• Required variable: HashDigest is missing
  • Required variable: MerchantID is missing
  • Required variable: Amount is missing
  • Required variable: CurrencyCode is missing
  • Required variable: OrderID is missing
  • Required variable: TransactionType is missing
  • Required variable: TransactionDateTime is missing
  • Required variable: CallbackURL is missing
  • Required variable: CardName is missing
  • Required variable: CardNumber is missing
  • Required variable: ExpiryDateMonth is missing
  • Required variable: ExpiryDateYear is missing
If you would like to use the transparent redirect payment form helper page please follow this link:

Transparent Redirect Payment Form Helper Page
Request Variables
Form Variable NameForm Variable Value
No form variables posted to payment form
Query String Variable NameQuery String Variable Value
No Query String variables posted to payment form
"Initial Request" Input Variables
Below is a description of the variables that comprise the input API of the payment form. This request may yield either a 3D Secure "Authication Required" response or a "Payment Complete" response.
Variable Name Data Type Max Length Mandatory Comments
HashDigest A - Yes A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID A 15 Yes The merchant ID that corresponds to the gateway account the transaction will be run through. NOTE: If this variable is not present, then the skinning of the payment form will not happen
Amount N 13 Yes The transaction amount in minor currency - e.g. for £10.00, it must be submitted as 1000. The amount value must be greater than zero
CurrencyCode N 3 Yes The currency of the transaction. ISO 4217 e.g. GBP: 826
EchoAVSCheckResult B true/false Yes Instructs the payment form to include the AVS check result of the transaction in the output variables
EchoCV2CheckResult B true/false Yes Instructs the payment form to include the CV2 check result of the transaction in the output variables
EchoThreeDSecureAuthenticationCheckResult B true/false Yes Instructs the payment form to include the 3D Secure check result of the transaction in the output variables
EchoFraudProtectionCheckResult B true/false Yes Instructs the payment form to include the Fraud protection check result of the transaction in the output variables
EchoCardType B true/false Yes Instructs the payment form to include the card type of the transaction in the output variables
EchoCardNumberFirstSix B true/false No Instructs the payment form to include the first 6 digits of the card number of the transaction in the output variables
EchoCardNumberLastFour B true/false No Instructs the payment form to include the last 4 digits of the card number of the transaction in the output variables
EchoCardExpiryDate B true/false No Instructs the payment form to include the expiry date of the card of the transaction in the output variables
AVSOverridePolicy A 4 No Sets the override AVS checking policy for this transaction
CV2OverridePolicy A 2 No Sets the CV2 checking policy for this transaction
ThreeDSecureOverridePolicy B true/false No Instructs the payment form to enable/disable the 3D Secure checking for this transaction (where possible)
OrderID A 50 Yes A merchant side ID for the order - primarily used to for determining duplicate transactions. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType - - Yes Must be either SALE or PREAUTH
TransactionDateTime DT - Yes The date & time (as seen by the merchant's server) of the transaction. Needs to be in the form "YYYY-MM-DD HH:MM:SS +OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
CallbackURL A - Yes The URL of the page on the merchant's site that the results of the transaction will be posted back to (see section below)
OrderDescription A 256 No A description for the order. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount N 15 No The sales tax amount for the line items. Note: LineItem detals must be complete and if one variable is present all the other LineItem variables must be included as well
LineItemSalesTaxDescription A 50 No The sales tax description for the line items. Note: LineItem detals must be complete and if one variable is present all the other LineItem variables must be included as well
LineItemQuantity N 15 No The quantity of a single line item. Note: multiple LineItems can be passed to the payment form by indexing the variable name, eg: LineItem1Quantity
LineItemAmount N 15 No The amount of a single line item. Note: multiple LineItems can be passed to the payment form by indexing the variable name, eg: LineItem1Amount
LineItemDescription A 100 No The description of a single line item. Note: multiple LineItems can be passed to the payment form by indexing the variable name, eg: LineItem1Description
Address1 A 100 No Customer's billing address line 1
Address2 A 50 No Customer's billing address line 2
Address3 A 50 No Customer's billing address line 3
Address4 A 50 No Customer's billing address line 4
City A 50 No Customer's billing address city
State A 50 No Customer's billing address state
PostCode A 50 No Customer's billing address post code
CountryCode N 3 No Customer's billing country code. ISO 3166-1 e.g. United Kingdom: 826
EmailAddress A 100 No Customer's email address
PhoneNumber A 30 No Customer's phone number
DateOfBirth A 10 No The date of birth of the customer. Should be in the format yyyy-mm-dd (e.g. 1983-11-20)
ShippingName A 100 No Customer's shipping name
ShippingAddress1 A 100 No Customer's shipping address line 1
ShippingAddress2 A 50 No Customer's shipping address line 2
ShippingAddress3 A 50 No Customer's shipping address line 3
ShippingAddress4 A 50 No Customer's shipping address line 4
ShippingCity A 50 No Customer's shipping address city
ShippingState A 50 No Customer's shipping address state
ShippingPostCode A 50 No Customer's shipping address post code
ShippingCountryCode N 3 No Customer's shipping country code. ISO 3166-1 e.g. United Kingdom: 826
ShippingEmailAddress A 100 No Customer's shipping email address
ShippingPhoneNumber A 30 No Customer's shipping phone number
CardName A 100 Yes The cardholder's name as it appears on the front of the card
