Below is a description of the variables will be posted to the merchant's CallbackURL. These comprise the "Payment Complete" output API of the payment form

Variable Name	Data Type	Max Length	Comments
HashDigest	A	-	A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID	A	15	The merchant ID that was used to process the transaction
StatusCode	N	-	This indicates the status of the transaction: 0: transaction successful 5: card referred 5: card declined 20: duplicate transaction 30: exception
Message	A	512	This gives a more detailed description of the status of the transaction
PreviousStatusCode	N	-	If the transaction was deemed to be a duplicate transaction, this indicates the status of the previous transaction
PreviousMessage	A	512	If the transaction was deemed to be a duplicate transaction, this gives a more detailed description of the status of the previous transaction
CrossReference	A	25	This is the unique cross reference for this transaction. If the transaction was determined to be a duplicate transaction, this value will hold the cross reference of the previous transaction, which this transaction was deemed a duplicate of
AddressNumericCheckResult	A	-	If requested (input variable "EchoAVSCheckResult = true") this gives the results of the address numeric check - will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
PostCodeCheckResult	A	-	If requested (input variable "EchoAVSCheckResult = true") this gives the results of the post code check - will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
CV2CheckResult	A	-	If requested (input variable "EchoCV2CheckResult = true") this gives the results of the CV2 check - will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
ThreeDSecureAuthenticationCheckResult	A	-	If 3D Secure policy is enabled (input variable "ThreeDSecureOverridePolicy = true") this will give the the results of the 3D Secure check
FraudProtectionCheckResult	A	-	If requested (input variable "EchoFraudProtectionCheckResult = true") this gives the results of the Fraud protection check - will be PASSED, FAILED, CHALLENGE or ERROR
CardType	A	-	If requested (input variable "EchoCardType = true") this gives the card type of the transaction
CardClass	A	-	If requested (input variable "EchoCardType = true") this gives the card class of the transaction
CardIssuer	A	-	If requested (input variable "EchoCardType = true") this gives the card issuer (if known)
CardIssuerCountryCode	N	3	If requested (input variable "EchoCardType = true") this gives the 3 digit code of the country the card was issued in (if known)
CardNumberFirstSix	N	6	If requested (input variable "EchoCardNumberFirstSix = true") this gives the first 6 digits of the card number of the transaction
CardNumberLastFour	N	4	If requested (input variable "EchoCardNumberLastFour = true") this gives the last 4 digits of the card number of the transaction
CardExpiryDate	DT	5	If requested (input variable "EchoCardExpiryDate = true") this gives the expiry date of the card of the transaction. Will be in the form "MM/YY" e.g. "12/14"
Amount	N	13	The amount, in minor currency, of the transaction that was processed
CurrencyCode	N	3	The currency code of the transaction that was processed. ISO 4217 e.g. GBP: 826
OrderID	A	50	The order ID of the transaction that was processed. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType	-	-	The transaction type of the transaction that was processed. Will be either SALE or PREAUTH
TransactionDateTime	DT	-	The date & time (as seen by the gateway server) of the transaction. Will be in the form "YYYY-MM-DD HH:MM:SS +OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
OrderDescription	A	256	The order description of the transaction that was processed. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount	N	15	The line items' sales tax amount as it was submitted to the gateway
LineItemSalesTaxDescription	A	50	The line items' sales tax description as it was submitted to the gateway
LineItemQuantity	N	15	A single line item's quantity as it was submitted to the gateway. When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
LineItemAmount	N	15	A single line item's amount as it was submitted to the gateway. When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
LineItemDescription	A	100	A single line item's description as it was submitted to the gateway. When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
Address1	A	100	Customer's billing address line 1 as it was submitted to the gateway
Address2	A	50	Customer's billing address line 2 as it was submitted to the gateway
Address3	A	50	Customer's billing address line 3 as it was submitted to the gateway
Address4	A	50	Customer's billing address line 4 as it was submitted to the gateway
City	A	50	Customer's billing city as it was submitted to the gateway
State	A	50	Customer's billing state as it was submitted to the gateway
PostCode	A	50	Customer's billing post code as it was submitted to the gateway
CountryCode	N	3	Customer's billing country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
EmailAddress	A	100	The customer's email address as it was submitted to the gateway
PhoneNumber	A	30	The customer's phone number as it was submitted to the gateway
DateOfBirth	A	10	The customer's date of birth as it was submitted to the gateway
ShippingName	A	100	Customer's shipping name
ShippingAddress1	A	100	Customer's shipping address line 1 as it was submitted to the gateway
ShippingAddress2	A	50	Customer's shipping address line 2 as it was submitted to the gateway
ShippingAddress3	A	50	Customer's shipping address line 3 as it was submitted to the gateway
ShippingAddress4	A	50	Customer's shipping address line 4 as it was submitted to the gateway
ShippingCity	A	50	Customer's shipping city as it was submitted to the gateway
ShippingState	A	50	Customer's shipping state as it was submitted to the gateway
ShippingPostCode	A	50	Customer's shipping post code as it was submitted to the gateway
ShippingCountryCode	N	3	Customer's shipping country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
ShippingEmailAddress	A	100	The customer's shipping email address as it was submitted to the gateway
ShippingPhoneNumber	A	30	The customer's shipping phone number as it was submitted to the gateway

