateway server and would fail.

The URL specified in x_Relay_URL should be a script that can interactively parse the information that is posted to it. The URL can be a plain HTML page if a static response is desired for every transaction. In this scenario, the merchant's Web server will need to be configured to allow the POST method to plain HTML pages.

Use of frames is not recommended. Even though the Payment Form used will be secure the lock icon on the user’s taskbar will key off the surrounding frame and not off the Payment Form. The page will not look secure to the customer.

Redirects in the relay scripts are not recommended, as the information may not be transferred properly.

When the merchant’s response is relayed back to the customer, anything that is in the HTTP headers will be replaced. This means if a developer is relying on custom information to be in these headers, such as cookies, their implementation will most likely fail.

Standard Transaction Submission API for SIM

The Standard Transaction Submission API defines the information that can be submitted to the gateway for real-time transaction processing. The API consists of a set of fields that are required for each transaction, and a set of fields that are optional. Under the API, the gateway accepts a NAME/ VALUE pair. The NAME is the field name and indicates to the gateway what information is being submitted. The VALUE contains the content of the field. In transmitting information to the gateway the merchant site should post transactions to https://secure.authorize.net/gateway/transact.dll.

The following tables contain the data fields that may be submitted to the system with any transaction. The fields are grouped logically in the tables, based on the information submitted. Each table contains the following information:

Field – Name of the parameter that may be submitted on a transaction
Required – Indicates whether the field is required on a transaction. If Conditional, indicates that the field is required based on the existence or value of another field. In cases where a dependency exists, an explanation is provided.
Value – Lists the possible values that may be submitted for the field. In cases where a format is validated, an explanation is provided.
Max Length – Indicates the maximum number of characters that may be supplied for each field.
Description – Provides additional details on how the field is used

Merchant Account Information

The following fields in the API allow the system to identify the merchant submitting the transaction and the state of the merchant’s account on the gateway.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Login	Required	Varies by merchant 20		Pass the Login ID used to access the Merchant Interface.
x_Version	Optional If no value is specified, the value located in the Transaction Version settings within the Merchant Interface will be used.	3.1	3	Indicates to the system the set of fields that will be included in the response: • 3.0 is the standard version • 3.1 allows the merchant to utilize the Card Code feature
x_Test_Request	Optional	TRUE, FALSE	5	Indicates whether the transaction should be processed as a test transaction. Please refer to Appendix D for further information on this field.

Fingerprint Fields

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_FP_Hash	Required			This is the fingerprint generated using the HMAC-MD5 hashing algorithm on the merchant’s transaction key and the following fields: merchant Login ID (x_Login) the sequence number of the transaction (x_FP_Sequence) the time when the sequence number was generated (x_FP_Timestamp) amount of the transaction (x_Amount) and optionally the currency code (x_Currency_Code) The above fields are concatenated and separated by the “^” character.
x_FP_Sequence	Required			This is a merchant-determined value that ensures the fingerprint is unique.
x_FP_Timestamp	Required	UTC time in seconds since Jan 1, 1970.		This is the time of fingerprint generation. Merchant sends in this value to indicate when the fingerprint was generated.

Payment Form Fields

These fields are optional and need to be used only if the merchant is using the gateway’s Payment Form to collect payment data. All these fields except x_Show_Form can also be configured in the Merchant Interface and do not have to be submitted with each transaction.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Show_Form	Conditional Required if the merchant is using the gateway’s Payment Form	PAYMENT FORM		This field should be passed in with the value of PAYMENT FORM only if the merchant wishes to use the gateway’s Payment Form to collect payment data
x_Header_HTML_Payment_Form	Optional	Valid Text or HTML		The text submitted in this field will be displayed as the header on the Payment Form.
x_Footer_HTML_Payment_Form	Optional	Valid Text or HTML		The text submitted in this field will be displayed as the footer on the Payment Form.