CardNumber A 19 Yes The full card number as it appears on the front of the card
ExpiryDateMonth A 2 Yes The first 2 digits from the card's expiry date representing the month part of the expiry date e.g. 02/12 where 02 is the card's expiry month
ExpiryDateYear A 2 Yes The last 2 digits from the card's expiry date representing the year part of the expiry date e.g. 02/12 where 12 is the card's expiry year of 2012
StartDateMonth A 2 No The first 2 digits from the card's start date representing the month part of the start date e.g. 01/09 where 01 is the card's start month
StartDateYear A 2 No The last 2 digits from card's start date representing the year part of the start date e.g. 01/09 where 09 is the card's start year of 2009
IssueNumber A 2 No The card's issue number as it appears on the front on the card
CV2 N 3 No The card's CV2 number
ResultDeliveryMethod A POST
SERVER
SERVER_PULL		 Yes The delivery method of the payment result, either POST, SERVER or SERVER_PULL. POST will deliver the full results via the customer's browser as a form post back to the CallbackURL. With both SERVER and SERVER_PULL the results exchanged directly between the merchant's site and the payment form (removing the browser completely out of the process). With SERVER, the results are PUSHED TO the ServerResultURL on the merchant's webshop BEFORE the customer is redirected back to the webshop, and with SERVER_PULL, the results will be pulled from the payment form by the merchant's webshop AFTER the customer has been redirected back to the webshop
ServerResultURL A - Conditional The merchant's external server URL used for SERVER result delivery method
PrimaryAccountName A 100 No The name of the primary account holder (used for MCC 6012 accounts only)
PrimaryAccountNumber A 50 No The account number of the primary account (used for MCC 6012 accounts only)
PrimaryAccountDateOfBirth A 10 No The date of birth of the primary account holder (used for MCC 6012 accounts only). Should be in the format yyyy-mm-dd (e.g. 1983-11-20)
PrimaryAccountPostCode A 50 No The post code of the primary account holder (used for MCC 6012 accounts only)
"Initial Request" Incoming Hash Digest
Below is the order that the variables should be listed when creating the hash digest. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED)
Variable Name Mandatory Comments
PreSharedKey See comments The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed - if it is present in these cases (even as an empty string), then an error will be thrown
MerchantID Yes
Password Yes
Amount Yes
CurrencyCode Yes
EchoAVSCheckResult Yes Must be included as "EchoAVSCheckResult=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
EchoCV2CheckResult Yes Must be included as "EchoCV2CheckResult=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
EchoThreeDSecureAuthenticationCheckResult Yes Must be included as "EchoThreeDSecureAuthenticationCheckResult=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
EchoFraudProtectionCheckResult Yes Must be included as "EchoFraudProtectionCheckResult=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
EchoCardType Yes Must be included as "EchoCardType=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
EchoCardNumberFirstSix Yes Must be included as "EchoCardNumberFirstSix=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
EchoCardNumberLastFour Yes Must be included as "EchoCardNumberLastFour=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
EchoCardExpiryDate Yes Must be included as "EchoCardExpiryDate=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
AVSOverridePolicy Yes Must be included as "AVSOverridePolicy=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CV2OverridePolicy Yes Must be included as "CV2OverridePolicy=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ThreeDSecureOverridePolicy Yes Must be included as "ThreeDSecureOverridePolicy=" if empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
OrderID Yes Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType Yes
TransactionDateTime Yes
CallbackURL Yes
OrderDescription Yes Must be included as "OrderDescription=" if not submitted or empty in the form. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount No Must be included as "LineItemSalesTaxAmount=" if not submitted or empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemSalesTaxDescription No Must be included as "LineItemSalesTaxDescription =" if not submitted or empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemQuantity No Must be included as "LineItemQuantity=" if not submitted or empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility). When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
LineItemAmount No Must be included as "LineItemAmount=" if not submitted or empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility). When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
LineItemDescription No Must be included as "LineItemDescription=" if not submitted or empty in the form. NOT included in the hash if not present in the form (only for backwards compatibility). When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
ResultDeliveryMethod Yes Must be included as "ResultDeliveryMethod=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
ServerResultURL Yes Must be included as "ServerResultURL=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
PrimaryAccountName Yes Must be included as "PrimaryAccountName=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
PrimaryAccountNumber Yes Must be included as "PrimaryAccountNumber=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
PrimaryAccountDateOfBirth Yes Must be included as "PrimaryAccountDateOfBirth=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
PrimaryAccountPostCode Yes Must be included as "PrimaryAccountPostCode=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
3D Secure "Authentication Required" Output Variables
Below is a description of the variables that will be posted to the merchant's CallbackURL when the cardholder needs to authenticate themselves directly with their bank. This will be returned in response to the inital payment request.
