{{title}}

In this tutorial, we will cover the standard implementation requirements for SecureFrame.

Implementing SecureFrame requires sending through a mandatory set of HTML form fields from your website to SecurePay via the GET or POST methods. Please note that POST is the preferred method.

In this tutorial you will observe the following:

  1. An overview of the steps taken in the standard processing of SecureFrame payments.
  2. Requirements for the SHA1 Fingerprint that your website must generate and send through to SecureFrame.
  3. Mandatory fields required for the standard implementation of SecureFrame.
  4. The result page that is returned based on a standard SecureFrame payment request.

Requirements

It is recommended that a resource with web site, HTML and application programming experience implements SecureFrame.

You will require a SecurePay account to process test and live payments through your own individual account. If you don't have a SecurePay account, you can apply for an account or use the following details to test integration.

Merchant ID: ABC0001
Test API transaction password: abc123

You can view any test payments you have processed using these details by logging in to the test account as per below:

Login URL: https://testlogin.securepay.com.au/v3/

Merchant ID – ABC
Username – test
Password – abc1234!!

Technical Overview

Below is an overview of the steps in the standard processing of SecureFrame payments.

Step 1 - Your customer completes the checkout process on your website’s online store.
Step 2 - A Fingerprint is generated in your website code by a SHA1 hash. This is comprised of your SecurePay Merchant ID, transaction password, transaction type, transaction reference, the payment amount and a timestamp. This value is then presented on the SecureFrame payment page as a hidden field along with the other mandatory request fields.
Step 3 - Your website sends the customer to the SecureFrame payment page.
Step 4 - The SecureFrame receipt page is displayed to the customer.
Step 5 - Your customer is returned to your online store.

All HTML fields included in the form must occur between the following "form" tags:

 <form method="post" action="https://...">
  ...
  </form>

Any HTML form tags may be used to submit information to SecureFrame with a name/value data pair. However the information outlined here primarily deals with the "input" tag.

Step 1: Customer completes the checkout process

Your customer completes the checkout process within a shopping cart or application on your website. The order number and total amount of your customer’s purchase will make up two of the mandatory input fields required to be submitted to SecureFrame for payment processing. All mandatory fields are listed in Step 3.

Step 2: Generate the Fingerprint

The Fingerprint is a protected record of the amount to be paid and it must be generated and then included as an input field to SecureFrame. It prevents a customer modifying the transaction details when submitting their card information.
The Fingerprint is a SHA1 hash of the mandatory fields, plus the SecurePay Transaction Password in this order with a pipe separator "|":

Example: Setting the Fingerprint

Fields joined with a | separator:
merchant_id|transactionpassword|txn_type|primary_ref|amount|fp_timestamp

ABC0001|abc123|0|Test Reference|100|20140520221931

SHA1 the above string:
e6d9a806715ebe0dda16199d6fd41ff4cd914d75

Include this string as a hidden field to be sent to the payment page:
<input type="hidden" name="fingerprint" value="e6d9a806715ebe0dda16199d6fd41ff4cd914d75">

For methods of generating a SHA1 hash in your language please visit:
http://code.wikia.com/wiki/SHA_checksum

Step 3: Send the customer to the SecureFrame payment page

Transaction URLs

You must submit the mandatory set of HTML fields to one of the following SecureFrame URLs for payment processing. Which URL you use will depend on whether you are submitting to SecureFrame’s test or live environment.

Test URL:
<form method="post" action=" https://payment.securepay.com.au/test/v2/invoice>

Live URL:
<form method="post" action=" https://payment.securepay.com.au/live/v2/invoice>

Mandatory Request Fields

The following example contains the mandatory URLs and form fields that must be sent to SecureFrame. These fields are defined in the SecureFrame Reference section.

When the form on your website is submitted, the customer is taken to the secure payment page hosted by SecureFrame. An example is shown in Figure 1.

Payment Details example

Figure 1: An example SecureFrame payment page.

Step 4: Display the receipt to the customer

Once the customer enters their card details and clicks Continue and Make Payment , the transaction will process and the result data will be displayed to the customer in real-time.

By default, SecurePay will display the receipt page to the customer containing the transaction result. An example is shown in Figure 2.

You can also choose to display your own receipt page to the customer.

Payment receipt details

Figure 2: An example SecureFrame receipt page.


SecureFrame can also return a set of result parameters back to your website’s back-end system to update your database with the customer’s order information.

This is covered in the next tutorial, Receiving result data