Documentation

All companies and organizations that deal with credit card information must adhere to PCI DSS. If your company takes credit card payments online, or through a call center, PCI DSS is a must.

PCI DSS Objectives and Requirements

Control ObjectivesRequirements
Build and maintain a secure network1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement strong access control measures7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly monitor and test networks10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policy12. Maintain a policy that addresses information security for all personnel

These 6 objectives may sound straight forward at first, but when you dig deeper into the standard, the 12 section SAQ (Self Assessment Questionnaire) can become fairly complicated. There are over 200 questions to answer in the SAQ. Failing only one of them could put your PCI Compliance status at risk. Download the SAQ here to take a look.PCI Compliance doesn’t have to be so difficult. We created HostedPCI to make compliance a straight forward task. At the heart of all of the HostedPCI modules is the Payment Vault which includes our Tokenization technology. If you accept credit card data online, take a look at the Checkout Express Edition. For call and contact centers, HostedPCI offers the Call Center Edition **Getting Started

Checkout Web Services API can be accessed by any ecommerce system that needs to process credit card transactions with the use of the HPCI credit card token.

Express Checkout solution is designed to integrate with any ecommerce site that requires credit card and CVV information capture. The express checkout solution uses an iframe module that is installed on the main ecommerce sites payment pages.

List the meaning of all the common error codes.

Screencasts

Watch the video to learn more about how HostedPCI can help you.

Code Samples

Code for common use cases in a variety of languages to help you get going on your project.

Advance Materials

Dispatch Web Services API can be accessed by any ecommerce system that needs to submit credit card transactions to a 3rd party web service with the use of the HPCI credit card token.

This guide provides implementation details to setup a telephonic call session and get the mapped credit card for the credit card entered via the telephone.

Checkout Web Services API Guide

The hostedPCI Checkout Web Services API can be accessed by any ecommerce system that needs to process credit card transactions with the use of the HPCI credit card token. Tokens can be obtained through the implementation of the HPCI Express Iframe solution or the HPCI full page proxy solution. This document assumes that HPCI tokens have been generated and available for use with the HPCI Web Service API.

API Transaction services included in this document: AUTHSALECAPTURECREDITVOID.


Implementation Platforms

HPCI Web Service API can be used in any programming language that supports HTTPS calls. Examples include Java, PHP, and C #.Net.

Setting up API Calls

All API calls to HostedPCI are made over HTTPS to an HPCI hostname that will be provided to you during your account setup. Parameters are passed to HPCI through the standard HTTP POST method. Name-Value pairs are separated by & characters and are URL Encoded.

The following method in Java is designed to set up and call HPCI API URLs (see below). Programming languages such as PHP and C# .Net have similar methods for POSTing HTTP URLs. Source code for the Java example below is available in file: ProxyHPCIProcessorApp.java

public static String callUrl(String urlString, Map paramMap) { 
  String urlReturnValue = "";
  try {
    // Construct data
    StringBuffer dataBuf = new StringBuffer();
    boolean firstParam = true;
    for (String paramKey : paramMap.keySet()) {
      if (!firstParam) dataBuf.append("&");
      dataBuf.append(URLEncoder.encode(paramKey, "UTF-8")).append("=")
      .append(URLEncoder.encode(paramMap.get(paramKey), "UTF-8"));
      firstParam = false;
    }
    String data = dataBuf.toString();
    // Send data
    URL url = new URL(urlString);
    URLConnection conn = url.openConnection();
    conn.setDoOutput(true);
    OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
    wr.write(data);
    wr.flush();
    // Get the response
    BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
    String line;
    while ((line = rd.readLine()) != null) {
      urlReturnValue = urlReturnValue + line;
    }
    wr.close();
    rd.close();
  } catch (Exception e) {
    e.printStackTrace();
    urlReturnValue = "";
  } 
  return urlReturnValue;
 } //END: callUrl

Required Parameters for All API Calls

apiVersion, value “1.0.1”

apiType, value “pxyhpci”

userName, value [API UserId]

userPassKey, value [API Passkey]


Specifying the Payment Profile Name (Optional)

With some advanced configurations, multiple payment gateways can be setup with HPCI and specified per API call. Payment profile names can be specified with the parameter below. This parameter is optional; the default value is DEF. Profile names must be pre-arranged with the HPCI team.

pxyTransaction.txnPayName, value [Name of Payment Profile to use]

Reading Results from API Calls



Once an HTTPS call is made to an HPCI Web Service API, results will be returned in standard Name-Value pair format with URL Encoded values.

The following method in Java is designed to read results from HPCI API calls and return result values in a String Map Container object.

public static Map parseQueryString(String queryStr) {
 Map map = new HashMap();
 if (queryStr == null)
   return map;
 String[] params = queryStr.split("&"); 
 for (String param : params) {
   String name = "";
   String value = "";
   String[] paramPair = param.split("=");
   if (paramPair != null && paramPair.length > 0) {
     name = paramPair[0];
     if (paramPair.length > 1 && paramPair[1] != null) {
       try {
         value = URLDecoder.decode(paramPair[1], "UTF-8");
       } catch (UnsupportedEncodingException e) {
         logMessage("Could not decode:" + paramPair[1]);
       }
     }
   }
   map.put(name, value);
 } 
 return map;

Credit Card Authorization Transaction (AUTH)

Card Number Related Parameters

  • pxyCreditCard.cardType, optional value [Type of Credit Card Used]
  • pxyCreditCard.creditCardNumber, value [HPCI Token Representing Credit Card]
  • pxyCreditCard.expirationMonth, value [Credit Card Expiry Month]
  • pxyCreditCard.expirationYear, value [Credit Card Expiry Year]
  • pxyCreditCard.cardCodeVerification, value [HPCI Token Representing CVV Code]

Transaction Amount Related Parameters (Required)

  • pxyTransaction.txnAmount, value [Amount to Authorize]
  • pxyTransaction.txnCurISO, value “USD” or “CAD” or other ISO Currency Code
  • pxyTransaction.merchantRefId, value [Merchant Reference Number (order Id?)]
  • pxyTransaction.txnPayName, value “DEF” or a payment profile name
  • pxyTransaction.txnComment, value empty string or short comment not longer than 50 characters
  • pxyTransaction.txnExtraParam1, value not required for all gateways, please ask HPCI support for more details
  • pxyTransaction.txnExtraParam2, value not required for all gateways, please ask HPCI support for more details
  • pxyTransaction.txnExtraParam3, value not required for all gateways, please ask HPCI support for more details
  • pxyTransaction.txnExtraParam4, value not required for all gateways, please ask HPCI support for more details
  • pxyTransaction.txnExtraParam5, value not required for all gateways, please ask HPCI support for more details
  • pxyTransaction.txnInstallmentCount, value for installment count for the transaction amount not required for all gateways, optional for Global Collect gateway.
  • pxyTransaction.txnLangCode, value for language code for transaction, not required for all gateways, optional for Global Collect gateway.
  • pxyTransaction.txnDuplicateWindowSeconds, value for defining duplicate transaction validation window in seconds, not required for all gateways, optional for Authorize.net.

User Related Parameters

  • pxyCustomerInfo.email, value [Customer Email Address]
  • pxyCustomerInfo.customerId, value [Customer User ID]

Billing Address Related Parameters

  • pxyCustomerInfo.billingLocation.firstName, value [Customer First Name]
  • pxyCustomerInfo.billingLocation.lastName, value [Customer Last Name]
  • pxyCustomerInfo.billingLocation.address, value [Customer Billing Street Address]
  • pxyCustomerInfo.billingLocation.city, value [Customer Billing City]
  • pxyCustomerInfo.billingLocation.state, value [Customer Billing State]
  • pxyCustomerInfo.billingLocation.zipCode, value [Customer Billing Zipcode]
  • pxyCustomerInfo.billingLocation.country, value [Customer Billing Country]
  • pxyCustomerInfo.billingLocation.phoneNumber, value [Customers Billing Phone Number]

Shipping Address Related Parameters

  • pxyCustomerInfo.shippingLocation.firstName, value [Customer First Name for Shipping]
  • pxyCustomerInfo.shippingLocation.lastName, value [Customer Last Name for Shipping]
  • pxyCustomerInfo.shippingLocation.address, value [Customer Shipping Street Address]
  • pxyCustomerInfo.shippingLocation.city, value [Customer Shipping City]
  • pxyCustomerInfo.shippingLocation.state, value [Customer Shipping State]
  • pxyCustomerInfo.shippingLocation.zipCode, value [Customer Shipping Zipcode]
  • pxyCustomerInfo.shippingLocation.country, value [Customer Shipping Country]
  • pxyCustomerInfo.shippingLocation.phoneNumber,value [Customers Shipping Phone Number]

Optional Parameters

The following parameters are not required but maybe useful to the payment gateway in use for fraud detection and other purposes.

  • pxyCustomerInfo.customerIP, value [Customer IP Address]
  • pxyOrder.invoiceNumber, value [Additional Merchant Identifier (order Id)]
  • pxyOrder.description, value [Order Description]
  • pxyOrder.totalAmount, [Total Amount of Order]

Credit Card Capture Transaction (CAPTURE)

API Endpoint: http://HPCI_API_HOSTNAME/iSynSApp/paymentCapture.action

Additional Required Parameters:

Transaction Amount Related Parameters

  • pxyTransaction.txnAmount, value [Transaction Amount to Capture]
  • pxyTransaction.txnCurISO, value “USD” or other ISO Currency Code
  • pxyTransaction.merchantRefId, value [Merchant Reference Number (order Id)]

Processor ID Parameters

  • pxyTransaction.processorRefId, value [Processor ID provided from Authorization or Sale]

The pxyTransaction.processorRefId is returned from an authorization transaction and must be provided for funds to be captured.