Variable Name Data Type Max Length Comments
HashDigest A - A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID A 15 The merchant ID that was used to process the transaction
StatusCode N - This indicates the status of the transaction
Message A - This is the message returned by the gateway
CrossReference A 25 The cross reference of the transaction returned by the gateway
OrderID A - The OrderID representing the transcation. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionDateTime DT - The date & time (as seen by the gateway server) of the transaction. Will be in the form "YYYY-MM-DD HH:MM:SS +OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
ACSURL A - If the card has been determined as requiring 3D Secure authentication, this gives the URL of the ACS server that the PaREQ must be sent to
PaREQ A - If the card has been determined as requiring 3D Secure authentication, this gives the base64 encoded payment request that must be passed to the ACS for authentication. This must be sent to the ACS as "PaReq"
3D Secure "Authentication Required" Outgoing Hash Digest
Below is the order that the variables will be listed when creating the 3D Secure "authentication required" payment response hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with
Variable Name Mandatory Comments
PreSharedKey See comments The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID Yes
Password Yes
StatusCode Yes
Message Yes
CrossReference Yes
OrderID Yes Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionDateTime Yes
ACSURL Yes
PaREQ Yes
3D Secure "Post Authentication" Input Variables
Below is a description of the variables that comprise the input API of the 3D Secure authentication portion of the payment form. This request will be sent after the cardholder has authenticated themselves directly with their bank, and will yield a "Payment Complete" output response.
Variable Name Data Type Max Length Comments
HashDigest A - A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID A 15 The merchant ID that was used to process the transaction
CrossReference A 25 This is the unique cross reference for this transaction. If the transaction was determined to be a duplicate transaction, this value will hold the cross reference of the previous transaction, which this transaction was deemed a duplicate of
TransactionDateTime DT - The date & time (as seen by the merchant's server) of the transaction. Needs to be in the form "YYYY-MM-DD HH:MM:SS +OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
CallbackURL A - The URL of the page on the merchant's site that the results of the transaction will be posted back to (see section below)
PaRES A - The base64 encoded payment response (PaRES) string returned by the interaction with the ACS server
ResultDeliveryMethod A POST
SERVER
SERVER_PULL		 The delivery method of the payment result, either POST, SERVER or SERVER_PULL. POST will deliver the full results via the customer's browser as a form post back to the CallbackURL. With both SERVER and SERVER_PULL the results exchanged directly between the merchant's site and the payment form (removing the browser completely out of the process). With SERVER, the results are PUSHED TO the ServerResultURL on the merchant's webshop BEFORE the customer is redirected back to the webshop, and with SERVER_PULL, the results will be pulled from the payment form by the merchant's webshop AFTER the customer has been redirected back to the webshop
ServerResultURL A - The merchant's external server URL used for SERVER result delivery method
3D Secure "Post Authentication" Incoming Hash Digest
Below is the order that the variables should be listed when creating the 3D Secure authentication request hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with
Variable Name Mandatory Comments
PreSharedKey See comments The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID Yes
Password Yes
CrossReference Yes
TransactionDateTime Yes
CallbackURL Yes
PaRES Yes
ResultDeliveryMethod Yes Must be included as "ResultDeliveryMethod=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
ServerResultURL Yes Must be included as "ServerResultURL=" if empty in the form. NOT included in the hash if not present in the form (only for backward compatibility)
POST API Documentation
"Payment Complete" Output Variables
Below is a description of the variables will be posted to the merchant's CallbackURL. These comprise the "Payment Complete" output API of the payment form
Variable Name Data Type Max Length Comments
HashDigest A - A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID A 15 The merchant ID that was used to process the transaction
StatusCode N - This indicates the status of the transaction:
  • 0: transaction successful
  • 5: card referred
  • 5: card declined
  • 20: duplicate transaction
  • 30: exception
Message A 512 This gives a more detailed description of the status of the transaction
PreviousStatusCode N - If the transaction was deemed to be a duplicate transaction, this indicates the status of the previous transaction
PreviousMessage A 512 If the transaction was deemed to be a duplicate transaction, this gives a more detailed description of the status of the previous transaction
CrossReference A 25 This is the unique cross reference for this transaction. If the transaction was determined to be a duplicate transaction, this value will hold the cross reference of the previous transaction, which this transaction was deemed a duplicate of
AddressNumericCheckResult A - If requested (input variable "EchoAVSCheckResult = true") this gives the results of the address numeric check - will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
PostCodeCheckResult A - If requested (input variable "EchoAVSCheckResult = true") this gives the results of the post code check - will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
CV2CheckResult A - If requested (input variable "EchoCV2CheckResult = true") this gives the results of the CV2 check - will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
ThreeDSecureAuthenticationCheckResult A - If 3D Secure policy is enabled (input variable "ThreeDSecureOverridePolicy = true") this will give the the results of the 3D Secure check
FraudProtectionCheckResult A - If requested (input variable "EchoFraudProtectionCheckResult = true") this gives the results of the Fraud protection check - will be PASSED, FAILED, CHALLENGE or ERROR
CardType A - If requested (input variable "EchoCardType = true") this gives the card type of the transaction
CardClass A - If requested (input variable "EchoCardType = true") this gives the card class of the transaction
CardIssuer A - If requested (input variable "EchoCardType = true") this gives the card issuer (if known)
CardIssuerCountryCode N 3 If requested (input variable "EchoCardType = true") this gives the 3 digit code of the country the card was issued in (if known)
CardNumberFirstSix N 6 If requested (input variable "EchoCardNumberFirstSix = true") this gives the first 6 digits of the card number of the transaction
CardNumberLastFour N 4 If requested (input variable "EchoCardNumberLastFour = true") this gives the last 4 digits of the card number of the transaction
CardExpiryDate DT 5 If requested (input variable "EchoCardExpiryDate = true") this gives the expiry date of the card of the transaction. Will be in the form "MM/YY" e.g. "12/14"
Amount N 13 The amount, in minor currency, of the transaction that was processed
CurrencyCode N 3 The currency code of the transaction that was processed. ISO 4217 e.g. GBP: 826
OrderID A 50 The order ID of the transaction that was processed. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType - - The transaction type of the transaction that was processed. Will be either SALE or PREAUTH