Receipt Page Fields

All fields in this section are optional. The merchant can configure the information captured in these fields in the Merchant Interface instead of sending it in with every transaction.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Header_HTML_Receipt	Optional	Valid Text or HTML code.		The text contained in this field will be displayed at the top of the Receipt Page.
x_Footer_HTML_Receipt	Optional	Valid Text or HTML code		The text contained in this field will be displayed at the bottom of the Receipt Page.
x_Receipt_Link_Method	Optional	LINK POST GET		This field specifies the type of link that is made back to a merchant's Website.
x_Receipt_Link_Text	Optional	Any Valid text		If the x_Receipt_Link_Method is LINK, the value in this field will become a hyperlinked text on the receipt page If the x_receipt_link_method is GET or POST the value in this field becomes the text of a submit button. An HTML form is created in the Receipt Page that has hidden fields containing the results of the transaction processed.
x_Receipt_Link_URL	Optional	Any Valid URL		If the x_Receipt_Link_Method is LINK, the URL specified in the fields becomes the target of the hyperlinked text. If the x_Receipt_Link_Method is GET or POST, the URL will become the action of the HTML form. To be accepted as valid by the gateway, the URL must be configured in the Merchant Interface.

Fields Common to Both the Payment Form and Receipt Page

All fields in this section are optional. The merchant can configure the information captured in these fields in the Merchant Interface instead of sending it in on every transaction.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Logo_URL	Optional	Any valid URL		This field is ideal for displaying a merchant logo on a page. The target of this URL will be displayed on the header of the Payment Form and Receipt Page.
x_Background_URL	Optional	A valid URL		This field will allow the merchant to customize the background image of the Payment Form and Receipt Page. The target of the specified URL will be displayed as the background.
x_Color_Background	Optional	Any valid HTML color name or color hex code		Value in this field will set the background color for the Payment Form and Receipt Page.
x_Color_Link	Optional	Any valid HTML color name or color hex code		This field allows the color of the HTML links for the Payment Form and Receipt Page to be set to the value submitted in this field.
x_Color_Text	Optional	Any valid HTML color name or color hex code		This field allows the color of the text on the Payment Form and the Receipt Page to be set to the value submitted in this field.

Relay Response Fields

The following fields indicate to the gateway that the merchant is requesting a Relay Response. They should not be passed in if the merchant is requesting a Receipt Page or a Payment Form

FIELD

REQUIRED

VALUE

MAX LENGTH

DESCRIPTION

x_Relay_Response

Conditional – if the merchant requires a Relay Response

TRUE

This is required to be set to TRUE. This indicates to the gateway that the response will be relayed to the customer’s browser

x_Relay_URL

Optional

Any valid URL

Contains the URL to which the gateway will post the response. The gateway will validate the URL submitted in this field with the values configured through the Merchant Interface. The gateway will reject the transaction if the value submitted does not match any of the URLs configured through the Merchant Interface.

If no value is passed in this field, gateway will post the response to the default relay URL configured in the Merchant Interface. the

Customer Name and Billing Address

The customer billing address fields listed below contain customer billing address information associated with each transaction.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_First_Name	Optional	Any string	50	Contains the first name of the customer associated with the billing address for the transaction.
x_Last_Name	Optional	Any string	50	Contains the last name of the customer associated with the billing address for the transaction.
x_Company	Optional	Any string	50	Contains the company name associated with the billing address for the transaction.
x_Address	Optional	Any string	60	Contains the address of the customer associated with the billing address for the transaction.
x_City	Optional	Any string	40	Contains the city of the customer associated with the billing address for the transaction.
x_State	Optional If passed, the value will be verified.	Any valid two-character state code or full state name	40	Contains the state of the customer associated with the billing address for the transaction.
x_Zip	Optional	Any string	20	Contains the zip of the customer associated with the billing address for the transaction.
x_Country	Optional If passed, the value will be verified.	Any valid two-character country code or full country name (spelled in English)	60	Contains the country of the customer associated with the billing address for the transaction.
x_Phone	Optional	Any string 25 Recommended format is (123)123-1234		Contains the phone number of the customer associated with the billing address for the transaction.
x_Fax	Optional	Any string 25 Recommended format is (123)123-1234		Contains the fax number of the customer associated with the billing address for the transaction.

Additional Customer Data

Merchants may provide additional customer information with a transaction, based on their respective requirements.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Cust_ID	Optional	Any string	20	Unique identifier to represent the customer associated with the transaction.
x_Customer_IP	Optional	Required format is 255.255.255.255. If this value is not passed, it will default to 255.255.255.255 15		IP address of the customer initiating the transaction.
x_Customer_Tax_ID	Optional	9 digits/numbers only	9	Tax ID or SSN of the customer initiating the transaction.