API Response Variables

The API Response variables are the same as for the AUTH transaction. Please see above.

Credit Card Sale Transaction (SALE)

API Endpoint: http://HPCI_API_HOSTNAME/iSynSApp/paymentSale.action

The SALE API call is performed exactly the same way as an AUTH, with a different API endpoint. The funds from a SALE operation will be immediately captured and a CAPTURE operation will not need to follow a SALE operation. However CAPTURE operations should always follow AUTH operations in order to fully complete a credit card transaction when using AUTH.

Credit Card Void Transaction (VOID)

API Endpoint: http://HPCI_API_HOSTNAME/iSynSApp/paymentVoid.action

Additional Required Parameters:

Transaction Amount Related Parameters

  • pxyTransaction.txnAmount, value [Transaction Amount to Void]
  • pxyTransaction.txnCurISO, value “USD” or other ISO Currency Code
  • pxyTransaction.merchantRefId, value [Merchant Reference Number (order Id)]

Processor ID Parameters

  • pxyTransaction.processorRefId, value [Processor ID provided from Authorization or Sale]

The pxyTransaction.processorRefId is returned from an authorization transaction and must be provided for funds specified (partial or full) to be voided and funds relinquished back to the original credit card in question.

API Response Variables

The API Response variables are the same as for the AUTH transaction. Please see above.

Credit Card Credit Transaction (CREDIT)

API Endpoint: http://HPCI_API_HOSTNAME/iSynSApp/paymentCredit.action

Additional Required Parameters:

Transaction Amount Related Parameters

  • pxyTransaction.txnAmount, value [Transaction Amount to Credit]
  • pxyTransaction.txnCurISO, value “USD” or other ISO Currency Code
  • pxyTransaction.merchantRefId, value [Merchant Reference Number (order Id)]

Processor ID Parameters

  • pxyTransaction.processorRefId, value [Processor ID provided from Authorization or Sale]

The pxyTransaction.processorRefId is returned from an authorization transaction and must be provided for funds specified (partial or full) to be credited back to the original credit card in question.

API Response Variables

The API Response variables are the same as for the AUTH transaction. Please see above.

Gateway Tokenization

API Endpoint: http://HPCI_API_HOSTNAME/iSynSApp/paymentGatewayToken.action

Tokenization Related Parameters

The parameters listed below are required by the Gateway and HostedPCI in order to create a Gateway Token.

  • pxyCreditCard.creditCardNumber,value [HostedPCI Token]
  • pxyCreditCard.cardCodeVerification,value [HostedPCI CVV place holder]
  • pxyCreditCard.expirationMonth,value [Credit Card expire month]
  • pxyCreditCard.expirationYear,value [Credit Card expire year]
  • pxyTransaction.txnPayName,value [Profile Name provided by HostedPCI]
  • pxyCustomerInfo.billingLocation.firstName,value [Client’s first name as it appears on the card]
  • pxyCustomerInfo.billingLocation.lastName,value [Client’s last name as it appears on the card]

API Response Variables

This API call responds with the following name-value pairs.

  • Status, value [success | error]

The Status response variable indicates if the API call is well formed, with an appropriate result. An error result will indicate that either the request was not well formed or that the transaction was not successful. A success result will indicate that the request was well formed and that the attempted transaction was successful.

  • pxyResponse.responseStatus, value [approved I declined | error | review | 3dsecure]

The only transaction response considered successful for pxyResponse.responseStatus is the approved status. Any other response should be considered an error. In case of a successful transaction, the authorization code may be obtained as per the following response variable:

  • pxyResponse.processorRefId, value [Valid Authorization Code from Credit Card Processor]

Once the authorization code is obtained through pxyResponse.processorRefId it should be used for subsequent calls for the following operations: CAPTURE, CREDIT and VOID. See documentation for these operations below.

  • pxyResponse.processorType, value [name of payment processor or gateway processing the transaction]

The response value will be one of:

  • pflResponse – Paypal Payflow Processor
  • cybResponse – CyberSource Processor
  • strResponse – Star Card Processor
  • anetResponse – Authorize.Net Processor
  • monResponse – Moneris Response
  • psiResponse – PSiGate Response
  • ponResponse – Paymentech Orbital Processor
  • wproResponse – Paypal Website PaymentPro Processor
  • snetResponse – SecureNet Processor
  • ipayResponse – Planet Payment iPay Processor
  • prismpayResponse – Prism Pay Processor
  • worldpayResponse – WorldPay Processor
  • optimalResponse – Optimal Processor
  • globalcResponse – Global Collect Processor
  • rakutenResponse – Rakuten Processor
  • ogoneResponse – Ogone Processor
  • 3dsecResponse – 3D Secure response
  • msgDispatchResponse – Message Dispatch response
  • fileDispatchResponse – File Dispatch response
  • The following response values are used to determine why a particular transaction has failed for approval (decline, error or review states).

    • pxyResponse.responseStatus.name, value [short description of response]
    • pxyResponse.responseStatus.code, value [alphanumeric code representing response]
    • pxyResponse.responseStatus.description, value [long description and informational text of response]
    • pxyResponse.responseStatus.reasonCode, value [Gateway specific reason code]

    This field contains the reason code for a successful or unsuccessful transaction reported by the payment gateway. This field is populated if available.

    • pxyResponse.fullNativeResp, value [Gateway specific result set, URL encoded]

    This field returns the entire result set from the payment processor or gateway. The actual gateway used can be found by inspecting the pxyResponse.processorType response field. The native response is flattened into name-value pairs, separated with & and URL encoded.

    Fraud Detection Service Parameters (Optional)

    The Authorization (and Sale) API’s also allow for passing fraud detection service parameters. The fraud detection service needs to be enabled prior to passing the fraud detection parameters.

    Fraud detection parameters are passed in an array, notated by [ ] array syntax. Repeat the following parameter pairs for each parameter that is required by the service.

    • fraudChkParamList[x]. name, value  [Parameter Name].
    • fraudChkParamList[x]. value, value  [Parameter Value].
    • fraudChkParamList[x]. type, optional value  [Parameter Type, either “data” or “map”].
    • fraudChkParamList[x]. mappedValue,optional value  [Parameter Mapped Value].
    • fraudChkParamList[x]. groupIdx,optional value  [Parameter Group Index].

    Where [x] starts at 0 and increases with each parameter name and value added. Please refer respective documentation provided by the supported fraud detection service (Kount, Retail Decision, MaxMind) to find the required parameters for a successful call.

    Fraud Service Related Response Fields

    The following response values are used to determine the status of a fraud verification call if fraud management was enabled.

    • frdChkResp.fullNativeResp, value [full response of a call to fraud checking service]

    Kount Related Service Parameters (Optional)

    As part of our Kount integration, HostedPCI allows to pass mapped values for AVST, AVSZ, CVVR and UDF according to the Kount documentation.

    AVST, AVSZ, CVVR

    AVST, AVSZ and CVVR are used to pass address verification and CVV verification codes from the payment gateway to Kount.
    Because the codes from the gateway are going to be different than the possible code values for Kount (possible values are “M” or “N”), you need to create mapping for every call that will define the relationship between the gateway codes and the Kount codes.
    For example, if you’re using PayPal Payflow Pro and they are reporting back AVS1 code Y and AVS2 code Y and CVV1 code Y (avs1=Y, avs2=Y, cvv1=Y) and you want all those values to be passed to Kount as a match then you’re going to populate the following in your request to HostedPCI:

    • fraudChkParamList[x].name=AVST
    • fraudChkParamList[x].value=Y
    • fraudChkParamList[x].type=map
    • fraudChkParamList[x].mappedValue=M
    • fraudChkParamList[y].name=AVSZ
    • fraudChkParamList[y].value=Y
    • fraudChkParamList[y].type=map
    • fraudChkParamList[y].mappedValue=M
    • fraudChkParamList[z].name=CVVR
    • fraudChkParamList[z].value=Y
    • fraudChkParamList[z].type=map
    • fraudChkParamList[z].mappedValue=M

    All possible mapping combinations that are applicable to your use case and your payment gateway should be included in the request.

    UDF

    Kount also allows for User Defined Fields (UDF) which can be added to the request similarly to the way we did AVS mapping.

    If we want to pass to Kount 2 UDF’s, one for BILL_COMPANY_NAME and the second SHIP_COMPANY_NAME, we can pass the following:

    • fraudChkParamList[x].groupIdx=1
    • fraudChkParamList[x].name=UDFN
    • fraudChkParamList[x].value=BILL_COMPANY_NAME
    • fraudChkParamList[x].groupIdx=1
    • fraudChkParamList[x].name=UDFV
    • fraudChkParamList[x].value=HostedPCI
    • fraudChkParamList[x].groupIdx=2
    • fraudChkParamList[x].name=UDFN
    • fraudChkParamList[x].value=SHIP_COMPANY_NAME
    • fraudChkParamList[x].groupIdx=2
    • fraudChkParamList[x].name=UDFV
    • fraudChkParamList[x].value=HostedPCI

    It’s also possible to pass some values from the gateway’s response dynamically to a UDF, please contact HostedPCI if you need that.

    3D Secure (Verified by Visa and MasterCard securecode) Parameters (Optional)

    The Authorization (and Sale) API’s also allow for passing payer authentication information. 3D Secure information is optional and will be required only of the 3D Secure service has been subscribed with the payment gateway.