TransactionDateTime DT - The date & time (as seen by the gateway server) of the transaction. Will be in the form "YYYY-MM-DD HH:MM:SS +OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
OrderDescription A 256 The order description of the transaction that was processed. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount N 15 The line items' sales tax amount as it was submitted to the gateway
LineItemSalesTaxDescription A 50 The line items' sales tax description as it was submitted to the gateway
LineItemQuantity N 15 A single line item's quantity as it was submitted to the gateway. When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
LineItemAmount N 15 A single line item's amount as it was submitted to the gateway. When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
LineItemDescription A 100 A single line item's description as it was submitted to the gateway. When including multiple LineItems in the hash, a single complete LineItem must be added followed by the next group of LineItems, eg: LineItem0Quantity, LineItem0Amount, LineItem0Description, LineItem1Quantity, LineItem1Amount, LineItem1Description
Address1 A 100 Customer's billing address line 1 as it was submitted to the gateway
Address2 A 50 Customer's billing address line 2 as it was submitted to the gateway
Address3 A 50 Customer's billing address line 3 as it was submitted to the gateway
Address4 A 50 Customer's billing address line 4 as it was submitted to the gateway
City A 50 Customer's billing city as it was submitted to the gateway
State A 50 Customer's billing state as it was submitted to the gateway
PostCode A 50 Customer's billing post code as it was submitted to the gateway
CountryCode N 3 Customer's billing country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
EmailAddress A 100 The customer's email address as it was submitted to the gateway
PhoneNumber A 30 The customer's phone number as it was submitted to the gateway
DateOfBirth A 10 The customer's date of birth as it was submitted to the gateway
ShippingName A 100 Customer's shipping name
ShippingAddress1 A 100 Customer's shipping address line 1 as it was submitted to the gateway
ShippingAddress2 A 50 Customer's shipping address line 2 as it was submitted to the gateway
ShippingAddress3 A 50 Customer's shipping address line 3 as it was submitted to the gateway
ShippingAddress4 A 50 Customer's shipping address line 4 as it was submitted to the gateway
ShippingCity A 50 Customer's shipping city as it was submitted to the gateway
ShippingState A 50 Customer's shipping state as it was submitted to the gateway
ShippingPostCode A 50 Customer's shipping post code as it was submitted to the gateway
ShippingCountryCode N 3 Customer's shipping country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
ShippingEmailAddress A 100 The customer's shipping email address as it was submitted to the gateway
ShippingPhoneNumber A 30 The customer's shipping phone number as it was submitted to the gateway
"Payment Complete" Outgoing Hash Digest
Below is the order that the variables will be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with
Variable Name Mandatory Comments
PreSharedKey See comments The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID Yes
Password Yes
StatusCode Yes
Message Yes
PreviousStatusCode Yes Must be included as "PreviousStatusCode=" if an empty variable in the form
PreviousMessage Yes Must be included as "PreviousMessage=" if an empty variable in the form
CrossReference Yes
AddressNumericCheckResult Yes Must be included as "AddressNumericCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PostCodeCheckResult Yes Must be included as "PostCodeCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CV2CheckResult Yes Must be included as "CV2CheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ThreeDSecureAuthenticationCheckResult Yes Must be included as "ThreeDSecureAuthenticationCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
FraudProtectionCheckResult Yes Must be included as "FraudProtectionCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardType Yes Must be included as "CardType=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardClass Yes Must be included as "CardClass=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuer Yes Must be included as "CardIssuer=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuerCountryCode Yes Must be included as "CardIssuerCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberFirstSix Yes Must be included as "CardNumberFirstSix=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberLastFour Yes Must be included as "CardNumberLastFour=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardExpiryDate Yes Must be included as "CardExpiryDate=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
Amount Yes
CurrencyCode Yes
OrderID Yes Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType Yes
TransactionDateTime Yes
OrderDescription Yes Must be included as "OrderDescription=" if an empty variable in the form. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount No Must be included as "LineItemSalesTaxAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemSalesTaxDescription No Must be included as "LineItemSalesTaxDescription =" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemQuantity No Must be included as "LineItemQuantity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemAmount No Must be included as "LineItemAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemDescription No Must be included as "LineItemDescription=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
Address1 Yes Must be included as "Address1=" if an empty variable in the form
Address2 Yes Must be included as "Address2=" if an empty variable in the form
Address3 Yes Must be included as "Address3=" if an empty variable in the form
Address4 Yes Must be included as "Address4=" if an empty variable in the form
City Yes Must be included as "City=" if an empty variable in the form
State Yes Must be included as "State=" if an empty variable in the form
PostCode Yes Must be included as "PostCode=" if an empty variable in the form
CountryCode Yes Must be included as "CountryCode=" if an empty variable in the form
EmailAddress Yes Must be included as "EmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PhoneNumber Yes Must be included as "PhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
DateOfBirth Yes Must be included as "DateOfBirth=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingName Yes Must be included as "ShippingName=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress1 Yes Must be included as "ShippingAddress1=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress2 Yes Must be included as "ShippingAddress2=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress3 Yes Must be included as "ShippingAddress3=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress4 Yes Must be included as "ShippingAddress4=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCity Yes Must be included as "ShippingCity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingState Yes Must be included as "ShippingState=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPostCode Yes Must be included as "ShippingPostCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCountryCode Yes Must be included as "ShippingCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingEmailAddress Yes Must be included as "ShippingEmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPhoneNumber Yes Must be included as "ShippingPhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
SERVER API Documentation
Request Variables Pushed To Merchant's External Server (ServerResultURL)
These are the transaction result variables that are PUSHED to the merchant's external server (ServerResultURL) after the transaction has been processed, but before the customer is redirected back to the merchant's webshop.