Email Settings

The following fields describe how and when emails will be sent when transactions are processed by the system.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Email	Optional	Any valid email address	255	Email address to which the customer’s copy of the confirmation email is sent. No email will be sent to the customer if the email address does not meet standard email format checks.
x_Email_Customer	Optional	TRUE, FALSE If no value is submitted, system will default to the value configured in the Merchant Interface.	5	Indicates whether a confirmation email should be sent to the customer.
x_Merchant_Email	Optional	Any valid email address	255	Email address to which the merchant’s copy of the customer confirmation email should be sent. If a value is submitted, an email will be sent to this address as well as the address(es) configured in the Merchant Interface.

Invoice Information

Based on their respective requirements, merchants may submit invoice information with a transaction. Two invoice fields are provided in the gateway API.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Invoice_Num	Optional	Any string	20	Merchant-assigned invoice number.
x_Description	Optional	Any string	255	Description of the transaction.

Customer Shipping Address

The following fields describe the customer shipping information that may be submitted with each transaction.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Ship_To_First_Name	Optional	Any string	50	Contains the customer shipping first name.
x_Ship_To_Last_Name	Optional	Any string	50	Contains the customer shipping last name.
x_Ship_To_Company	Optional	Any string	50	Contains the customer shipping company.
x_Ship_To_Address	Optional	Any string	60	Contains the customer shipping address.
x_Ship_To_City	Optional	Any string	40	Contains the customer shipping city.
x_Ship_To_State	Optional If passed, the value will be verified.	Any valid two-digit state code or full state name	40	Contains the customer shipping state.
x_Ship_To_Zip	Optional	Any string	20	Contains the customer shipping zip.
x_Ship_To_Country	Optional If passed, the value will be verified.	Any valid two-digit country code or full country name (spelled in English)	60	Contains the customer shipping country.

Transaction Data

The following fields contain transaction-specific information such as amount, payment method, and transaction type.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Amount	Required	Any amount	15	Total value to be charged or credited inclusive of tax.
x_Currency_Code	Optional	Valid currency code	3	Currency of the transaction amount. If left blank, this value will default to the value specified in the Merchant Interface. See Appendix G for other values.
x_Method	Required	CC, ECHECK	N/A	Indicates the method of payment for the transaction being sent to the system. If left blank, this value will default to CC.
x_Type	Required AUTH_	CAPTURE, AUTH_ONLY, CAPTURE_ONLY, CREDIT, VOID, PRIOR_AUTH_CAPTURE	N/A	Indicates the type of transaction. If the value in the field does not match any of the values stated, the transaction will be rejected. If no value is submitted in this field, the gateway will process the transaction as an AUTH_CAPTURE.
x_Recurring_Billing	Optional	YES, NO	3	Indicates whether the transaction is a recurring billing transaction.
x_Bank_ABA_Code	Conditional Required if x_Method = ECHECK	Valid routing number	9	Routing number of a bank for eCheck.Net transactions.
x_Bank_Acct_Num	Conditional Required if x_Method = ECHECK	Valid account number	20	Checking or savings account number.
x_Bank_Acct_Type	Conditional Required if x_Method = ECHECK	CHECKING, SAVINGS	8	Describes the type of bank account; if no value is provided, default is set to CHECKING.
x_Bank_Name	Conditional Valid Required if x_Method = ECHECK	bank name	50	Contains the name of the customer’s financial institution.
x_Bank_Acct_Name	Conditional Required if x_Method = ECHECK	Name on the Customer’s bank account		Is the customer’s name as it appears on their bank account
x_Echeck_Type	Conditional WEB Required if x_Method = ECHECK			This indicates that the e-check payment request originated from a Website. The system will default this value to WEB if no value is sent.
x_Card_Num	Conditional Numeric Required if x_Method = CC	credit card number	22	Contains the credit card number.
x_Exp_Date	Conditional MMYY, Required if x_Method = CC	MM/YY, MM-YY, MMYYYY, MM/YYYY, MM-YYYY, YYYY-MM-DD, YYYY/MM/DD	N/A	Contains the date on which the credit card expires.
x_Card_Code	Optional	Valid CVV2, CVC2 or CID value 4		Three- or four- digit number on the back of a credit card.
x_Trans_ID	Conditional Valid Required if x_Type = CREDIT, VOID, or PRIOR_AUTH_CAPTURE	transaction ID	10	ID of a transaction previously authorized by the gateway.
x_Auth_Code	Conditional Valid Required if x_Type = CAPTURE_ONLY	authorization code	6	Authorization code for a previous transaction not authorized on the gateway that is being submitted for capture.