    • pxyThreeDSecAuth.actionName, value empty string when no 3D Secure action is requested. Pass “verifyenroll” when card enrollment needs to be verified. Pass “verifyresp” when authentication response needs to be verified.
    • pxyThreeDSecAuth.authTxnId, value pass the authentication id received from “verifyenroll” call.
    • pxyThreeDSecAuth.paReq, value pass the payer authentication request value received from “verifyenroll” call.
    • pxyThreeDSecAuth.paRes, value pass the payer authentication response value received from pin verification call.
    • pxyThreeDSecAuth.authSignComboList[x], value  combined statuses of Authentication Result + Signature Result that are acceptable. The results are received after the verification call is completed by HPCI service prior to requesting an Authorization from the payment gateway. Typical values are “YY”, “AY” and “UY”.   Where [x] starts at 0 and increases with each item added.


    Item Related Parameters (Optional)

    The Authorization (and Sale) API’s also allow for the passing of individual order item information. Line item information is optional.

    Order Items are passed as parameters in an array, notated by [ ] array syntax. Repeat the following parameters for each order item in the order that is being processed.

    • pxyOrder.orderItems[x].itemId, value  [Merchant Item ID]
    • pxyOrder.orderItems[x].itemName, value  [Merchant Item Name]
    • pxyOrder.orderItems[x]. itemDescription, value [Merchant Item Description]
    • pxyOrder.orderItems[x]. itemQuantity, value  [item Quantity Ordered]
    • pxyOrder.orderItems[x]. itemPrice, value  [item Price per Unit]
    • pxyOrder.orderItems[x]. itemTaxable, value  [Is Item Taxable Y/N]  Where [x] starts at 0 and increases with each item added.


    3D Secure Related Response Fields

    If the response status is 3D Secure then the 3D Secure PIN verification is required to proceed with authorization. Please review the 3D Secure PIN verification section for details. Use the following parameters to initiate the PIN verification call:

    • pxyResponse.threeDSAcsUrl, value [ACS Url received from the “verifyenroll” call]
    • pxyResponse.threeDSTransactionId, value [Transaction Id received from the “verifyenroll” call]
    • pxyResponse.threeDSPARequest, value [Payer Authentication Request received from the “verifyenroll” call]

    These 3 response variables will be provided verbatim from the payment gateway configured for the HPCI API account. Documentation from the payment gateway should be used to discern the error in question.

    3D Secure Transaction steps (Auth/Sale)

    The following steps are required only if 3D Secure (Verified by Visa, MasterCard SecureCode etc) are enabled for chargeback protection.

    The e-commerce site needs to pass the following parameter during Auth or Sale calls to verify if a card is enrolled in 3D Secure program. If a PIN verification is required for the credit card used, during the call then a status of “3D Secure” is returned back:

    • pxyThreeDSecAuth.actionName, value, pass ”verifyenroll”.

    After receiving “3D Secure” response status the e-commerce site needs to present the PIN verification form. It is recommended that the PIN verification form be presented in an iframe from the HPCI domain and is described in the ExpressHTML Guide.

    The following parameters will be required for initiating a successful PIN verification call:

    • pxyResponse.threeDSTransactionId, the value received in this variable will contain a unique reference provided by the 3D Secure system. You can pass the value from the parent frame to the PIN verification iframe using a suitable url parameter.

    Express Checkout iFrame HTML Guide

    The hostedPCI Express Checkout solution is designed to integrate with any ecommerce site that requires credit card and CVV information capture. The express checkout solution uses an iframe module that is installed on the main ecommerce sites payment pages. The iframe only displays the credit card fields which are in scope for PCI compliance, that is the credit card number and CVV field. The rest of the page is presented by the ecommerce application as usual.

    The iframe module is designed to use the main ecommerce sites payment form to submit credit card information to hostedPCI and have hostedPCI return the credit card token back to the ecommerce application. Creating the token through hostedPCI is the first step to maintaining a PCI compliant environment using the HostedPCI toolset.

    Backend processing of the HPCI token is described in Checkout Web Services API Guide

    Key Terms

    VariablesDescription
    hpciSiteIdThe site id (a number) configured and provided by HPCI after the activation of the HPCI account. There will be a different Site Id for staging and live sites.
    locationThe location reference within the HPCI application. Locations are configured through the HPCI customer portal.
    fullParentHostIs the full hostname where the parent ecommerce site resides (not the iframe).
    fullParentQStrIs the query string currently used by the payment page where the iframe resides. This parameter is required for backward compatibility with browsers that do not support “post” frame messages. This string has to match the current url that appears on the browser address bar.
    jqVersionThis setting is optional, allows control on the JQuery version of the iFrame that is being used. Available versions are 1.11.2 or 2.1.3 or 1.4.1. Values can be [jq1 | jq2 | jqdef] respectively. This parameter need the V2 iFrame to be enabled in order for it to work.
    browserTypeThis setting is optional, sets the iFrame for mobile or desktop use. Values can be [mobile | def]
    cvvValidateSet the value of the parameter to Y if basic CVV form validation is required. Basic validation will report an error if the entered value is not numbers only and is not between 3 and 4 characters regardless of credit card type.
    reportCCTypeSet the value of the parameter to Y if preliminary credit card and CVV data needs to be reported once the user has entered the details and moves the focus from the respective fields. Credit card type, credit card and CVV length and credit card validity using Mod 10 check is reported.
    reportCCDigitsThis function is optional and requires iFrame V2 to be enabled on the account. This function enables key press feedback from the ccNum field within the iFrame. Set to Y if CC data needs to be reported back during key press.
    formatCCDigitsCredit card formatting feature, automatically add delimiter while customer types the card in, for example “4444333322221111” will be turned to “4444-3333-2222-1111”. Turn on or off [Y/N].
    formatCCDigitsDelimiterCredit card formatting feature, set the delimiter value which can be space, dash or tab, just need to remember that the value has to be URL encoded [%20/-/%09].
    reportCVVDigitsThis function is optional and requires iFrame V2 to be enabled on the account. This function enables key press feedback from the ccCVV field within the iFrame. Set to Y if CVV data needs to be reported back during key press.
    hpciCCFrameNameThe name of the iframe used for displaying the credit card entry fields.
    hpciSiteSuccessHandlerThe reference to the function that handles successful credit card mapping. This function will typically copy the mappedCCValue, mappedCVVValue parameter values to form hidden fields that need to contain the credit card and CVV values respectively. Finally this function should submit the order processing form that encloses the credit card entry fields.
    hpciSiteErrorHandlerThe reference to the function that displays the credit card mapping errors. Typically the following function uses DHTML/DOM to display the error.
    hpci3DSitePINSuccessHandlerThis function is optional and needs to be implemented only for sites that use 3D Secure functionality. The reference to the function that handles successful PIN validation. This function will typically submit the order processing form that encloses the credit card entry fields and the PIN validation iFrame.
    hpci3DSitePINErrorHandlerThis function is optional and needs to be implemented only for sites that use 3D Secure functionality. The reference to the function that displays the PIN validation errors. Typically the following function uses DHTML/DOM to display the error.
    hpciCCPreliminarySuccessHandlerThis function is optional and needs to be implemented only for sites that use reportCCType functionality. The function signature should accept credit card type, BIN, validity flag and length in that order.
    hpciCVVPreliminarySuccessHandlerThis function is optional and needs to be implemented only for sites that use reportCCType functionality. The function signature should accept CVV length.
    hpciCCDigitsSuccessHandlerThis function is optional and requires iFrame V2 to be enabled on the account and needs to be implemented for sites that use key press functionality. The function signature should accept credit card type, BIN, validity flag and length in that order.
    hpciCVVDigitsSuccessHandlerThis function is optional and requires iFrame V2 to be enabled on the account and needs to be implemented for sites that use key press functionality. The function signature should accept CVV length.
    sendHPCIChangeClassMsgThis function is optional and requires iFrame V2 to be enabled on the account and needs to be implemented for sites that require changes to the class of the fields inside the iFrame based on interactive feedback during customer keypress of CC/CVV data. The function signature expects elementId of ccNum/ccCVV from within the iFrame and replaces the class with the new classValue that can correspond to the classes from the style header of the iFrame.
    enableTokenDisplaySet to “Y” if you want the iFrame to show pre-populated masked value that is stored inside. It applies to both credit card and CVV fields. If it’s not empty, it means there is already a value stored inside.
    ccNumTokenIdxThis parameter is used to define which iFrame index is going to be used. Used mainly for instances where you would need to load multiple iFrames on the same page. Set to “1” unless there is a need for multiple iFrames on the same page. Required for CVV only iFrame.
    ccNumTokenIs the credit card token that is associated with the CVV iFrame. To re-tokenize CVV for token 4111-1111-1111-1111 set this parameter to “4111111111111111”.

    Installing the iFrame

    The HostedPCI iFrame can be installed in a few different ways, the first would be the basic iFrame model with the CVV. This version of the iframe is basic in functionality, the iFrame V2 version is the second generation iFrame the difference with this iFrame allows companies to use keystroke feedback capabilities which can provide you customer with an idea of if they missed a digits or added a digits, the keystroke feedback also as the ability select the card type based on the first 4 digits of the PAN number. With the HostedPCI iFrame you also have the ability to set a CVV only iFrame or a credit card PAN only iFrame depending on your business needs.

    Iframe Prerequisites

    In order to install the iFrame and have it communicate with the main eCommerce payment form, some prerequisite JavaScript is required.

    Required JavaScript Includes
    <script src="https://ccframe.hostedpci.com/WBSStatic/site60/proxy/js/hpci-cciframe-1.0.js" type="text/javascript" charset="utf-8"></script>
    <script src="https://ccframe.hostedpci.com/WBSStatic/site60/proxy/js/jquery.ba-postmessage.2.0.0.min.js" type="text/javascript" charset="utf-8"></script>
    Optional JavaScript Includes
    <script src="https://ccframe.hostedpci.com/WBSStatic/site60/proxy/js/jquery-1.4.1.min.js" type="text/javascript" charset="utf-8"></script>
    JavaScript in HEAD section
    <script>
    var hpciCCFrameHost = "https://ccframe.hostedpci.com";
    var hpciCCFrameFullUrl = "https://ccframe.hostedpci.com/iSynSApp/showPxyPage!ccFrame.action?pgmode1=prod&locationName=[location]&sid=[hpciSiteId]&reportCCType=[Y]&reportCCDigits=[Y]&formatCCDigits=Y&formatCCDigitsDelimiter=%09&reportCVVDigits=[Y]&fullParentHost=[ecommerceSiteHostName]&fullParentQStr=[ecommerceURLQueryString]&pluginMode=[jqVersion]&clientType=[browserType]";
    var hpciCCFrameName = "ccframe"; // use the name of the frame containing the credit card
    var hpciSiteErrorHandler = function (errorCode, errorMsg){
    // Place the following alert to properly display the error message
    alert("Error while processing credit card code:" + errorCode + "; msg:" + errorMsg);
    }
    var hpciSiteSuccessHandlerV4 =
    function(hpciMappedCCValue, hpciMappedCVVValue, hpciCCBINValue, hpciGtyTokenValue, hpciCCLast4Value, hpciGtyTokenAuthRespValue, hpciTokenRespEncrypt){
    // Please pass the values to the document input and then submit the form
    // name of the input (hidden) field required by ecommerce site
    // Typically this is a hidden input field.
    var ccNumInput = document.getElementById("ccNum");
    ccNumInput.value = hpciMappedCCValue;
    // name of the input (hidden) field required by ecommerce site
    // Typically this is a hidden input field.
    var ccCVVInput = document.getElementById("ccCVV");
    ccCVVInput.value = hpciMappedCVVValue;
    // name of the input (hidden) field required by ecommerce site
    // Typically this is a hidden input field.
    var ccBINInput = document.getElementById("ccBIN");
    ccBINInput.value = hpciCCBINValue;
    // name of the form submission for ecommerce site
    var pendingForm = document.getElementById("CCAcceptForm");
    pendingForm.submit();
    }
    var hpci3DSitePINSuccessHandler = function (){
    // Name of the form submission for ecommerce site
    var pendingForm = document.getElementById("CCAcceptForm");
    pendingForm.submit();
    }
    var hpci3DSitePINErrorHandler = function (){
    // Adapt the following message / action to match your required experience
    alert("Could not verify PIN for the credit card");
    }
    var hpciCCPreliminarySuccessHandlerV2 = function(hpciCCTypeValue, hpciCCBINValue, hpciCCValidValue, hpciCCLengthValue, hpciCCEnteredLengthValue);){
    // Adapt the following message / action to match your required experience
    alert("Received preliminary credit card details");
    }
    var hpciCVVPreliminarySuccessHandlerV2 = function(hpciCVVLengthValue, hpciCVVValidValue);{
    // Adapt the following message / action to match your required experience
    alert("Received preliminary CVV details");
    }
    var hpciCCDigitsSuccessHandlerV2 = function(hpciCCTypeValue, hpciCCBINValue, hpciCCValidValue, hpciCCLengthValue, hpciCCEnteredLengthValue) {
    // Use to enable credit card digits key press
    alert("Received CC keypress");
    }
    var hpciCVVDigitsSuccessHandler = function(hpciCVVDigitsValue) {
    // Use to enable CVV digits key press
    alert("Received CVV keypress");
    }
    </script>

    Basic iFrame

    In order to install the HostedPCI iFrame, you will need to place the code below where the credit card field will be in your checkout process.

    <iframe id="ccframe" src="https://ccframe.hostedpci.com/iSynSApp/showPxyPage!ccFrame.action?pgmode1=prod&locationName=[Location]&sid=[hpciSiteId]&fullParentHost=[ecommerceSiteHostName]&fullParentQStr=[ecommerceURLQueryString]" onload="receiveHPCIMsg()" name="ccframe" width="480" height="52" frameborder="0" scrolling="NO">
    If you can see this, your browser doesn't understand IFRAME.</iframe>

    You can omit onload=”receiveHPCIMsg()” call if preliminary messages are not required.
    If the primary eCommerce site has checkout page URL where HPCI iFrame is displayed as ( https://checkout.myecommercesite.com/MyApp/checkout.asp?param1=value1 ) and if the location name is checkout1 and HCPI site ID is 400001, then HPCI iFrame URL will be as follows:

    *Other iframe parameters such as width, height and borders are adjustable as required for the implementation.

    https://ccframe.hostedpci.com/iSynSApp/showPxyPage!ccFrame.action?pgmode1=prod&locationName=checkout1&sid=400001&fullParentHost=https%3A%2F%2Fcheckout.myecommercesite.com&fullParentQStr=%2FMyApp%2Fcheckout.asp%3Fparam1%3Dvalue1

    Key Parameters

    hpciSiteIdIs the site id (a number) configured and provided by HPCI after the activation of the HPCI account. There will be a different Site Id for staging and live sites.
    LocationIs the location reference within the HPCI application. Locations are configured through the HPCI customer portal.
    fullParentHostIs the full hostname where the parent ecommerce site resides (not the iframe).
    fullParentQStrIs the query string currently used by the payment page where the iframe resides. This parameter is required for backward compatibility with browsers that do not support “post” frame messages. This string has to match the current url that appears on the browser address bar.

    Interactive iFrame

    The interactive iFrame is the second generation of the HostedPCI iFrame. The customer can now receive prompts and feedback during keypress of CC/CVV data directly into the iFrame by changing the class. It also allows to prompt the customer for which credit card type is being used during keypress.

    The Interactive iFrame will be implemented the same way as the Basic iFrame. In order to use the full function of the interactive iFrame there are some additional parameters that need to be added to the iFrame URL, as well as a small change on the back end.

    <iframe id="ccframe" src="https://ccframe.hostedpci.com/iSynSApp/showPxyPage!ccFrame.action?pgmode1=prod&locationName=[Location]&sid=[hpciSiteId]&reportCCType=Y&reportCCDigits=Y&reportCVVDigits=Y&formatCCDigits=Y&formatCCDigitsDelimiter=%09&fullParentHost=[ecommerceSiteHostName]&fullParentQStr=[ecommerceURLQueryString]" onload="receiveHPCIMsg()" name="ccframe" width="480" height="52" frameborder="0" scrolling="NO">
    If you can see this, your browser doesn't understand IFRAME.</iframe>

    Key Parameters

    reportCCTypeRequires iFrame V2 to be enabled on the account. This function enables key press feedback for the credit card type within the iFrame. Set to Y if CC data needs to be reported back during key press.
    reportCCDigitsRequires iFrame V2 to be enabled on the account. This function enables key press feedback from the ccNum field within the iFrame. Set to Y if CC data needs to be reported back during key press.
    reportCVVDigitsRequires iFrame V2 to be enabled on the account. This function enables key press feedback from the ccCVV field within the iFrame. Set to Y if CVV data needs to be reported back during key press.
    formatCCDigitsCredit card formatting feature, automatically add delimiter while customer types the card in, for example “4444333322221111” will be turned to “4444-3333-2222-1111”. Turn on or off [Y/N].
    formatCCDigitsDelimiterCredit card formatting feature, set the delimiter value which can be space, dash or tab, just need to remember that the value has to be URL encoded [%20/-/%09].
    hpciCCDigitsSuccessHandlerV2This parameter needs to be set on the Host Page in order to utilize the keystroke feedback.

    Credit Card Field Only iFrame

    The HostedPCI Basic and Interactive iFrame can be loaded with the credit card field only for companies who do not want to collect the CVV number. In order to accomplish Credit Card Only iFrame, you would need to hide the CVV field within the iFrame body styling management section. It is important to not delete the CVV field from the iFrame since it will break the functionality of the iFrame, instead you will hide the field from being visible on your checkout page.

    In order to implement the credit card only iFrame the information below needs to be inserted within the iFrame body styling section.

    Note: When installing the credit card only iFrame it is important to hide the CVV field instead of removing the it completely. If the CCV field is removed the iFrame code will break without this field.

    <body class="account" id="updatecc" style="line-height: 1;color: rgb(68,68,68);font-size: 16.0px;font-family: tahoma;"><table align="center" class="cc_info" height="111" width="455"> 
        <tbody> 
          <tr> 
            <td> 
              <div align="left"><font size="4"><label for="ccNum" style="font-weight: normal;">  Card Number</label></font><br /></div> 
              <div align="left"><input id="ccNum" name="ccNum" style="border-width: thin;border-style: solid;border-radius: 0.2em;padding: 4.0px;width: 275.0px;height: 30.0px;" type="text" /></div> 
            </td> 
          </tr> 
          <tr> 
            <td> 
              <div align="left"><strong><br /></strong></div> 
              <div align="left"><input id="ccCVV" name="ccCVV" style="border-width: thin;border-style: solid;border-radius: 0.2em;padding: 2.0px;width: 90.0px;height: 30.0px;" type="hidden" /></div> 
            </td> 
          </tr> 
        </tbody> 
      </table></body>

    CVV only iFrame

    In some cases, it may be useful to be able to load an iFrame that will contain only the CVV field. That iFrame will be associated to an existing token.

    For example, a credit card token is valid for 18 months after the last time it was used, where as CVV token is only valid for 20 minutes. If we would like to bill a token that is already saved in the system, but we also want to pass the CVV along with it and it’s been more than 20 minutes, we would need to load a CVV only iFrame that will re-tokenize the CVV to an existing credit card token.

    Note: When installing the CVV only iFrame it is important to hide the credit card field instead of removing the it completely. If the credit card field is removed the iFrame code will break without this field

    https://ccframe.hostedpci.com/iSynSApp/showPxyPage!ccFrame.action?pgmode1=prod&locationName=checkout1cvvonly&sid=400001&enableTokenDisplay=Y&ccNumTokenIdx=1&ccNumToken=4000000000000001&fullParentHost=[ecommerceSiteHostName]&fullParentQStr=[ecommerceURLQueryString]
    Sample Code:
    <body class="account" id="updatecc">
    <div class="cc_info">
    <fieldset class="cc form-group">
    <input id="ccNum" name="ccNum" type="hidden" value="" />
    </fieldset>
    <fieldset class="cc form-group">
    <label class="cc" for="ccCVV">CSC/CVV</label> <input id="ccCVV" name="ccCVV" type="text" value="" />
    </fieldset>
    </div>
    </body>

    Key Parameters

    enableTokenDisplaySet to “Y” if you want the iFrame to show pre-populated masked value that is stored inside. It applies to both credit card and CVV fields. If it’s not empty, it means there is already a value stored inside.
    ccNumTokenIdxThis parameter is used to define which iFrame index is going to be used. Used mainly for instances where you would need to load multiple iFrames on the same page. Set to “1” unless there is a need for multiple iFrames on the same page. Required for CVV only iFrame.
    ccNumTokenIs the credit card token that is associated with the CVV iFrame. To re-tokenize CVV for token 4111-1111-1111-1111 set this parameter to “4111111111111111”.

    Multiple iFrames

    In some instances, it may be useful to be able to load multiple iFrames on the same page. For example, if there is a requirements to split payment into multiple credit cards. Another example would be for an agent to have multiple iFrames available to him on a single page load. This way there is no need to reload the page to select a different customer/credit card.

    https://ccframe.hostedpci.com/iSynSApp/showPxyPage!ccFrame.action?pgmode1=prod&locationName=checkout1&sid=400001&ccNumTokenIdx=1

    Key Parameters

    locationNameIs the iFrame location reference within the HPCI application. Locations are configured through the HPCI customer portal.
    sidIs the site id (a number) configured and provided by HPCI after the activation of the HPCI account. There will be a different Site Id for staging and live sites.
    ccNumTokenIdxThis parameter is used to define which iFrame index is going to be used. Set to “1” or increment by 1 for every additional iFrame that is required for the same page.

    Checkout Page

    Once information is submitted to the iframe, a credit card token will be returned from the HPCI iframe back to the main form hosted on the parent page. Information will automatically be placed into a form hosted on the parent page. The following minimum form elements are required:

    The ccNum and ccCVV fields are the minimum fields required for the iframe. They are typically not the only fields required for a payment. For example other fields required to process a payment usually consist of the expiry date, billing info and more. The additional fields are usually controlled by the parent page that hosts the iFrame.

    ccBIN is an optional field that will display the BIN number of the card.

    The action3DSec field is only required if 3D Secure functionality is used. Pass the action value to HPCI API in field pxyThreeDSecAuth.actionName so that credit card enrollment in 3D Secure Service is verified.

    The Submit input type is a critical element of the iframe implementation. The JavaScript embedded in the onClick() event will be used to send a message to the iframe, to submit the actual credit card information and return credit card token information back to the main input form. Use the Javascript function sendHPCIMsg() to initiate the mapping and submission process.

    <form id="CCAcceptForm" action="https://somepath/MainEcommerceAction" method="post"><input id="ccNum" name="ccNum" type="hidden" value=" " /> <input id="ccCVV" name="ccCVV" type="hidden" value=" " /> <input id="ccBIN" name="ccBIN" type="hidden" value=" " /> <input name="action3DSec" type="hidden" value="verifyenroll" /> <input type="submit" value="Submit" onClick='return sendHPCIMsg();' /></form>

    Submitting Information to your Ecommerce Application

    Once the iframe returns credit card token information back to the main form the JavaScript provided will submit the main form to the ecommerce application. The token will submitted along with the remainder of the information in the form.

    Once the server-side application has the credit card token, all of the credit card operations such as SALE, AUTH, CAPTURE, VOID and CREDIT will be available to the application through the HCPI server side API

    please see Web Service API guide 

    How to Handle Tokens

    Tokens can be stored in the ecommerce application database without risk of compromising PCI compliance. Tokens are designed to look similar to credit card numbers in length and structure without actually being valid credit card numbers. The first 4 digits and last 3-4 digits of a token match to those of the corresponding credit card number. Tokens are guaranteed NOT to be MOD-10 compatible.

    Modifying iFrame CSS for the Basic iFrame

    It may be necessary to update the CSS / Styles within the IFRAME to highlight error fields for example. The following method can be used to initiate style update for an element within the iFrame. This method can be invoked multiple times to update the style parameters within the iFrame.

    Please make sure hpci-cciframe-1.0.js file is included from HPCI servers prior to making the following call.

    The call signature is as follows: sendHPCIChangeStyleMsg(htmlElementID, cssTagName, cssTagValue);

    For example to update text color to red for input element with ID ccNum, use the following parameters: sendHPCIChangeStyleMsg(“ccNum”, “color”, “red”);

    Modifying iFrame CSS for the Interactive iFrame

    There is another function available to change CSS class at runtime within the iFrame. It is specifically useful to create interactive iFrame experience using the key press functions that were introduced for iFrame V2

    The call signature is as follows: sendHPCIChangeClassMsg(elementId, classValue);

    For example, to change the class of credit card field inside the iFrame which has the id “ccNum” from the existing class into class “.input-text”, one has to use the following

    Updating iFrame CSS using Query String Parameters

    To use query string parameters to update CSS within the IFRAME, place any of the following place holders in the style tag within the iFrame code:

    ${pageParam1} / ${pageParam2} / ${pageParam3} / ${pageParam4} / ${pageParam5} / ${pageParam6} / ${pageParam7} / ${pageParam8} / ${pageParam9} 
    e.g: style="margin: ${pageParam1} auto;background: ${pageParam2} repeat scroll 0 0 white;

    To use query string parameters to update CSS within the IFRAME, place any of the following place holders in the style tag within the iFrame code:

    https://ccframe.hostedpci.com/iSynSApp/showPxyPage!ccFrame.action?pgmode1=prod&locationName=test1&…….&pageParam1=0&pageParam2=none

    The Values passed can not contain “,’,>,<

    Installing the iFrame for 3D Secure PIN Validation (Optional)

    This iFrame implementation is optional and needs to be implemented only for sites that use 3D Secure functionality. The HPCI PIN Validation iframe can be installed into any form that is required to accept credit card information. This form should be displayed after receiving a response status of “3dsecure” from the HPCI PaymentAuth or PaymentSale call. The returned response should also contain authorization transaction ID. The example below from the “PCI Direct” website shows the credit card PIN validation form within the My Account section of the website.

    The highlighted top portion of the screen shot show the portion of the page that is delivered through the iframe. The remainder of the form is provided by the ecommerce site itself, all the user entered data along with tokenized credit card and CVV should be populated in the form for resubmission after the PIN validation complete.
    <iframe id="threeDSecFrame" name="threeDSecFrame" onload="receiveHPCIMsg()" src="https://ccframe.hostedpci.com/iSynSApp/appUserVerify3DResp!verificationForm.action?sid=[hpciSiteId]&authTxnId=[authTxnId]&fullParentHost=[ecommerceSiteHostName]&fullParentQStr=[ecommerceURLQueryString]" width="450" height="400" frameborder="0" scrolling="NO">
      If you can see this, your browser doesn't understand IFRAME.</iframe>

    Key Parameters

    hpciSiteIdIs the site id (a number) configured and provided by HPCI after the activation of the HPCI account. There will be a different Site Id for staging and live sites.
    authTxnIdIs the unique reference provided by 3D Secure enrollment verifcation call.
    fullParentHostIs the full hostname where the parent ecommerce site resides (not the iframe).
    fullParentQStrIs the query string currently used by the payment page where the iframe resides. This parameter is required for backward compatibility with browsers that do not support “post” frame messages. This string has to match the current url that appears on the browser address bar.

    3D Secure Hidden Field / Form Information

    Once information is submitted to the IFRAME and PIN validation is complete, the form is resubmitted to perform the AUTH or SALE operation:

    The ccNum and ccCVV fields are pre populated by the ecommerce site from the previous call when the credit card tokenization IFRAME was displayed.

    The hpci3DSitePINSuccessHandler present in the header section is called once the PIN verification is complete. This handler should initiate the resubmission of the form, this handler can be customized to do any other validation prior to submission if required.

    <form id="CCAcceptForm" action="https://somepath/MainEcommerceAction" method="post"><input id="ccNum" name="ccNum" type="hidden" value=" " /> <input id="ccCVV" name="ccCVV" type="hidden" value=" " /> <input id="ccBIN" name="ccBIN" type="hidden" value=" " /> <input name="action3DSec" type="hidden" value="verifyenroll" /> <input type="submit" value="Submit" onClick='return sendHPCIMsg();' /></form>

    Required parameters to be sent back to HostedPCI (3D Secure only)

    Once 3D Secure information has been validated inside the 3D Secure iFrame, the following parameters must be returned back to HPCI:

    • pxyThreeDSecAuth.actionName – must contain “verifyresp”.
    • pxyThreeDSecAuth.authTxnId – contains authTxnId that was received from HPCI in the previous call.
    • pxyThreeDSecAuth.authSignComboList[0] – optional, for example “YY”.
    • pxyThreeDSecAuth.authSignComboList[1] – optional, for example “AY”.
    • pxyThreeDSecAuth.authSignComboList[2] – optional, for example “UY”.

    Phone Session API Guide

    This guide provides implementation details to setup a telephonic call session and get the mapped credit card for the credit card entered via the telephone.

    Call Session Setup Service

    HostedPCI phone session setup service is called to initiate a session on the online portal so that it can be used by the telephonic call. This call should be made only once for every phone call.

    A session setup service call to HostedPCI requires the following parameters posted to the URL:

    http:///iSynSApp/manageCCMapPhoneAPI.action?cmd=createsession&userName=&userPassKey=&promptLang=&cvvEntry=&sessionKeyType=&userMarker1=&userMarker2=&userMarker3=
    Parameter NameParameter value
    UsernameAPI username from HostedPCI
    userPassKeyAPI passkey from HostedPCI
    cmdcreatesession
    promptLangen_US
    cvvEntryDefault value: request, possible values request | skip
    sessionKeyTypeDefault value: user, possible values user | venue
    userMarker1Optional parameter for user based session key, required parameter for venue based session key. Setup user identifying marker for venue based session key to assign sessions handled by a client user.
    userMarker2Optional parameter. Setup user identifying marker for venue based session key to assign sessions handled by a client user.
    userMarker3Optional parameter. Setup user identifying marker for venue based session key to assign sessions handled by a client user.

    If the call is successful the following return parameters will be provided in a URL encoded result set:

    status=success&sessionId=125040&sessionType=ccmap&sessionStatus=open&sessionKey=2034025040&sessionTaskCount=1&sessionTask[1].type=sessionsetup&sessionTask[1].status=created&sessionTask[1].promptCode=created_entersession&sessionTask[1].completionCode=waiting&sessionTask[1].completionCode=waiting&sessionTask[1].exceptionMsg=&sessionTask[1].comment=&sessionTask[1].paramName=&sessionTask[1].paramValue=&sessionTask[1].createTS=

    The individual user ID / pass key combination for the telephone agent in question should be used to create each session. Pass keys can be created for individual telephone agent user ID’s though the HostedPCI portal.

    The venue based phone sessions can be created by the phone session API user ID / passkey combination. At least one user marker is necessary to successfully create a venue session and assign the phone session to the user handling the call bridge. The API user id caller handles the responsibility of assigning suitable unique user markers using available user marker fields 1, 2 or 3 on the phone session setup API.

    Parameter NameParameter value
    Statussuccess|error
    Sessionid7 digit session id that is used to identify the IVR session
    sessionTypeCcmap
    sessionStatusopen
    sessionKeySession key to be entered by the telephone operator over the phone call.
    sessionTaskCountTask count list for the session
    sessionTask.type sessionsetup| ccmapsetup | cccvvsetup
    sessionTask.statusCreated | success | failed
    sessionTask.promptCodeCreated_session | created_enterccnum | created_entercccvv
    sessionTask.completionCodewaiting | success | error
    sessionTask.exceptionMsgMessage for the exception
    sessionTask.commentComments
    sessionTask.createTSCreate time for the session

    Call Session Status Service

    HostedPCI phone session status service is called to check the progress of a session so that interaction on the phone service can be reported periodically. This call can be invoked multiple times per phone session.

    A session status update service call to HostedPCI requires the following parameters posted to the URL:

    http:///iSynSApp/manageCCMapPhoneAPI.action?cmd=showprogress&userName=&userPassKey=&selectedPcsId=
    Parameter NameParameter value
    userNameAPI username from HostedPCI
    userPassKeyAPI passkey from HostedPCI
    cmdshowprogress
    selectedPcsId7 digit session id that was received when IVR session was created

    If the call is successful the following return parameters will be provided based on the progress of the session:

    status=success&sessionId=&sessionType=ccmap&sessionStatus=complete&sessionKey=&sessionTaskCount=3&sessionTask[1].type=sessionsetup&sessionTask[1].status=success&sessionTask[1].promptCode=created_entersession&sessionTask[1].completionCode=success&sessionTask[1].completionCode=success&sessionTask[1].respToken1=&sessionTask[1].respToken2=&sessionTask[1].respToken3=&sessionTask[1].exceptionId=&sessionTask[1].exceptionMsg=&sessionTask[1].comment=&sessionTask[1].paramName=&sessionTask[1].paramValue=&sessionTask[1].createTS=&sessionTask[2].type=ccmapsetup&sessionTask[2].status=success&sessionTask[2].promptCode=created_enterccnum&sessionTask[2].completionCode=success&sessionTask[2].completionCode=success&sessionTask[2].respToken1=&sessionTask[2].respToken2=&sessionTask[2].respToken3=&sessionTask[2].exceptionId=&sessionTask[2].exceptionMsg=&sessionTask[2].comment=&sessionTask[2].paramName=mappedcc&sessionTask[2].paramValue=&sessionTask[2].createTS=<>createTime&sessionTask[3].type=cccvvsetup&sessionTask[3].status=success&sessionTask[3].promptCode=created_entercccvv&sessionTask[3].completionCode=success&sessionTask[3].completionCode=success&sessionTask[3].respToken1=100&sessionTask[3].respToken2=&sessionTask[3].respToken3=&sessionTask[3].exceptionId=&sessionTask[3].exceptionMsg=&sessionTask[3].comment=Masked+CVV%3A100&sessionTask[3].paramName=&sessionTask[3].paramValue=&sessionTask[3].createTS=
    Parameter NameParameter value
    Statussuccess|error
    Sessionid7 digit session id that is used to identify the IVR session
    sessionTypeCcmap
    sessionStatusopen|closed|terminate
    sessionKeySession key to be entered by the telephone operator over the phone call.
    sessionTaskCountTask count list for the session
    sessionTask.type sessionsetup| ccmapsetup | cccvvsetup
    sessionTask.statusCreated | success | failed
    sessionTask.promptCodeCreated_session | created_enterccnum | created_entercccvv
    sessionTask.completionCodewaiting | success | error
    respToken1Extra details for the response. This field will contain the mapped CVV token for task type cccvvsetup
    respToken2Extra details for the response.
    respToken3Extra details for the response.
    sessionTask.exceptionMsgMessage for the exception
    sessionTask.exceptionIdID for the exception
    sessionTask.commentComments
    sessionTask.createTSCreate time for the session
    sessionTask.paramNameMappedcc
    sessionTask.paramValueTokenized credit card number

    Clear Call CVV Service

    HostedPCI phone CVV clearing service is called to clear any stored CVV values for the session. This call should be made only once for every phone call. This call is not required, the CVV will be cleared after it is used for the Authorize or Sale call or at the end of session expiry.

    A CVV clearing service call to HostedPCI requires the following parameters posted to the URL:

    http:///iSynSApp/manageCCMapPhoneAPI.action?cmd=clearcvv&userName=&userPassKey=&selectedPcsId=
    Parameter NameParameter value
    userNameAPI username from HostedPCI
    userPassKeyAPI passkey from HostedPCI
    cmdclearcvv
    selectedPcsId7 digit session id that was received when IVR session was created

    If the call is successful the following return parameters will be provided in a URL encoded result set:

    status=success&sessionId=125040&sessionType=ccmap&sessionStatus=open&sessionKey=2034025040&
    sessionTaskCount=1&sessionTask[1].type=sessionsetup&sessionTask[1].status=created&
    sessionTask[1].promptCode=created_entersession&sessionTask[1].completionCode=waiting&
    sessionTask[1].completionCode=waiting&sessionTask[1].exceptionMsg=&sessionTask[1].comment=&
    sessionTask[1].paramName=&sessionTask[1].paramValue=&sessionTask[1].createTS=
    Parameter NameParameter value
    Statussuccess|error
    Sessionid7 digit session id that is used to identify the IVR session
    sessionTypeCcmap
    sessionStatusopen|closed|terminate
    sessionKeySession key to be entered by the telephone operator over the phone call.
    sessionTaskCountTask count list for the session
    sessionTask.type sessionsetup| ccmapsetup | cccvvsetup
    sessionTask.statusCreated | success | failed
    sessionTask.promptCodeCreated_session | created_enterccnum | created_entercccvv
    sessionTask.completionCodewaiting | success | error
    sessionTask.exceptionMsgMessage for the exception
    sessionTask.commentComments
    sessionTask.createTSCreate time for the session

    Terminate Call Session Service

    HostedPCI phone session terminate service is called to terminate the phone session by administrator request. The phone session will be terminated when “#” key is entered on the phone session. This call should be made only once for every phone call. This call is not required, the call can progress to natural completion.

    A session termination service call to HostedPCI requires the following parameters posted to the URL:

    http:///iSynSApp/manageCCMapPhoneAPI.action?cmd=terminatesession&userName=&userPassKey=&selectedPcsId=
    Parameter NameParameter value
    userNameAPI username from HostedPCI
    userPassKeyAPI passkey from HostedPCI
    cmdterminatesession
    selectedPcsId7 digit session id that was received when IVR session was created

    If the call is successful the following return parameters will be provided in a URL encoded result set:

    status=success&sessionId=125040&sessionType=ccmap&sessionStatus=terminate&sessionKey=2034025040&
    sessionTaskCount=1&sessionTask[1].type=sessionsetup&sessionTask[1].status=created&
    sessionTask[1].promptCode=created_entersession&sessionTask[1].completionCode=waiting&
    sessionTask[1].completionCode=waiting&sessionTask[1].exceptionMsg=&sessionTask[1].comment=&
    sessionTask[1].paramName=&sessionTask[1].paramValue=&sessionTask[1].createTS=
    Parameter NameParameter value
    Statussuccess|error
    Sessionid7 digit session id that is used to identify the IVR session
    sessionTypeCcmap
    sessionStatusterminate
    sessionKeySession key to be entered by the telephone operator over the phone call.
    sessionTaskCountTask count list for the session
    sessionTask.type sessionsetup| ccmapsetup | cccvvsetup
    sessionTask.statusCreated | success | failed
    sessionTask.promptCodeCreated_session | created_enterccnum | created_entercccvv
    sessionTask.completionCodewaiting | success | error
    sessionTask.exceptionMsgMessage for the exception
    sessionTask.commentComments
    sessionTask.createTSCreate time for the session

    Phone API Error Codes

    The following status or error codes may be returned by HPCI Phone API calls. Errors will be returned in the sessionTask.exceptionMsg field.

    Status Codes / Messages

    MCMP_ACT_1 – Session created

    MCMP_ACT_3 – Session cleared, CVV removed from cache on request

    Errors Codes / Messages

    MCMP_ACT_2 – Packet replay error

    MCMP_ACT_4 – Phone session not found

    MCMP_ACT_5 – Unknown command

    Creating an API Passkey Through the HPCI Portal

    To create an individual user passkey, login to the production HPCI portal for the user name in question (the phone agent) and navigate to account  Update Passkey

    Enter the password of the agent again and click “Generate key”. You will get a success message.

    To view the passkey, enter the agent password again and click on “View key”. The key can be stored and used in the application used to generate call sessions through the API for the HostedPCI IVR solution.

    Dispatch Web Services API Guide

    The hostedPCI Dispatch Web Services API can be accessed by any ecommerce system that needs to submit credit card transactions to a 3rd party web service with the use of the HPCI credit card token. Tokens can be obtained through the implementation of the HPCI Express Iframe solution or the HPCI mobile page proxy solution. This document assumes that HPCI tokens have been generated and available for use with the HPCI Dispatch Web Service API.

    API Transaction services included in this document: DISPATCH

    Implementation Platforms



    HPCI Dispatch Web Service API can be used in any programming language that supports HTTPS calls. Examples include Java, PHP, and C #.Net.

    Setting up API Calls

    All API calls to HostedPCI are made over HTTPS to an HPCI hostname that will be provided to you during account setup. Parameters are passed to HCPI through standard the HTTPS POST method. Name-Value pairs are separated by & characters and are URL Encoded.

    Required Parameters for All API Calls

    • apiVersion, value “1.0.1”
    • apiType, value “pxyhpci”
    • userName, value [API UserId]
    • userPassKey, value [API Passkey]

    Specifying the Dispatch Profile Name

    Multiple dispatch endpoints can be setup with HPCI and specified per API call. Dispatch profile names can be specified with the parameter below. This parameter is required. Dispatch profile names must be pre-arranged with the HPCI team.

    • dispatchRequest.profileName, value [Name of Dispatch Profile to use]

    Reading Results from API Calls

    Once an HTTPS call is made to an HPCI Web Service API, results will be returned in standard Name-Value pair format with URL Encoded values.

    Credit Card Dispatch Transaction (DISPATCH)

    API Endpoint: http://HPCI_API_HOSTNAME/iSynSApp/paymentMsgDispatch.action

    Additional Required Parameters:

    Dispatch Content Related Parameters

    • dispatchRequest.contentType, value [Content type for the dispatch request to destination e.g: urlencode / xml / html / plain / json ]
    • dispatchRequest.request, value [Fully prepared message for delivery to destination with place holders for Credit Card and CVV tokens]
    • dispatchRequest.prefixRequest, value [Any prefix that needs to be prefixed to the request data e.g: Softvoyage needs xml as the prefix]

    Credit Card Token Related Parameters

    Token details are passed as parameters in an array, notated by [ ] array syntax. Repeat the following parameters for each token that is being processed.

    Where [x] starts at 0 and increases with each item added.

    • ccParamList[x].ccMsgToken, value  [Name of the place holder token for credit card number in the request message, e.g: %%CC1%%]
    • ccParamList[x].ccToken, value  [Tokenized CC value for the place holder value, this value is retrieved from the iframe]
    • ccParamList[x].cvvMsgToken, value [Name of the place holder token for CVV in the request message, e.g: %%CVV1%%]
    • ccParamList[x].cvvToken, value  [Tokenized CVV value for the place holder CVV]

    Header Related Parameters (Optional)

    HTTP Header values may also be sent to the destination along with the message payload. Details are passed as parameters in an array, notated by [ ] array syntax. Repeat the following parameters for each token that is being processed.

    Where [x] starts at 0 and increases with each item added.

    • headerList[x].strValue1, value  [Name of the header for destination]
    • headerList[x].strValue2, value  [Value of the header for destination]

    API Response Variables

    This API call responds with the following name-value pairs.

    • status, value [success | error]

    The Status response variable indicates if the API call is well formed, with an appropriate result. It does not guarantee a successful credit card transaction with a complete authorization or capture if the status is returned as success. Other parameters must be checked, see below

    • pxyResponse.responseStatus, value [approved I declined | error | review | dispatched]

    The transaction response considered successful for pxyResponse.responseStatus is the approved or dispatched status. Any other response should be considered an error. In case of an error transaction, the error code may be obtained as per the following response variable:

    • pxyResponse.responseStatus.code, value [alphanumeric code representing response]
    • pxyResponse.responseStatus.description, value [long description and informational text of response]
    • pxyResponse.dispatchResp, value [Dispatch response]

    The dispatch response variable contains the scrubbed response from the dispatch endpoint.

    File Dispatch Web Services API Guide

    The hostedPCI File Dispatch Web Services API can be accessed by any ecommerce or call centre system that need to submit files of credit card transactions to a 3rd party web service or processors with the use of the HPCI credit card token. Tokens can be obtained through the implementation of the HPCI Iframe solution or the HPCI IVR solution. This document assumes that HPCI tokens have been generated and available for use with the HPCI File Dispatch Web Service API.

    Implementation Platforms

    HPCI Dispatch Web Service API can be used in any programming language that supports HTTPS calls. Examples include Java, PHP, and C #.Net.

    Setting up API Calls

    All API calls to HostedPCI are made over HTTPS to an HPCI hostname that will be provided to you during account setup. Parameters are passed to HCPI through standard the HTTPS POST method. Name-Value pairs are separated by & characters and are URL Encoded.

    File Dispatch API Action URL

    “https://api-[venue name].c1.hostedpci.com/iSynSApp/paymentFileDispatch.action

    apiVersionThis parameter is required for making API calls to HPCI, and should be set to the value “1.0.1”
    apiTypeThis parameter is required for making API calls to HPCI, and this parameter should be set as “pxyhpci”
    userNameThis information is provided by HPCI and is required in order to determine which vault is being used.
    userPassKeyThis information is provided by HPCI and is required to confirm the vault that is being used.

    Specifying the File Dispatch Profile Name

    HostedPCI allows for multiple endpoints to be configured using our solution, and are specified using the profile name. The parameter listed below is required for all File Dispatch API calls made to HostedPCI.

    dispatchRequest.profileNamehis parameter is required for making API calls regardless of the number of profiles, and the “profile name ” must be pre-arranged with the HostedPCI team.

    Additional Required Parameters

    When using the File Dispatch API it is important to ensure that all required parameters are being used, if a required parameter is missing the API action will result in an error.

    File Dispatch Related Parameters

    dispatchRequest.contentTypeThis parameter provides details about the content type for the File Dispatch the request to the destination. Example: urlencode / xml / html / plain / json
    dispatchRequest.requestThis parameter is the fully prepared message for delivery to destination with place holders for Credit Card and CVV tokens

    Preparing and Sending Files to HostedPCI

    Sample File

    The layout and contents of a file will be decided between the customer and the 3rd party processor. HostedPCI only cares about the token field for mapping. Below is a basic example of a possible file. The type of file being sent also does not matter to HostedPCI as long as we know where to grab the token and place the credit card.

    Sample

    Card Number, Expiry, Amount
    4242000000104242, 05/16, 45.45
    4111000000301111, 09/17, 65.23
    4444000000051111, 10/18, 56.79

    Front End Processing

    Once the file is prepared it must be uploaded to the companies server in order to be sent to HostedPCI.

    jQuery("#filedispatchBtn").click(function(){
              
              var file = jQuery("#filedispatch_file").val();
              var blob = new Blob([file], { type: "text/plain"});
              
              var formData = new FormData();
              formData.append("tokenFile", blob, "data.csv");
              formData.append("dispatchRequest.destFileName", "data.csv");
              formData.append("dispatchRequest.profileName" , jQuery("#paymentProfile_filedispatch").val());
              
              jQuery.ajax({
              url: "FileDispatchServlet",
              type: "POST",
              data: formData,
              processData: false,  // tell jQuery not to process the data
              contentType: false   // tell jQuery not to set contentType
            }).done(function(data) {
              //Process the ajax call result..
            });  
      });

    Server to Server Call

    private static final String PXY_MSGDISPATCH = "/iSynSApp/paymentFileDispatch.action";
    private static final String PXYPARAM_APIVERSION = "apiVersion";
    private static final String PXYPARAM_APIVERSION_NUM = "1.0.1”;
    private static final String PXYPARAM_APITYPE = "apiType";
    private static final String PXYPARAM_APITYPE_PXYHPCI = "pxyhpci";
    private static final String PXYPARAM_DISPATCHREQUEST_PROFILENAME = "dispatchRequest.profileName";
    private static final String PXYPARAM_DISPATCHREQUEST_DESTFILENAME = "dispatchRequest.destFileName";
    private static final String PXYPARAM_USERNAME = "userName";
    private static final String PXYPARAM_USERPASSKEY = "userPassKey";
    public static String callUrl(String urlString, Map paramMap, String fileName,
          File dispatchFile) {
        