Variable Name Data Type Max Length Comments
HashDigest A - A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID A 15 The merchant ID that was used to process the transaction
StatusCode N- This indicates the status of the transaction:
  • 0: transaction successful
  • 4: card referred
  • 5: card declined
  • 20: duplicate transaction
  • 30: exception
Message A 512 This gives a more detailed description of the status of the transaction
PreviousStatusCode N - If the transaction was deemed to be a duplicate transaction, this indicates the status of the previous transaction
PreviousMessage A 512 If the transaction was deemed to be a duplicate transaction, this gives a more detailed description of the status of the previous transaction
CrossReference A 24 This is the unique cross reference for this transaction. If the transaction was determined to be a duplicate transaction, this value will hold the cross reference of the previous transaction (which this transaction was deemed a duplicate of)
AddressNumericCheckResult A - If requested (input variable "EchoAVSCheckResult = true") this gives the results of the address numeric check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
PostCodeCheckResult A - If requested (input variable "EchoAVSCheckResult = true") this gives the results of the post code check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
CV2CheckResult A - If requested (input variable "EchoCV2CheckResult = true") this gives the results of the CV2 check – will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
ThreeDSecureAuthenticationCheckResult A - If requested (input variable "EchoThreeDSecureAuthenticationCheckResult = true") this gives the results of the 3D Secure check - will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
FraudProtectionCheckResult A - If requested (input variable "EchoFraudProtectionCheckResult = true") this gives the results of the Fraud protection check – will be PASSED, FAILED, CHALLENGE or ERROR
CardType A - If requested (input variable "EchoCardType = true") this gives the card type of the transaction
CardClass A - If requested (input variable "EchoCardType = true") this gives the card class of the transaction
CardIssuer A - If requested (input variable "EchoCardType = true") this gives the card issuer (if known)
CardIssuerCountryCode N 3 If requested (input variable "EchoCardType = true") this gives the 3 digit code of the country the card was issued in (if known)
CardNumberFirstSix N 6 If requested (input variable "EchoCardNumberFirstSix = true") this gives the first 6 digits of the card number of the transaction
CardNumberLastFour N 4 If requested (input variable "EchoCardNumberLastFour = true") this gives the last 4 digits of the card number of the transaction
CardExpiryDate DT 5 If requested (input variable "EchoCardExpiryDate = true") this gives the expiry date of the card of the transaction. Will be in the form "MM/YY" e.g. "12/14"
Amount N 13 The amount, in minor currency, of the transaction that was processed
CurrencyCode N 3 The currency code of the transaction that was processed. ISO 4217 e.g. GBP: 826
OrderID A 50 The order ID of the transaction that was processed. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType - - The transaction type of the transaction that was processed. Will be either SALE or PREAUTH
TransactionDateTime DT - The date & time (as seen by the gateway server) of the transaction. Will be in the form "YYYY-MM-DD HH:MM:SS ±OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
OrderDescription A 256 The order description of the transaction that was processed. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount N 15 The line items' sales tax amount as it was submitted to the gateway
LineItemSalesTaxDescription A 50 The line items' sales tax description as it was submitted to the gateway
LineItemQuantity N 15 A single line item's quantity as it was submitted to the gateway
LineItemAmount N 15 A single line item's amount as it was submitted to the gateway
LineItemDescription A 100 A single line item's description as it was submitted to the gateway
CustomerName A 100 The name of the customer as it was submitted to the gateway
Address1 A 100 Customer's billing address line 1 as it was submitted to the gateway
Address2 A 50 Customer's billing address line 2 as it was submitted to the gateway
Address3 A 50 Customer's billing address line 3 as it was submitted to the gateway
Address4 A 50 Customer's billing address line 4 as it was submitted to the gateway
City A 50 Customer's billing city as it was submitted to the gateway
State A 50 Customer's billing state as it was submitted to the gateway
PostCode A 50 Customer's billing post code as it was submitted to the gateway
CountryCode N 3 Customer's billing country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
EmailAddress A 100 The customer's email address as it was submitted to the gateway
PhoneNumber A 30 The customer's phone number as it was submitted to the gateway
DateOfBirth A 10 The customer's date of birth as it was submitted to the gateway
ShippingName A 100 The shipping name of the customer as it was submitted to the gateway
ShippingAddress1 A 100 Customer's shipping address line 1 as it was submitted to the gateway
ShippingAddress2 A 50 Customer's shipping address line 2 as it was submitted to the gateway
ShippingAddress3 A 50 Customer's shipping address line 3 as it was submitted to the gateway
ShippingAddress4 A 50 Customer's shipping address line 4 as it was submitted to the gateway
ShippingCity A 50 Customer's shipping city as it was submitted to the gateway
ShippingState A 50 Customer's shipping state as it was submitted to the gateway
ShippingPostCode A 50 Customer's shipping post code as it was submitted to the gateway
ShippingCountryCode N 3 Customer's shipping country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
ShippingEmailAddress A 100 The customer's shipping email address as it was submitted to the gateway
ShippingPhoneNumber A 30 The customer's shipping phone number as it was submitted to the gateway
PrimaryAccountName A 100 The name of the primary account holder as it was submitted to the gateway
PrimaryAccountNumber A 50 The account number of the primary account as it was submitted to the gateway
PrimaryAccountDateOfBirth A 10 The date of birth of the primary account holder as it was submitted to the gateway