Level 2 Data

The system supports Level 2 transaction data by providing the following fields as part of the transaction submission API.

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_PO_Num	Optional	Any string	25	Contains the purchase order number.
x_Tax	Optional	Any valid amount	15	Contains the tax amount.
x_Tax_Exempt	Optional	TRUE, FALSE	5	Indicates whether the transaction is tax exempt.
x_Freight	Optional	Any valid amount	10	Contains the freight amount charged.
x_Duty	Optional	Any valid amount	10	Contains the amount charged for duty.

Transaction Submission API for Wells Fargo SecureSource Merchants

For merchants who process transactions through the Wells Fargo SecureSource product, some additional rules apply to transaction processing. Fields that are optional in the Standard Transaction Submission API are required for Wells Fargo SecureSource merchants. The following tables describe these required fields. Only those fields that are different from the standard API are called out in this section.

Customer Name and Billing Address

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_First_Name	Required	Any string	50	Contains the first name of the customer associated with the billing address for the transaction.
x_Last_Name	Required	Any string	50	Contains the last name of the customer associated with the billing address for the transaction.
x_Company	Required	Any string	50	Contains the company name associated with the billing address for the transaction.
x_Address	Required	Any string	60	Contains the address of the customer associated with the billing address for the transaction.
x_City	Required	Any string	40	Contains the city of the customer associated with the billing address for the transaction.
x_State	Required	Any valid two-digit state code or full state name	40	Contains the state of the customer associated with the billing address for the transaction.
x_Zip	Required	Any string	20	Contains the zip of the customer associated with the billing address for the transaction.
x_Country	Required	Any valid two-digit country code or full country name (spelled in English)	60	Contains the country of the customer associated with the billing address for the transaction.
x_Phone	Required Any string Recommended format is (123)123-1234	25		Contains the phone number of the customer associated with the billing address for the transaction.

Email Settings

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Email	Required	Any valid email address	255	Email address to which a confirmation email is sent.

Additional Customer Data

FIELD	REQUIRED	VALUE	MAX LENGTH	DESCRIPTION
x_Customer_IP	Required	Required format is 255.255.255.255. If this value is not passed, it will default to 255.255.255.255.	15	IP address of the customer initiating the transaction.
x_Customer_Organization_Type	Required	I, B I = Individual B = Business	N/A	Required for all eCheck transactions for Wells Fargo SecureSource Merchants.
x_Customer_Tax_ID	Conditional IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB	9 digits or numbers only	9	Tax ID or SSN of the customer initiating the transaction. If the Tax ID or SSN is not available, the customer’s driver’s license number, driver’s license state and date of birth must be used in its place.
x_Drivers_License_Num	Conditional IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB		50	Required for all eCheck transactions for Wells Fargo SecureSource Merchants where the Tax ID or SSN is not provided.
x_Drivers_License_State	Conditional IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB	2-character state abbreviation	2	Required for all eCheck transactions for Wells Fargo SecureSource Merchants where the Tax ID or SSN is not provided.
x_Drivers_License_DOB	Conditional IF x_Type = ECHECK, merchant must provide EITHER x_Customer_Tax_ID OR x_Drivers_License_Num AND x_Drivers_License_State AND x_Drivers_License_DOB	YYYY-MM-DDD, YYYY/MM/DD, MM/DD/YYYY, MM-DD-YYYY,	N/A	Required for all eCheck transactions for Wells Fargo SecureSource Merchants where the Tax ID or SSN is not provided.

Gateway Response API

This section describes the response returned by the gateway when a transaction is submitted for processing. The gateway response to a transaction submitted via SIM is either a Receipt Page that is displayed to the consumer or a POST string to a site designated by the merchant. The merchant can then parse the POST string, customize a response, and submit it back to the gateway. The gateway will then relay the response to the customer’s browser.