Below is the order that the variables will be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with

Variable Name	Mandatory	Comments
PreSharedKey	See comments	The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID	Yes
Password	Yes
StatusCode	Yes
Message	Yes
PreviousStatusCode	Yes	Must be included as "PreviousStatusCode=" if an empty variable in the form
PreviousMessage	Yes	Must be included as "PreviousMessage=" if an empty variable in the form
CrossReference	Yes
AddressNumericCheckResult	Yes	Must be included as "AddressNumericCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PostCodeCheckResult	Yes	Must be included as "PostCodeCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CV2CheckResult	Yes	Must be included as "CV2CheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ThreeDSecureAuthenticationCheckResult	Yes	Must be included as "ThreeDSecureAuthenticationCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
FraudProtectionCheckResult	Yes	Must be included as "FraudProtectionCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardType	Yes	Must be included as "CardType=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardClass	Yes	Must be included as "CardClass=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuer	Yes	Must be included as "CardIssuer=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuerCountryCode	Yes	Must be included as "CardIssuerCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberFirstSix	Yes	Must be included as "CardNumberFirstSix=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberLastFour	Yes	Must be included as "CardNumberLastFour=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardExpiryDate	Yes	Must be included as "CardExpiryDate=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
Amount	Yes
CurrencyCode	Yes
OrderID	Yes	Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType	Yes
TransactionDateTime	Yes
OrderDescription	Yes	Must be included as "OrderDescription=" if an empty variable in the form. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount	No	Must be included as "LineItemSalesTaxAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemSalesTaxDescription	No	Must be included as "LineItemSalesTaxDescription =" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemQuantity	No	Must be included as "LineItemQuantity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemAmount	No	Must be included as "LineItemAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemDescription	No	Must be included as "LineItemDescription=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
Address1	Yes	Must be included as "Address1=" if an empty variable in the form
Address2	Yes	Must be included as "Address2=" if an empty variable in the form
Address3	Yes	Must be included as "Address3=" if an empty variable in the form
Address4	Yes	Must be included as "Address4=" if an empty variable in the form
City	Yes	Must be included as "City=" if an empty variable in the form
State	Yes	Must be included as "State=" if an empty variable in the form
PostCode	Yes	Must be included as "PostCode=" if an empty variable in the form
CountryCode	Yes	Must be included as "CountryCode=" if an empty variable in the form
EmailAddress	Yes	Must be included as "EmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PhoneNumber	Yes	Must be included as "PhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
DateOfBirth	Yes	Must be included as "DateOfBirth=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingName	Yes	Must be included as "ShippingName=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress1	Yes	Must be included as "ShippingAddress1=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress2	Yes	Must be included as "ShippingAddress2=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress3	Yes	Must be included as "ShippingAddress3=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress4	Yes	Must be included as "ShippingAddress4=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCity	Yes	Must be included as "ShippingCity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingState	Yes	Must be included as "ShippingState=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPostCode	Yes	Must be included as "ShippingPostCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCountryCode	Yes	Must be included as "ShippingCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingEmailAddress	Yes	Must be included as "ShippingEmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPhoneNumber	Yes	Must be included as "ShippingPhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)

These are the transaction result variables that are PUSHED to the merchant's external server (ServerResultURL) after the transaction has been processed, but before the customer is redirected back to the merchant's webshop.

Variable Name	Data Type	Max Length	Comments
HashDigest	A	-	A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID	A	15	The merchant ID that was used to process the transaction
StatusCode	N	-	This indicates the status of the transaction: 0: transaction successful 4: card referred 5: card declined 20: duplicate transaction 30: exception
Message	A	512	This gives a more detailed description of the status of the transaction
PreviousStatusCode	N	-	If the transaction was deemed to be a duplicate transaction, this indicates the status of the previous transaction
PreviousMessage	A	512	If the transaction was deemed to be a duplicate transaction, this gives a more detailed description of the status of the previous transaction
CrossReference	A	24	This is the unique cross reference for this transaction. If the transaction was determined to be a duplicate transaction, this value will hold the cross reference of the previous transaction (which this transaction was deemed a duplicate of)
AddressNumericCheckResult	A	-	If requested (input variable "EchoAVSCheckResult = true") this gives the results of the address numeric check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
PostCodeCheckResult	A	-	If requested (input variable "EchoAVSCheckResult = true") this gives the results of the post code check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
CV2CheckResult	A	-	If requested (input variable "EchoCV2CheckResult = true") this gives the results of the CV2 check – will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
ThreeDSecureAuthenticationCheckResult	A	-	If requested (input variable "EchoThreeDSecureAuthenticationCheckResult = true") this gives the results of the 3D Secure check - will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
FraudProtectionCheckResult	A	-	If requested (input variable "EchoFraudProtectionCheckResult = true") this gives the results of the Fraud protection check – will be PASSED, FAILED, CHALLENGE or ERROR
CardType	A	-	If requested (input variable "EchoCardType = true") this gives the card type of the transaction
CardClass	A	-	If requested (input variable "EchoCardType = true") this gives the card class of the transaction
CardIssuer	A	-	If requested (input variable "EchoCardType = true") this gives the card issuer (if known)
CardIssuerCountryCode	N	3	If requested (input variable "EchoCardType = true") this gives the 3 digit code of the country the card was issued in (if known)
CardNumberFirstSix	N	6	If requested (input variable "EchoCardNumberFirstSix = true") this gives the first 6 digits of the card number of the transaction
CardNumberLastFour	N	4	If requested (input variable "EchoCardNumberLastFour = true") this gives the last 4 digits of the card number of the transaction
CardExpiryDate	DT	5	If requested (input variable "EchoCardExpiryDate = true") this gives the expiry date of the card of the transaction. Will be in the form "MM/YY" e.g. "12/14"
Amount	N	13	The amount, in minor currency, of the transaction that was processed
CurrencyCode	N	3	The currency code of the transaction that was processed. ISO 4217 e.g. GBP: 826
OrderID	A	50	The order ID of the transaction that was processed. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType	-	-	The transaction type of the transaction that was processed. Will be either SALE or PREAUTH
TransactionDateTime	DT	-	The date & time (as seen by the gateway server) of the transaction. Will be in the form "YYYY-MM-DD HH:MM:SS ±OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
OrderDescription	A	256	The order description of the transaction that was processed. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount	N	15	The line items' sales tax amount as it was submitted to the gateway
LineItemSalesTaxDescription	A	50	The line items' sales tax description as it was submitted to the gateway
LineItemQuantity	N	15	A single line item's quantity as it was submitted to the gateway
LineItemAmount	N	15	A single line item's amount as it was submitted to the gateway
LineItemDescription	A	100	A single line item's description as it was submitted to the gateway
CustomerName	A	100	The name of the customer as it was submitted to the gateway
Address1	A	100	Customer's billing address line 1 as it was submitted to the gateway
Address2	A	50	Customer's billing address line 2 as it was submitted to the gateway
Address3	A	50	Customer's billing address line 3 as it was submitted to the gateway
Address4	A	50	Customer's billing address line 4 as it was submitted to the gateway
City	A	50	Customer's billing city as it was submitted to the gateway
State	A	50	Customer's billing state as it was submitted to the gateway
PostCode	A	50	Customer's billing post code as it was submitted to the gateway
CountryCode	N	3	Customer's billing country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
EmailAddress	A	100	The customer's email address as it was submitted to the gateway
PhoneNumber	A	30	The customer's phone number as it was submitted to the gateway
DateOfBirth	A	10	The customer's date of birth as it was submitted to the gateway
ShippingName	A	100	The shipping name of the customer as it was submitted to the gateway
ShippingAddress1	A	100	Customer's shipping address line 1 as it was submitted to the gateway
ShippingAddress2	A	50	Customer's shipping address line 2 as it was submitted to the gateway
ShippingAddress3	A	50	Customer's shipping address line 3 as it was submitted to the gateway
ShippingAddress4	A	50	Customer's shipping address line 4 as it was submitted to the gateway
ShippingCity	A	50	Customer's shipping city as it was submitted to the gateway
ShippingState	A	50	Customer's shipping state as it was submitted to the gateway
ShippingPostCode	A	50	Customer's shipping post code as it was submitted to the gateway
ShippingCountryCode	N	3	Customer's shipping country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
ShippingEmailAddress	A	100	The customer's shipping email address as it was submitted to the gateway
ShippingPhoneNumber	A	30	The customer's shipping phone number as it was submitted to the gateway
PrimaryAccountName	A	100	The name of the primary account holder as it was submitted to the gateway
PrimaryAccountNumber	A	50	The account number of the primary account as it was submitted to the gateway
PrimaryAccountDateOfBirth	A	10	The date of birth of the primary account holder as it was submitted to the gateway
PrimaryAccountPostCode	A	50	The post code of the primary account holder as it was submitted to the gateway

Below is the order that the variables should be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with

Variable Name	Mandatory	Comments
PreSharedKey	See comments	The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID	Yes
Password	Yes
StatusCode	Yes
Message	Yes
PreviousStatusCode	Yes	Must be included as "PreviousStatusCode=" if an empty variable in the form
PreviousMessage	Yes	Must be included as "PreviousMessage=" if an empty variable in the form
CrossReference	Yes
AddressNumericCheckResult	Yes	Must be included as "AddressNumericCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PostCodeCheckResult	Yes	Must be included as "PostCodeCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CV2CheckResult	Yes	Must be included as "CV2CheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ThreeDSecureAuthenticationCheckResult	Yes	Must be included as "ThreeDSecureAuthenticationCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
FraudProtectionCheckResult	Yes	Must be included as "FraudProtectionCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardType	Yes	Must be included as "CardType=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardClass	Yes	Must be included as "CardClass=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuer	Yes	Must be included as "CardIssuer=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuerCountryCode	Yes	Must be included as "CardIssuerCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberFirstSix	Yes	Must be included as "CardNumberFirstSix=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberLastFour	Yes	Must be included as "CardNumberLastFour=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardExpiryDate	Yes	Must be included as "CardExpiryDate=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
Amount	Yes
CurrencyCode	Yes
OrderID	Yes	Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType	Yes
TransactionDateTime	Yes
OrderDescription	Yes	Must be included as "OrderDescription=" if an empty variable in the form. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount	No	Must be included as "LineItemSalesTaxAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemSalesTaxDescription	No	Must be included as "LineItemSalesTaxDescription =" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemQuantity	No	Must be included as "LineItemQuantity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemAmount	No	Must be included as "LineItemAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemDescription	No	Must be included as "LineItemDescription=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CustomerName	Yes	Must be included as "CustomerName=" if an empty variable in the form
Address1	Yes	Must be included as "Address1=" if an empty variable in the form
Address2	Yes	Must be included as "Address2=" if an empty variable in the form
Address3	Yes	Must be included as "Address3=" if an empty variable in the form
Address4	Yes	Must be included as "Address4=" if an empty variable in the form
City	Yes	Must be included as "City=" if an empty variable in the form
State	Yes	Must be included as "State=" if an empty variable in the form
PostCode	Yes	Must be included as "PostCode=" if an empty variable in the form
CountryCode	Yes	Must be included as "CountryCode=" if an empty variable in the form
EmailAddress	Yes	Must be included as "EmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PhoneNumber	Yes	Must be included as "PhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
DateOfBirth	Yes	Must be included as "DateOfBirth=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingName	Yes	Must be included as "ShippingName=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress1	Yes	Must be included as "ShippingAddress1=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress2	Yes	Must be included as "ShippingAddress2=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress3	Yes	Must be included as "ShippingAddress3=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress4	Yes	Must be included as "ShippingAddress4=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCity	Yes	Must be included as "ShippingCity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingState	Yes	Must be included as "ShippingState=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPostCode	Yes	Must be included as "ShippingPostCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCountryCode	Yes	Must be included as "ShippingCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingEmailAddress	Yes	Must be included as "ShippingEmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPhoneNumber	Yes	Must be included as "ShippingPhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountName	Yes	Must be included as "PrimaryAccountName=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountNumber	Yes	Must be included as "PrimaryAccountNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountDateOfBirth	Yes	Must be included as "PrimaryAccountDateOfBirth=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountPostCode	Yes	Must be included as "PrimaryAccountPostCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)

These are the response variables from the merchant's external server (ServerResultURL). NOTE: the merchant's server MUST adhere to this specification. If the payment form CANNOT be sure that the results were delivered to the merchant's system, it WILL NOT redirect the customer back to the merchant's webshop, and will display the transaction result to the customer directly (regardless of the value of PaymentFormDisplaysResult). If this happens, an email will be sent to the merchant detailing the transaction result

Variable Name	Data Type	Max Length	Comments
StatusCode	N	-	The StatusCode returned from the merchant's external server (ServerResultURL). This indicates whether the merchant's system successfully received and procesed the transaction result
Message	A	-	In the case of a non-zero StatusCode from the merchant's system, this gives more information about the failure.

These are the output variables delivered to the merchant's CallbackURL after the transaction has been processed. These variables will be delivered as query string variables on the URL.

Variable Name	Data Type	Max Length	Comments
HashDigest	A	-	A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID	A	15	The merchant ID that was used to process the transaction
CrossReference	A	-	The unique CrossReference of the transaction
OrderID	A	-	The unique OrderID of the transaction

Below is the order that the variables should be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with

Variable Name	Mandatory	Comments
PreSharedKey	See comments	The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID	Yes
Password	Yes
CrossReference	Yes
OrderID	Yes

These are the output variables delivered to the merchant's CallbackURL after the transaction has been processed. These variables will be delivered as query string variables on the URL.

Variable Name	Data Type	Max Length	Comments
HashDigest	A	-	A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID	A	15	The merchant ID that was used to process the transaction
CrossReference	A	24	This is the unique cross reference for the transaction
OrderID	A	50	The order ID of the transaction that was processed

Below is the order that the variables should be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with

Variable Name	Mandatory	Comments
PreSharedKey	See comments	The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID	Yes
Password	Yes
CrossReference	Yes
OrderID	Yes

These are the request variables directly posted by the merchant's webshop to our transaction result query handler. The external URL address to send the request to is:

Variable Name	Data Type	Max Length	Comments
MerchantID	A	15	The merchant ID that was used to process the transaction
Password	A	-	The password that corresponds to the gateway account
CrossReference	A	24	This is the unique cross reference for the transaction.
EchoAVSCheckResult	B	true/false	Instructs the transaction result query handler to include the AVS check result of the transaction in the transaction result variable list
EchoCV2CheckResult	B	true/false	Instructs the transaction result query handler to include the CV2 check result of the transaction in the transaction result variable list
EchoThreeDSecureAuthenticationCheckResult	B	true/false	Instructs the transaction result query handler to include the 3D Secure check result of the transaction in the transaction result variable list
EchoFraudProtectionCheckResult	B	true/false	Instructs the transaction result query handler to include the Fraud protection check result of the transaction in the transaction result variable list
EchoCardType	B	true/false	Instructs the transaction result query handler to include the card type of the transaction in the transaction result variable list
EchoCardNumberFirstSix	B	true/false	Instructs the transaction result query handler to include the first 6 digits of the card number of the transaction in the transaction result variable list
EchoCardNumberLastFour	B	true/false	Instructs the transaction result query handler to include the last 4 digits of the card number of the transaction in the transaction result variable list
EchoCardExpiryDate	B	true/false	Instructs the transaction result query handler to include the expiry date of the card of the transaction in the transaction result variable list

These are the response variables from our transaction result query handler.

Variable Name	Data Type	Max Length	Comments
StatusCode	N	-	This indicates the status of the transaction result query: 0: success 30: exception
Message	A	-	This gives a more detailed description of the status of the transaction result query
TransactionResult	A	-	This is the URL encoded transaction result (see below for transaction result structure). Note: If StatusCode=30 this variable will not be returned by the external sever

These are the transaction result variables. These variables are used to allow the merchant to display the payment result to the customer.

Variable Name	Data Type	Max Length	Comments
MerchantID	A	15	The merchant ID that was used to process the transaction
StatusCode	N	-	This indicates the status of the transaction: 0: transaction successful 4: card referred 5: card declined 20: duplicate transaction 30: exception
Message	A	512	This gives a more detailed description of the status of the transaction
PreviousStatusCode	N	-	If the transaction was deemed to be a duplicate transaction, this indicates the status of the previous transaction
PreviousMessage	A	512	If the transaction was deemed to be a duplicate transaction, this gives a more detailed description of the status of the previous transaction
CrossReference	A	24	This is the unique cross reference for this transaction. If the transaction was determined to be a duplicate transaction, this value will hold the cross reference of the previous transaction (which this transaction was deemed a duplicate of)
AddressNumericCheckResult	A	-	If requested (request variable "EchoAVSCheckResult = true") this gives the results of the address numeric check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
PostCodeCheckResult	A	-	If requested (request variable "EchoAVSCheckResult = true") this gives the results of the post code check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
CV2CheckResult	A	-	If requested (request variable "EchoCV2CheckResult = true") this gives the results of the CV2 check – will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
ThreeDSecureAuthenticationCheckResult	A	-	If requested (request variable "EchoThreeDSecureAuthenticationCheckResult = true") this gives the results of the 3D Secure check - will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
FraudProtectionCheckResult	A	-	If requested (request variable "EchoFraudProtectionCheckResult = true") this gives the results of the Fraud protection check – will be PASSED, FAILED, CHALLENGE or ERROR
CardType	A	-	If requested (request variable "EchoCardType = true") this gives the card type of the transaction
CardClass	A	-	If requested (request variable "EchoCardType = true") this gives the card class of the transaction
CardIssuer	A	-	If requested (request variable "EchoCardType = true") this gives the card issuer (if known)
CardIssuerCountryCode	A	3	If requested (request variable "EchoCardType = true") this gives the 3 digit code of the country the card was issued in (if known)
CardNumberFirstSix	N	6	If requested (request variable "EchoCardNumberFirstSix = true") this gives the first 6 digits of the card number of the transaction
CardNumberLastFour	N	4	If requested (request variable "EchoCardNumberLastFour = true") this gives the last 4 digits of the card number of the transaction
CardExpiryDate	DT	5	If requested (request variable "EchoCardExpiryDate = true") this gives the expiry date of the card of the transaction. Will be in the form "MM/YY" e.g. "12/14"
Amount	N	13	The amount, in minor currency, of the transaction that was processed
CurrencyCode	N	3	The currency code of the transaction that was processed. ISO 4217 e.g. GBP: 826
OrderID	A	50	The order ID of the transaction that was processed. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType	-	-	The transaction type of the transaction that was processed. Will be either SALE or PREAUTH
TransactionDateTime	DT	-	The date & time (as seen by the gateway server) of the transaction. Will be in the form "YYYY-MM-DD HH:MM:SS ±OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
OrderDescription	A	256	The order description of the transaction that was processed. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount	N	15	The line items' sales tax amount as it was submitted to the gateway
LineItemSalesTaxDescription	A	50	The line items' sales tax description as it was submitted to the gateway
LineItemQuantity	N	15	A single line item's quantity as it was submitted to the gateway
LineItemAmount	N	15	A single line item's amount as it was submitted to the gateway
LineItemDescription	A	100	A single line item's description as it was submitted to the gateway
CustomerName	A	100	The name of the customer as it was submitted to the gateway
Address1	A	100	Customer's billing address line 1 as it was submitted to the gateway
Address2	A	50	Customer's billing address line 2 as it was submitted to the gateway
Address3	A	50	Customer's billing address line 3 as it was submitted to the gateway
Address4	A	50	Customer's billing address line 4 as it was submitted to the gateway
City	A	50	Customer's billing city as it was submitted to the gateway
State	A	50	Customer's billing state as it was submitted to the gateway
PostCode	A	50	Customer's billing post code as it was submitted to the gateway
CountryCode	N	3	Customer's billing country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
EmailAddress	A	100	Customer's email address as it was submitted to the gateway.
PhoneNumber	A	30	Customer's phone number as it was submitted to the gateway.
DateOfBirth	A	10	The date of birth of the customer as it was submitted to the gateway. Should be in the format yyyy-mm-dd (e.g. 1983-11-20)
ShippingName	A	100	The shipping name of the customer as it was submitted to the gateway
ShippingAddress1	A	100	Customer's shipping address line 1 as it was submitted to the gateway
ShippingAddress2	A	50	Customer's shipping address line 2 as it was submitted to the gateway
ShippingAddress3	A	50	Customer's shipping address line 3 as it was submitted to the gateway
ShippingAddress4	A	50	Customer's shipping address line 4 as it was submitted to the gateway
ShippingCity	A	50	Customer's shipping city as it was submitted to the gateway
ShippingState	A	50	Customer's shipping state as it was submitted to the gateway
ShippingPostCode	A	50	Customer's shipping post code as it was submitted to the gateway
ShippingCountryCode	N	3	Customer's shipping country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
ShippingEmailAddress	A	100	Customer's shipping email address as it was submitted to the gateway.
ShippingPhoneNumber	A	30	Customer's shipping phone number as it was submitted to the gateway.
PrimaryAccountName	A	100	The name of the primary account holder (used for MCC 6012 accounts only)
PrimaryAccountNumber	A	50	The account number of the primary account (used for MCC 6012 accounts only)
PrimaryAccountDateOfBirth	A	10	The date of birth of the primary account holder (used for MCC 6012 accounts only). Will be in the format yyyy-mm-dd (e.g. 1983-11-20)
PrimaryAccountPostCode	A	50	The post code of the primary account holder (used for MCC 6012 accounts only)