PrimaryAccountPostCode A 50 The post code of the primary account holder as it was submitted to the gateway
Request Hash Digest Pushed To Merchant's External Server (ServerResultURL)
Below is the order that the variables should be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with
Variable Name Mandatory Comments
PreSharedKey See comments The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID Yes
Password Yes
StatusCode Yes
Message Yes
PreviousStatusCode Yes Must be included as "PreviousStatusCode=" if an empty variable in the form
PreviousMessage Yes Must be included as "PreviousMessage=" if an empty variable in the form
CrossReference Yes
AddressNumericCheckResult Yes Must be included as "AddressNumericCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PostCodeCheckResult Yes Must be included as "PostCodeCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CV2CheckResult Yes Must be included as "CV2CheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ThreeDSecureAuthenticationCheckResult Yes Must be included as "ThreeDSecureAuthenticationCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
FraudProtectionCheckResult Yes Must be included as "FraudProtectionCheckResult=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardType Yes Must be included as "CardType=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardClass Yes Must be included as "CardClass=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuer Yes Must be included as "CardIssuer=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardIssuerCountryCode Yes Must be included as "CardIssuerCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberFirstSix Yes Must be included as "CardNumberFirstSix=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardNumberLastFour Yes Must be included as "CardNumberLastFour=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CardExpiryDate Yes Must be included as "CardExpiryDate=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
Amount Yes
CurrencyCode Yes
OrderID Yes Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType Yes
TransactionDateTime Yes
OrderDescription Yes Must be included as "OrderDescription=" if an empty variable in the form. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount No Must be included as "LineItemSalesTaxAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemSalesTaxDescription No Must be included as "LineItemSalesTaxDescription =" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemQuantity No Must be included as "LineItemQuantity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemAmount No Must be included as "LineItemAmount=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
LineItemDescription No Must be included as "LineItemDescription=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
CustomerName Yes Must be included as "CustomerName=" if an empty variable in the form
Address1 Yes Must be included as "Address1=" if an empty variable in the form
Address2 Yes Must be included as "Address2=" if an empty variable in the form
Address3 Yes Must be included as "Address3=" if an empty variable in the form
Address4 Yes Must be included as "Address4=" if an empty variable in the form
City Yes Must be included as "City=" if an empty variable in the form
State Yes Must be included as "State=" if an empty variable in the form
PostCode Yes Must be included as "PostCode=" if an empty variable in the form
CountryCode Yes Must be included as "CountryCode=" if an empty variable in the form
EmailAddress Yes Must be included as "EmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PhoneNumber Yes Must be included as "PhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
DateOfBirth Yes Must be included as "DateOfBirth=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingName Yes Must be included as "ShippingName=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress1 Yes Must be included as "ShippingAddress1=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress2 Yes Must be included as "ShippingAddress2=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress3 Yes Must be included as "ShippingAddress3=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingAddress4 Yes Must be included as "ShippingAddress4=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCity Yes Must be included as "ShippingCity=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingState Yes Must be included as "ShippingState=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPostCode Yes Must be included as "ShippingPostCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingCountryCode Yes Must be included as "ShippingCountryCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingEmailAddress Yes Must be included as "ShippingEmailAddress=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
ShippingPhoneNumber Yes Must be included as "ShippingPhoneNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountName Yes Must be included as "PrimaryAccountName=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountNumber Yes Must be included as "PrimaryAccountNumber=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountDateOfBirth Yes Must be included as "PrimaryAccountDateOfBirth=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
PrimaryAccountPostCode Yes Must be included as "PrimaryAccountPostCode=" if an empty variable in the form. NOT included in the hash if not present in the form (only for backwards compatibility)
Expected Response From Merchant's External Server (ServerResultURL)
These are the response variables from the merchant's external server (ServerResultURL). NOTE: the merchant's server MUST adhere to this specification. If the payment form CANNOT be sure that the results were delivered to the merchant's system, it WILL NOT redirect the customer back to the merchant's webshop, and will display the transaction result to the customer directly (regardless of the value of PaymentFormDisplaysResult). If this happens, an email will be sent to the merchant detailing the transaction result
Variable Name Data Type Max Length Comments
StatusCode N - The StatusCode returned from the merchant's external server (ServerResultURL). This indicates whether the merchant's system successfully received and procesed the transaction result
Message A - In the case of a non-zero StatusCode from the merchant's system, this gives more information about the failure.