Fields in the Gateway Response

The following table indicates the order of fields returned in the SIM response from the gateway to the merchant server for a Relay Response. Any fields that were sent to the gateway in addition to the fields described in the Standard Transaction Submission API are returned in the response after the set of fields described in the table below.

FIELD NAME OF VALUE IN RESPONSE	INFORMATION	DESCRIPTION
x_Response_Code	Response Code	Indicates the result of the transaction: 1 = Approved 2 = Declined 3 = Error
x_Response_Subcode	Response Subcode	A code used by the system for internal transaction tracking.
x_Response_Reason_Code	Response Reason Code	A code representing more details about the result of the transaction.
x_Response_Reason_Text	Response Reason Text	Brief description of the result, which corresponds with the Response Reason Code.
x_Auth_Code	Approval Code	The six-digit alphanumeric authorization or approval code.
x_AVS_Code	AVS Result Code	Indicates the result of Address Verification System (AVS) checks: A = Address (Street) matches, ZIP does not B = Address information not provided for AVS check E = AVS error G = Non-U.S. Card Issuing Bank N = No Match on Address (Street) or ZIP P = AVS not applicable for this transaction R = Retry – System unavailable or timed out S = Service not supported by issuer U = Address information is unavailable W = 9 digit ZIP matches, Address (Street) does not X = Address (Street) and 9 digit ZIP match Y = Address (Street) and 5 digit ZIP match Z = 5 digit ZIP matches, Address (Street) does not
x_Trans_ID	Transaction ID	This number identifies the transaction in the system and can be used to submit a modification of this transaction at a later time, such as voiding, crediting or capturing the transaction.
x_Invoice_Num	Invoice Number	Echoed from form input value for x_Invoice_Num.
x_Description	Description	Echoed from form input value for x_Description.
x_Amount	Amount	Echoed from form input value for x_Amount.
x_Method	Method	Echoed from form input value for x_Method.
x_Type	Transaction Type	Echoed from form input value for x_Type.
x_Cust_ID	Customer ID	Echoed from form input value for x_Cust_ID.
x_First_Name	Cardholder First Name	Echoed from form input value for x_First_Name.
x_Last_Name	Cardholder Last Name	Echoed from form input value for x_Last_Name.
x_Company	Company	Echoed from form input value for x_Company.
x_Address	Billing Address	Echoed from form input value for x_Address.
x_City	City	Echoed from form input value for x_City.
x_State	State	Echoed from form input value for x_State.
x_Zip	Zip	Echoed from form input value for x_Zip.
x_Country	Country	Echoed from form input value for x_Country.
x_Phone	Phone	Echoed from form input value for x_Phone.
x_Fax	Fax	Echoed from form input value for x_Fax.
x_Email	Email	Echoed from form input value for x_Email.
x_Ship_To_First_Name	Ship to First Name	Echoed from form input value for x_Ship_To_First_Name.
x_Ship_To_Last_Name	Ship to Last Name	Echoed from form input value for x_Ship_To_Last_Name.
x_Ship_To_Company	Ship to Company	Echoed from form input value for x_Ship_To_Company.
x_Ship_To_Address	Ship to Address	Echoed from form input value for x_Ship_To_Address.
x_Ship_To_City	Ship to City	Echoed from form input value for x_Ship_To_City.
x_Ship_To_State	Ship to State	Echoed from form input value for x_Ship_To_State.
x_Ship_To_Zip	Ship to Zip	Echoed from form input value for x_Ship_To_Zip.
x_Ship_To_Country	Ship to Country	Echoed from form input value for x_Ship_To_Country.
x_Tax	Tax Amount	Echoed from form input value for x_Tax.
x_Duty	Duty Amount	Echoed from form input value for x_Duty.
x_Freight	Freight Amount	Echoed from form input value for x_Freight.
x_Tax_Exempt	Tax Exempt Flag	Echoed from form input value for x_Tax_Exempt.
x_PO_Num	PO Number	Echoed from form input value for x_PO_Num.
x_MD5_Hash	MD5 Hash	System-generated hash that may be validated by the merchant to authenticate a transaction response received from the gateway.
x_CVV2_Resp_Code	Card Code (CVV2/CVC2/CID) Response Code	Indicates the results of Card Code verification: