CRESecure HPP Integration Guide | Credit Card | Visa Inc.

HOSTED PAYMENT PAGE (HPP

)
WITH HTML CLONE™

INTEGRATION GUIDE

Copyright Information
The information contained herein is the confidential and proprietary property of CRE Secure Payments, LLC. and may not be used, distributed, modified, disclosed, or reproduced without the express written permission of CRE Secure Payments, LLC. Copyright  2009 CRE Secure Payments, LLC. All rights reserved.

Document Revision 100609

CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE

TABLE OF CONTENTS
About This Document ......................................................................................................... 1
Purpose of this Document ................................................................................................................ 1 Intended Audiences ......................................................................................................................... 1 Document Conventions .................................................................................................................... 1

Additional Resources .......................................................................................................... 2
Merchant Guides.............................................................................................................................. 2 Developer Support ........................................................................................................................... 2

Introduction ........................................................................................................................ 3 How It Works ...................................................................................................................... 4
Step-by-step of How CRE Secure HPP Works with HTML Clone Technology .................................. 4

Payment Request Form: Posting to the Hosted Payment Page............................................. 5 Merchant Payment Template Page...................................................................................... 8 Transaction Success Response Page ............................................................................... 12 Live Demos of CRE Secure HPP....................................................................................... 13 Sample of the CRE Secure HPP payment form HTML ....................................................... 13 Sample Merchant HTML Code for Payment Request Form ................................................ 16 Sandbox and Testing Environment .................................................................................... 18 Test Credit Card Numbers ................................................................................................ 19

LIST OF FIGURES
Figure 1: Unstyled Payment Form............................................................................................................ 9 Figure 2: Styled Payment Form Example ................................................................................................. 9 Figure 3: Before: Sample merchant payment template page as retrieved by CRE Secure HPP server.... 10 Figure 4: After: Sample CRE Secure HPP incorporating the merchant payment template page presented to the customer...................................................................................................................................... 11

LIST OF TABLES
Table 1: Style Conventions Used in This Document ................................................................................. 1 Table 2: Transaction Response Data ..................................................................................................... 12 Table 3: Sample payment template pages ............................................................................................. 13 Table 4: Testing Sandbox Credentials ................................................................................................... 18 Table 5: Test Credit Card Numbers........................................................................................................ 19

DOCUMENT REVISION 100609
Copyright 2009 CRE Secure Payments, LLC. All rights reserved.

TABLE OF CONTENTS - I

CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE About This Document Purpose of this Document This guide provides an overview of the components and concepts related to the development of client applications that utilize CRE Secure Hosted Payment Page. Intended Audiences This guide is for developers who want to implement CRE Secure Hosted Payment Page in order to integrate hosted payment services with their applications. Table 1: Style Conventions Used in This Document ABOUT THIS DOCUMENT .1 . appear in italics. external files. as well as instructions for implementing the Hosted Payment services. Development objects are presented in Courier New type and highlight API operations and objects such as GetServiceInformation()and ApplicationData. Document Conventions This guide uses the style conventions listed below: CONVENTION DESCRIPTION Hyperlinks in this document point to web content and internal references related or supporting content within this document. Sample Code Sample code is presented in Courier New 9pt type with a shaded background. and supporting documents. References to file paths. Hyperlinks Code Objects Supporting Material Note: Notes and related resources are presented in Arial 9pt type and are emphasized with a border above and below. Important! Cautionary notes are designated with a Caution icon that alerts you to circumstances in which a given action may have potentially serious functional implications.

CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Additional Resources The following resources provide additional information that can be referenced as supplemental material to this guide.cresecure.com http://www. Developer Support Download Center Access resources to support your integration from the CRE Secure Download Center by visiting http://www. LLC.php?forms_id=4&CDpath=13_27 CRE Secure Payments.com/pages.com Contact us with any support questions by visiting: http://www.com ABOUT THIS DOCUMENT . CRE Secure Payments. Merchant Guides Along with this custom integration guide. Suite 19 Atlanta. LLC provides a PCI Compliance Implementation Guide for merchants. Georgia 30307 USA Phone: (404) 961-9840 Fax: (404) 961-9853 www.php?CDpath=5_8 Support Email Live Chat support@cresecure. The Implementation Guide is an overview of all the PCI Compliance paperwork and references needed to satisfy the PCI Compliance burden for a merchant.2 .com/fss_forms_detail.cresecure.cresecure.cresecure. 112 Krog Street.

CRE SECURE HOSTED CHECKOUT OVERVIEW .cresecure.pdf This document outlines the requirements necessary to connect your merchant site to our CRE Secure HPP service. A Template Payment Page 3. http://usa. The merchant site must have an SSL certificate installed (private or shared) in order to post to our service and to have your images and CSS incorporated into our HPP.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Introduction The CRE Secure Hosted Payment Page (HPP) protects your customers credit card information and using Patent Pending HTML Clone™ technology maintains the quality of the customer experience. A Merchant Services account for receiving payments via credit card 3. A Payment Request Form 2.visa.php?CDpath=5_8.cresecure.com/pages.3 . A Transaction Success Response Page There are three business requirements for the merchant: 1. CRE Secure is certified as a PCI Compliant Level 1 service provider.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers. For a complete list of supported gateways please go to http://www. An account with a payment gateway that we support Note: Merchants can get their CRE Secure account as well as assistance obtaining a merchant services account and a gateway if they do not already have one at www.com. The merchant site must use HTML to generate distinct web pages 3. The merchant site must be accessible via the internet 2. A CRE Secure account 2. The integration has the following technical prerequisites 1. There are three essential elements to the integration of your merchant site to CRE Secure: 1.

CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE How It Works Step-by-step of How CRE Secure HPP works with HTML Clone technology A. C. they select the CRE Secure HPP payment method and choose Checkout. D. where the order status is updated. In a patent-pending process called HTML Clone technology we retrieve a Template Payment Page from your site in real time. CRE SECURE HOSTED CHECKOUT OVERVIEW . Once the payment transaction is complete the customer is connected directly back to your shopping cart application to your Transaction Success Response page. A customer begins to create their order on your site as normal. CRE Secure HPP servers receive the order and payment request.4 . E. B. F. They proceed to checkout where the CRE Secure HPP is integrated to the Payment Request Form. the customer still has access to all links and live navigation of the merchant’s site because our patent pending technology dynamically matches the merchant’s unique template design from the Template Payment Page on the merchant site. scrub it for any malicious code then combine it with our securely stored credit card collection form. The card holder data and payment transaction is processed in our highly secure PCI Compliant data center and connects directly with the payment gateway and banking payment networks. With HTML Clone. CRE Secure HPP presents to your customer a secure hosted payment page that looks just like your site.

net/securepayments/a1/cc_collection.sandbox-cresecure. use a secure form post to the CRE Secure HPP server production url: https://safe.determines if Physical or Digital goods Text description of the purchase System value of the order or payment The customer identification number IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE . Posting to the HTML CLONE from a non SSL URL will result in an 404 error because we only accept secure connections to our HPP servers.php For development and testing use the sandbox url: https://safe.cresecure. Table 1: Payment Request Form Post Value Descriptions PAYMENT REQUEST FORM POST VALUE DESCRIPTIONS Post Value CRESecureID CRESecureAPIToken total_amt return_url content_template_url total_weight order_desc order_id customer_id Type Required Required Required Required Required Optional Optional Optional Optional Requirements Provided by CRE Secure Provided by CRE Secure Numeric. Example HTML code that posts to the HTML CLONE server is provided in the section Sample HTML Code below.php See Development Sandbox Appendix for test credentials and test credit card numbers. default = 0 Minimum 1 char Minimum 1 char Minimum 1 char Description Unique Account Number for CRE Secure Service API Token as part of the authentication chain The amount to authorize or capture in the transaction The url on the merchant site where they can process the payment success action The url where the merchant template resides.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Payment Request Form: Posting to the Hosted Payment Page To initiate the payment process. must be https accessible The total weight of the order . Important! Your website must be using SSL.5 .net/securepayments/a1/cc_collection. Decimal 2 places https url https url If no value sent.

6 . default = USD Text values that matches known supported languages default = English Minimum 1 chars Minimum 1 chars Minimum 1 chars Minimum 1 chars Must be valid email format Numeric minimum 10 chars Minimum 1 chars 2 letter abbreviation Minimum 5 chars 3 letter ISO.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE PAYMENT REQUEST FORM POST VALUE DESCRIPTIONS currency_code Optional Must be valid ISO currency code. default = USA Minimum 1 chars Minimum 1 chars Minimum 1 chars Minimum 1 chars Must be valid email format Numeric minimum 10 chars Minimum 1 chars 2 letter abbreviation Minimum 5 chars The 3 letter ISO currency of the transaction lang Optional The language of the text displayed on the payment page customer_company customer_firstname customer_lastname customer_address customer_email customer_phone customer_city customer_state customer_postal_code customer_country delivery_company delivery_firstname delivery_lastname delivery_address delivery_email delivery_phone delivery_city delivery_state delivery_postal_code Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Optional Customer’s Company Name Customer First Name Customer Last Name The street number and name of the billing address (Required for AVS by most gateways) Customer email for the billing address Phone number for the billing address City of the billing address State or Province of the billing address Zip code or Postal Code of the billing address (Required for AVS by most gateways) The country of the billing address Ship-To Company Name Ship-To First Name Ship-To Last Name The street number and name of the delivery address Ship-To email for the delivery address Phone number for the delivery address City of the delivery address State or Province of the delivery address Zip code or Postal Code of the delivery address IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .

7 . Example: Visa|MasterCard|American Express Valid values are: Visa.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE PAYMENT REQUEST FORM POST VALUE DESCRIPTIONS delivery_country allowed_types Optional Optional 3 letter abbr. MasterCard. Discover The unique session identifier for the customer user on the merchant site The session name for the customer user on the merchant site. American Express. MasterCard sess_id sess_name Optional Optional Minimum 8 char Optional – if no value sent. default = osCsid Valid IP address format The country of the delivery address The card types to display on the payment form. The IP address of the customer ip_address Optional IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE . default = USA Text separated by PIPE delimiter Default values are: Visa.

tr iv. The payment template page must allow for the user session to be set via the URL 10. The HTML Clone will sanitize the HTML output from your payment template page and remove the following tags: a. Create a page in your application.8 . i. 2. The url for this page on your merchant site is passed to us in the content_template_url post variable The following rules apply to the payment template page: 1. 3. select viii. id’s and tags to style the payment form located on the Hosted Payment Page. span. IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE . The CRE Secure payment form utilizes the following classes. Refer to the next page for an example of the payment form styled using CSS. The page contains the value [[FORM INSERT]] in the content area. td. input vii. <script> and <iframe> Make sure your payment template page renders correctly without these tags present.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Merchant Payment Template Page The merchant payment template is a page in the merchant site that has all the template and user session logic that will be used for the presentation of the Hosted Payment Page.main v. The url for the payment template page must be accessible over HTTPS protocol 6. 5. Specify the Page Title and any text you want to appear above and/or below the payment form. #submit c. either by creating a new physical page or using your applications built-in page manager. table iii. The url for the payment template page must be directly browseble 7. The payment template page must have the BASE tag with the URL of your HTTPS domain or use absolute urls for CSS and image SCR values 8. 4. H2 (form title) ii. b. The css and images must be accessible via your HTTPS domain 9. The HTML CLONE technology will read the HTML contents of the page and will search for [[FORM INSERT]] and replace with the Credit Card payment form.main vi. The url of the payment template page can be any url in your site. Place [[FORM INSERT]] where ever you want the credit card form to appear on the page. The payment template page should render using your application template logic and preferences 11.

} </style> Figure 1: Unstyled Payment Form Figure 2: Styled Payment Form Example IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE . text-decoration:none. } .main H2{ color:#999. font-family:Arial. cursor:pointer. background-color:#777.main a:hover{ text-decoration:underline. font-weight:bold. } .main select { border:2px solid #CCC. } . } .main input.main #submit{ border:none. Helvetica.9 . . sans-serif. } . padding:3px. } . } . color:#FFF.main a{ color:#999. } TABLE TD{ background-color:#333.main select{ cursor:pointer. padding-left:15px.main{ color:#AAA.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Example CSS <style type="text/css"> U{ text-decoration:none.

CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Figure 3: Before: Sample merchant payment template page as retrieved by CRE Secure HPP server IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .10 .

11 .CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Figure 4: After: Sample CRE Secure HPP incorporating the merchant payment template page presented to the customer IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .

TxnGUID for Chase or TransID for Authorize. i.net.aspx?order_id=6&code=000&msg=Success&error=&mPAN=XXXX XXXXXXXX3801&name=Salvatore%20F%20Iozzia&type=Visa&exp=1012&ApprovalCode=0123 45&TxnGUID=1234567890&ProcTxnID=ABCDEFG&osCsid=ddc2e76644e8dde7308d42606f7f7 e74 Data Returned: DATA TYPE order_id code error msg This is the order number or id This is the success or failure code. If an error is returned.e. The HPP only responds to your merchant system when a payment is successfully made. This is the cardholder name to be stored in orders table. This is the unique session identifier from the merchant site. In the event of a failed payment the customer is shown the payment page again with an error message. This is CC type to be stored in orders table. The customer retries or leaves the page.12 . The customer either cancels by clicking ‘Cancel’ or by clicking any link in your template HTML. Example of a successful transaction (where return. This is CC Expire Date to be stored in order table. Table 2: Transaction Response Data DESCRIPTION mPAN name type exp osCsid ApprovalCode TxnGUID ProcTxnID Note: You do not need to worry about failed transactions. The transaction ID from the gateway. IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Transaction Success Response Page The response is returned as key/value pairs as an HTTP $_GET (postback) to the supplied return URL. the error message will be here. 000 = Success. Success will have the value “Success” This is the masked CC number to be stored in orders table.com/return. Diagnostic ID for transactions on specific gateway integrations.aspx is the return URL) : https://mydomain. this value = ‘true’ In the event that an error is returned. optional. This is session_name sent in the Post data This is the Approval Code for the transaction.

php? sid=XXXXXXXXXXXX&action=process"> <table width="100%" border="0"> <tr> <td height="50" valign="bottom" colspan="2" class="main"> <h2>Pay With Credit Card</h2> </td> </tr> <tr> <td class="main" width="148" height="31"> IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .location=no.screenY=150.resizable=no.cresecure.copyhistory=no. CRE Secure will generate this as part of our HPP.status=n o.php URL Table 3: Sample payment template pages Sample of the CRE Secure HPP payment form HTML This is the HTML of the credit card collection form that is presented to the customer on the HPP.s creenX=150.menubar=no.height=233.cresecure.'popupWindow'. <table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td> <script type="text/javascript"><!-function CVVPopUpWindow(url) { window. Note: You do not need to generate this HTML.open(url.width=600.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Live Demos of CRE Secure HPP You can view online examples of a full integration and a payment template page at the following links: EXAMPLE Sample merchant site Payment template page prepared to be used by the HTML CLONE http://demos.cresecure.com/catalog/checkout_payment_template.top=150. it is provided here as a reference only.com/catalog/ http://demos.scrollbars=no.left=150') } //--></script> <form id="form1" name="form1" method="post" action="https://yourdomain.13 . It will be incorporated into your template payment page where the [[FORM INSERT]] is on the page.'toolbar=no.directories=no.net/securepayments/a1/cc_collection.

14 .CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE <span class="main">Cardholder Name</span> </td> <td class="main" width="200"> <span class="main"> <input type="text" name="name" id="name" autocomplete="off"></span> </td> </tr> <tr> <td class="main" width="148" height="31"> <span class="main">Card Type</span></td> <td class="main" width="200"> <span class="main"> <select name="card_type"> <option value="American Express">American Express</option> <option value="Discover">Discover</option> <option value="MasterCard">MasterCard</option> <option value="Visa">Visa</option> </select> </span> </td> </tr> <tr> <td class="main" height="31"> <span class="main">Credit Card Number</span> </td> <td class="main"><span class="main"> <input type="text" name="PAN" id="PAN" autocomplete="off"></label> </span> </td> </tr> <tr> <td class="main" height="30"> <span class="main">Expiration Date</span> </td> <td class="main"> <span class="main"><select name="cresecure_cc_expires_month"> <option value="01">January</option> <option value="02">February</option> <option value="03">March</option> <option value="04">April</option> <option value="05">May</option> <option value="06">June</option> <option value="07">July</option> <option value="08">August</option> <option value="09">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select>&nbsp. <select name="cresecure_cc_expires_year"> <option value="09">2009</option> IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .

cresecure. <input type="submit" name="submit" id="submit" value="Submit"> </span></div> </td> </tr> </table> </form> </td> </tr> </table> IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .&nbsp.cresecure.net/securepayments/a1/cc_collection.php')"><u><i>(What is it?)</i></u></a> </span> </nobr> </td> <td class="main"> <span class="main"> <input name="cv_data" type="text" id="cv_data" size="5" autocomplete="off"> </span> </td> </tr> <tr> <td class="main" height="83"> <span class="main"></span> </td> <td class="main"> <div align="center"><span class="main"> <a href="https://creloaded.php?sid =0cl90urkgn7ts0j3g26dauf410&action=cancel&order_id=92">Cancel</a>&nbsp.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE <option value="10">2010</option> <option value="11">2011</option> <option value="12">2012</option> <option value="13">2013</option> <option value="14">2014</option> <option value="15">2015</option> <option value="16">2016</option> <option value="17">2017</option> <option value="18">2018</option> </select> </span> </td> </tr> <tr> <td class="main" height="32"> <nobr> <span class="main">CVC number <a href="javascript:CVVPopUpWindow('https://pay.15 .net/securepayments/a1/ cvv.

php"> <input type="hidden" name="session" value="e91dd8af53j35k072s0bubjtn7" /> <input type="hidden" name="sess_name" value ="session" /> <input type="hidden" name="allowed_types" value="Visa|MasterCard|American Express" /> <input type="hidden" name="CRESecureID" value="cre78640391SB"/> <input type="hidden" name="CRESecureAPIToken" value="9671b7e350e1effac5ea9195ad4a528d" /> <p> <label>Street Address: <input type="text" name="street" value="1000 1st Av"/> </label> </p> <p> <label>Postal Code: <input type="text" name="postal_code" value="10101"/> </label> </p> <p> <label>Phone Number: <input type="text" name="customer_phone" value="1234567890" /> </label> </p> <p> <label>Email Address: <input type="text" name="customer_email" value="chuck@test.16 .com" /> </label> </p> <p> <label>Order Amount: <input type="text" name="total_amt" value="123.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Sample Merchant HTML Code for Payment Request Form The following code is an example of the form data that must be sent to the CRE Secure HPP server to initiate the payment process. <form name="form1" method="post" action="https://sandboxcresecure.net/securepayments/a1/cc_collection.00" /> </label> </p> <p> <label>Total Weight <input type="text" name="total_weight" value="7" /> </label> </p> <p> <label>Order Number: <input type="text" name="order_num" value="336" /> IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .

com/return.aspx" /> <!-.Language --> <input type="hidden" name="lang" value="english" /> <!-.return url --> <input type="hidden" name="return_url" value="https://mydomain.Currency --> <input type="hidden" name="currency_code" value="USD" /> <!-.content template url --> <input type="hidden" name="content_template_url" value="https://mydomain.aspx" /> <p> <label> <input type="submit" name="submit" value="Submit" /> </label> </p> </form> IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE .17 .com/content_template.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE </label> </p> <p> <label>Order ID: <input type="text" name="order_id" value="336" /> </label> </p> <!-.

php Credentials are provided that are connected to each gateway. Any transaction that is using a real card will be ignored by our system and treated an error at the payment page. NET GATEWAY CRESecureID CRESecureAPIToken cre78640391SB 9671b7e350e1effac5ea9195ad4a528d SANDBOX C REDENTIALS C HASE ORBITAL TAMPA CRESecureID CRESecureAPIToken cre84453315SB d9703b3578b7d1dbab5b0dbe61aac106 SANDBOX C REDENTIALS C HASE ORBITAL SALEM CRESecureID CRESecureAPIToken cre515053984SB 2439e7307b40ccc4212ddb3abc3d1a0a Table 4: Testing Sandbox Credentials IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE . The sandbox connects to all the gateways we support. Also different gateways respond differently to specific conditions such as AVS data and Ip address requirement. The connections to the supported gateways are routed to the gateway’s sandbox.18 .CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Sandbox and Testing Environment We have setup a sandbox server environment for developers to test their integrations with. SANDBOX C REDENTIALS AUTHORIZE.net/securepayments/a1/cc_collection. Different gateways provide different response that are passed back to your merchant system. Note: We limit transactions to known test card numbers. Sandbox Account Credentials Post the form data to the sandbox server at the following url: https://sandbox-cresecure. So pick the gateway credentials that match to the gateway you will be using when you go live.

TEST CARD N UMBERS C HASE SALEM AND TAMPA CREDIT CARD Visa MasterCard Amex Discover 4111111111111111 5454545454545454 371449635398456 6011000995504101 TEST CARD N UMBERS AUTHORIZE. 4007000000027. 4007000000027 Table 5: Test Credit Card Numbers Note: Transactions with amounts that do not end with .19 . 4012888818888 TEST DATA 5424000000000015 370000000000002 6011000000000012 3088000000000017 38000000000006 . Any card numbers that do not match those listed below will dropped from server memory and the process will respond with an error.CRE SECURE HOSTED PAYMENT PAGE | INTEGRATION GUIDE Test Credit Card Numbers When using the sandbox for test we only accept transactions with valid test credit card numbers.00 will be declined on the development HTML CLONE. NET CREDIT CARD Visa MasterCard Amex Discover JCB Diners Club TEST DATA 4111111111111111. IMPLEMENTING CRE SECURE HOSTED PAYMENT PAGE . This is the expected behavior to allow for negative-path testing.

Sign up to vote on this title
UsefulNot useful