Server Output Variables
These are the output variables delivered to the merchant's CallbackURL after the transaction has been processed. These variables will be delivered as query string variables on the URL.
Variable Name Data Type Max Length Comments
HashDigest A - A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID A 15 The merchant ID that was used to process the transaction
CrossReference A - The unique CrossReference of the transaction
OrderID A - The unique OrderID of the transaction
Server Outgoing Hash Digest
Below is the order that the variables should be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with
Variable Name Mandatory Comments
PreSharedKey See comments The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID Yes
Password Yes
CrossReference Yes
OrderID Yes
SERVER_PULL API Documentation
Server Pull Output Variables
These are the output variables delivered to the merchant's CallbackURL after the transaction has been processed. These variables will be delivered as query string variables on the URL.
Variable Name Data Type Max Length Comments
HashDigest A - A hashed string that contains all the variables passed and also data that is not passed but is known to both sides - namely the PreSharedKey and the gateway account password. (see section below)
MerchantID A 15 The merchant ID that was used to process the transaction
CrossReference A 24 This is the unique cross reference for the transaction
OrderID A 50 The order ID of the transaction that was processed
Server Pull Outgoing Hash Digest
Below is the order that the variables should be listed when creating the hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. "variable1=value&variable2=value&variable3=value"). The variable names and values are case-sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with
Variable Name Mandatory Comments
PreSharedKey See comments The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed
MerchantID Yes
Password Yes
CrossReference Yes
OrderID Yes
Server Pull Request Variables
These are the request variables directly posted by the merchant's webshop to our transaction result query handler. The external URL address to send the request to is:
Variable Name Data Type Max Length Comments
MerchantID A 15 The merchant ID that was used to process the transaction
Password A - The password that corresponds to the gateway account
CrossReference A 24 This is the unique cross reference for the transaction.
EchoAVSCheckResult B true/false Instructs the transaction result query handler to include the AVS check result of the transaction in the transaction result variable list
EchoCV2CheckResult B true/false Instructs the transaction result query handler to include the CV2 check result of the transaction in the transaction result variable list
EchoThreeDSecureAuthenticationCheckResult B true/false Instructs the transaction result query handler to include the 3D Secure check result of the transaction in the transaction result variable list
EchoFraudProtectionCheckResult B true/false Instructs the transaction result query handler to include the Fraud protection check result of the transaction in the transaction result variable list
EchoCardType B true/false Instructs the transaction result query handler to include the card type of the transaction in the transaction result variable list
EchoCardNumberFirstSix B true/false Instructs the transaction result query handler to include the first 6 digits of the card number of the transaction in the transaction result variable list
EchoCardNumberLastFour B true/false Instructs the transaction result query handler to include the last 4 digits of the card number of the transaction in the transaction result variable list
EchoCardExpiryDate B true/false Instructs the transaction result query handler to include the expiry date of the card of the transaction in the transaction result variable list
Transaction Result Pull Response Variables
These are the response variables from our transaction result query handler.
Variable Name Data Type Max Length Comments
StatusCode N- This indicates the status of the transaction result query:
  • 0: success
  • 30: exception
Message A - This gives a more detailed description of the status of the transaction result query
TransactionResult A - This is the URL encoded transaction result (see below for transaction result structure). Note: If StatusCode=30 this variable will not be returned by the external sever
Server Pull Transaction Result Variables
These are the transaction result variables. These variables are used to allow the merchant to display the payment result to the customer.
Variable Name Data Type Max Length Comments
MerchantID A 15 The merchant ID that was used to process the transaction
StatusCode N- This indicates the status of the transaction:
  • 0: transaction successful
  • 4: card referred
  • 5: card declined
  • 20: duplicate transaction
  • 30: exception
Message A 512 This gives a more detailed description of the status of the transaction
PreviousStatusCode N - If the transaction was deemed to be a duplicate transaction, this indicates the status of the previous transaction
PreviousMessage A 512 If the transaction was deemed to be a duplicate transaction, this gives a more detailed description of the status of the previous transaction
CrossReference A 24 This is the unique cross reference for this transaction. If the transaction was determined to be a duplicate transaction, this value will hold the cross reference of the previous transaction (which this transaction was deemed a duplicate of)
AddressNumericCheckResult A - If requested (request variable "EchoAVSCheckResult = true") this gives the results of the address numeric check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
PostCodeCheckResult A - If requested (request variable "EchoAVSCheckResult = true") this gives the results of the post code check – will be PASSED, FAILED, PARTIAL, NOT_CHECKED or UNKNOWN
CV2CheckResult A - If requested (request variable "EchoCV2CheckResult = true") this gives the results of the CV2 check – will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
ThreeDSecureAuthenticationCheckResult A - If requested (request variable "EchoThreeDSecureAuthenticationCheckResult = true") this gives the results of the 3D Secure check - will be PASSED, FAILED, NOT_CHECKED or UNKNOWN
FraudProtectionCheckResult A - If requested (request variable "EchoFraudProtectionCheckResult = true") this gives the results of the Fraud protection check – will be PASSED, FAILED, CHALLENGE or ERROR
CardType A - If requested (request variable "EchoCardType = true") this gives the card type of the transaction
CardClass A - If requested (request variable "EchoCardType = true") this gives the card class of the transaction
CardIssuer A - If requested (request variable "EchoCardType = true") this gives the card issuer (if known)
CardIssuerCountryCode A 3 If requested (request variable "EchoCardType = true") this gives the 3 digit code of the country the card was issued in (if known)
CardNumberFirstSix N 6 If requested (request variable "EchoCardNumberFirstSix = true") this gives the first 6 digits of the card number of the transaction
CardNumberLastFour N 4 If requested (request variable "EchoCardNumberLastFour = true") this gives the last 4 digits of the card number of the transaction
CardExpiryDate DT 5 If requested (request variable "EchoCardExpiryDate = true") this gives the expiry date of the card of the transaction. Will be in the form "MM/YY" e.g. "12/14"
Amount N 13 The amount, in minor currency, of the transaction that was processed
CurrencyCode N 3 The currency code of the transaction that was processed. ISO 4217 e.g. GBP: 826
OrderID A 50 The order ID of the transaction that was processed. Note: make sure that special characters in the OrderID are properly escaped, otherwise the hash digest will not match
TransactionType - - The transaction type of the transaction that was processed. Will be either SALE or PREAUTH
TransactionDateTime DT - The date & time (as seen by the gateway server) of the transaction. Will be in the form "YYYY-MM-DD HH:MM:SS ±OO:OO", with the time in 24 hour format, where OO:OO is the offset from UTC - e.g. "2008-12-01 14:12:00 +01:00"
OrderDescription A 256 The order description of the transaction that was processed. Note: make sure that special characters in the OrderDescription are properly escaped, otherwise the hash digest will not match
LineItemSalesTaxAmount N 15 The line items' sales tax amount as it was submitted to the gateway
LineItemSalesTaxDescription A 50 The line items' sales tax description as it was submitted to the gateway
LineItemQuantity N 15 A single line item's quantity as it was submitted to the gateway
LineItemAmount N 15 A single line item's amount as it was submitted to the gateway
LineItemDescription A 100 A single line item's description as it was submitted to the gateway
CustomerName A 100 The name of the customer as it was submitted to the gateway
Address1 A 100 Customer's billing address line 1 as it was submitted to the gateway
Address2 A 50 Customer's billing address line 2 as it was submitted to the gateway
Address3 A 50 Customer's billing address line 3 as it was submitted to the gateway
Address4 A 50 Customer's billing address line 4 as it was submitted to the gateway
City A 50 Customer's billing city as it was submitted to the gateway
State A 50 Customer's billing state as it was submitted to the gateway
PostCode A 50 Customer's billing post code as it was submitted to the gateway
CountryCode N 3 Customer's billing country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
EmailAddress A 100 Customer's email address as it was submitted to the gateway.
PhoneNumber A 30 Customer's phone number as it was submitted to the gateway.
DateOfBirth A 10 The date of birth of the customer as it was submitted to the gateway. Should be in the format yyyy-mm-dd (e.g. 1983-11-20)
ShippingName A 100 The shipping name of the customer as it was submitted to the gateway
ShippingAddress1 A 100 Customer's shipping address line 1 as it was submitted to the gateway
ShippingAddress2 A 50 Customer's shipping address line 2 as it was submitted to the gateway
ShippingAddress3 A 50 Customer's shipping address line 3 as it was submitted to the gateway
ShippingAddress4 A 50 Customer's shipping address line 4 as it was submitted to the gateway
ShippingCity A 50 Customer's shipping city as it was submitted to the gateway
ShippingState A 50 Customer's shipping state as it was submitted to the gateway
ShippingPostCode A 50 Customer's shipping post code as it was submitted to the gateway
ShippingCountryCode N 3 Customer's shipping country code as it was submitted to the gateway. ISO 3166-1 e.g. United Kingdom: 826
ShippingEmailAddress A 100 Customer's shipping email address as it was submitted to the gateway.
ShippingPhoneNumber A 30 Customer's shipping phone number as it was submitted to the gateway.
PrimaryAccountName A 100 The name of the primary account holder (used for MCC 6012 accounts only)
PrimaryAccountNumber A 50 The account number of the primary account (used for MCC 6012 accounts only)
PrimaryAccountDateOfBirth A 10 The date of birth of the primary account holder (used for MCC 6012 accounts only). Will be in the format yyyy-mm-dd (e.g. 1983-11-20)
PrimaryAccountPostCode A 50 The post code of the primary account holder (used for MCC 6012 accounts only)