        String urlReturnValue = "";
        String charset = "UTF-8";
        
        String boundary = Long.toHexString(System.currentTimeMillis()); // Just generate some unique random value.
        String CRLF = "\r\n"; // Line separator required by multipart/form-data.
        try {
          URLConnection connection = new URL(urlString).openConnection();
          connection.setDoOutput(true);
          connection.setRequestProperty("Content-Type", "multipart/form-data; boundary=" + boundary);
          PrintWriter writer = null;
          try {
              OutputStream output = connection.getOutputStream();
              writer = new PrintWriter(new OutputStreamWriter(output, charset), true);
      
              // Send normal param.
              for (Entry paramEntry : paramMap.entrySet()) {
      
                writer.append("--" + boundary).append(CRLF);
                writer.append("Content-Disposition: form-data; name=\"" + paramEntry.getKey() + "\"").append(CRLF);
                writer.append("Content-Type: text/plain; charset=" + charset).append(CRLF);
                writer.append(CRLF);
                writer.append(paramEntry.getValue()).append(CRLF).flush();
              }
      
              // Send text file.
              writer.append("--" + boundary).append(CRLF);
              writer.append("Content-Disposition: form-data; name=\"tokenFile\"; filename=\"" + fileName +"\"").append(CRLF);
              writer.append("Content-Type: text/plain; charset=" + charset).append(CRLF);
              writer.append(CRLF).flush();
              BufferedReader reader = null;
              try {
                  reader = new BufferedReader(new InputStreamReader(new FileInputStream(dispatchFile), charset));
                  for (String line; (line = reader.readLine()) != null;) {
                      writer.append(line).append(CRLF);
                  }
              } finally {
                  if (reader != null) try { reader.close(); } catch (IOException logOrIgnore) {}
              }
              // End of multipart/form-data.
              writer.append("--" + boundary + "--").append(CRLF);
              writer.flush();
              
              // Get the response
              BufferedReader rd = new BufferedReader(new InputStreamReader(connection.getInputStream()));
              String line;
              while ((line = rd.readLine()) != null) {
                urlReturnValue = urlReturnValue + line;
              }
              rd.close();
          } finally {
              if (writer != null) writer.close();
          }    
        
        } catch (Exception e) {
          e.printStackTrace();
          urlReturnValue = "";
        }  
        return urlReturnValue;
      }
      
      private String dispatchOnly(String serviceUrl, String userName, String userPassKey, String fileName,
          String destFileName, File dispatchFile) {
        // make the remote call
        String callUrl = serviceUrl + PXY_MSGDISPATCH;
        
          // prepare the api call
        Map paramMap = new HashMap();
        paramMap.put(PXYPARAM_APIVERSION, PXYPARAM_APIVERSION_NUM);
        paramMap.put(PXYPARAM_APITYPE, PXYPARAM_APITYPE_PXYHPCI);
        paramMap.put(PXYPARAM_USERNAME, userName);
        paramMap.put(PXYPARAM_USERPASSKEY, userPassKey);
        paramMap.put(PXYPARAM_DISPATCHREQUEST_PROFILENAME, "DISPATCHEXAVAULT");
        if(destFileName != null && !destFileName.isEmpty())
          paramMap.put(PXYPARAM_DISPATCHREQUEST_DESTFILENAME, destFileName);
          
          logMessage("========================================================");
        logMessage("Make the call: " + callUrl);
        logMessage("Call payload: " + paramMap);
        String callResult = callUrl(callUrl, paramMap, fileName, dispatchFile);
        logMessage("Call result:" + callResult);
        
        // parse the url encoded key value pairs
        Map resultMap = DemoUtil.parseQueryString(callResult);
        
        // get the network call status
        String callStatus = resultMap.get(PXYRESP_CALL_STATUS);
        
        if (callStatus != null && callStatus.equals(PXYRESP_CALL_STATUS_SUCCESS)){ 
          logMessage("Successful transaction");
          authId = resultMap.get(PXYRESP_AUTH_ID);
          logMessage("Auth Ref Id:" + authId);
        }
        else {
          logMessage("Unsuccessful transaction");
          String statusCode = resultMap.get(PXYRESP_RESPSTATUS_CODE);
          String statusName = resultMap.get(PXYRESP_RESPSTATUS_NAME);
          String statusDesc = resultMap.get(PXYRESP_RESPSTATUS_DESCRIPTION);
          logMessage("Auth Status Code:" + statusCode);
          logMessage("Auth Status Name:" + statusName);
          logMessage("Auth Status Desc:" + statusDesc);
        }
        return callResult;
      }

    API Response Variables

    This API call responds with the following name-value pairs. The response being provided back is only of the upload success or failure there will be no status of the credit card processing.

    statusThe Status response variable indicates if the API call is well formed, with an appropriate result. It does not guarantee a successful credit card transaction with a complete authorization or capture if the status is returned as success. Other parameters must be checked, see below. The value will either be success or failure.
    pxyResponse.responseStatusThe transaction response considered successful for pxyResponse.responseStatus is the approved or dispatched status. Any other response should be considered an error. In case of an error transaction, the error code may be obtained as per the following response variables below. The possible values are either approved, declined, error, review and dispatched.
    authIdis an enteral number provided by HostedPCI for your records only.
    pxyResponse.processorTypeThis parameter provides you with the type of response being provided, the value will always be fileDispatchResponse
    pxyResponse.fileRowCountThis parameter provides you with an update on how many columns have been provided within the file. This will indicated how many tokens were provided to HostedPCI.
    pxyResponse.responseStatus.codeThis parameter provides you with an alphanumeric code that can assist with understanding the response being provided back as well as debugging.
    pxyResponse.responseStatus.descriptionThis parameter will provide a brief description of the response being provided, which can assist with any errors that may occur.
    pxyResponse.dispatchRespThe dispatch response variable contains the scrubbed response from the dispatch endpoint, the value will be dispatch response.

    Gateway Parameter Guide

    Acapture

    Acapture services were integrated by HostedPCI in 2017, we support the following credit card processing features by Acapture.

    URL: https://www.acapture.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    User ID
    Password
    Entity ID

    Adyen

    Adyen services were integrated by HostedPCI since 2015, we support the following credit card processing features provided by Adyen.

    URL: https://www.adyen.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    wsUser
    wsPassword
    Merchant ID

    Authorize.net

    Authorize.net services were integrated by HostedPCI since 2010, we support the following credit card processing features by Authorize.Net.

    URL: https://www.authorize.net/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Login ID
    Transaction Key

    Bambora (Beanstream)

    Bambora services were integrated by HostedPCI since 2013, we support the following credit card processing features provided by Bambora.

    URL: https://www.bambora.com/en/ca/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    User ID
    Password
    Merchant ID

    Braintree

    Braintree services were integrated by HostedPCI in 2016, we support the following credit card processing features by Braintree.

    URL: https://www.braintreepayments.com/en-ca

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Merchant ID
    Public Key
    Private Key

    CardConnect

    CardConnect services were integrated by HostedPCI in 2015, we support the following credit card processing features by CardConnect.

    URL: https://cardconnect.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Username
    Password
    Merchant ID
    Terminal ID
    URL Prefix

    CenPOS

    CenPOS services were integrated by HostedPCI since 2014, we support the following credit card processing features by CenPOS.

    URL: https://www.cenpos.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Username
    Password
    Merchant

    Charge Logic

    Charge Logic services were integrated by HostedPCI since 2017, we support the following credit card processing features provided by Charge Logic.

    URL: https://www.chargelogic.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    StoreNo
    APIKey
    ApplicationNo
    ApplicationVersion

    Chase Payment Batch

    Chase Payment Batch services  were integrated by HostedPCI since 2016, we support the following credit card processing features provided by Chase Payment Batch.

    URL:  https://www.chase.ca/en

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    SFTP Username
    SFTP Password
    PGP Private Key
    PGP Private Key Pass Phrase

    Chase Paymentech (Tampa and Salem)

    Chase Paymentech services were integrated by HostedPCI since 2011, we support the following credit card processing features by Chase Paymentech.

    URL: https://en.chasepaymentech.ca/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Merchant ID
    Bin
    Terminal ID
    Supported Parameters pxyOrder.shippingReference (Shipping Reference)

    In order for Payments to be delivered to Chase clients have to whitelist our Submitter ID on your merchant account.

    Submitter ID: 980491

    CyberSource

    CyberSource services were integrated by HostedPCI since 2009, we support the following credit card processing features by CyberSource.

    URL: https://www.cybersource.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Username
    Password
    PGP Private Key
    PGP Private Key Password
    Merchant ID
    P12 Certificate name
    SSL Key
    Store Name

    DataCash

    DataCash services were integrated by HostedPCI in 2016, we support the following credit card processing features by DataCash.

    URL: http://www.mastercard.com/gateway/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Client ID
    Password

    Divitia

    Divitia Global services  were integrated by HostedPCI since 2015, we support the following credit card processing features provided by Divitia Global.

    URL: https://www.divitia.com.au/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    VID
    Password
    Track ID

    Dlocal

    Dlocal services  were integrated by HostedPCI since 2018, we support the following credit card processing features provided by Dlocal.

    URL: https://dlocal.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Merchant xLogin
    Merchant xTransKey
    Secret Key
    Notification_url
    Supported ParameterspxyCustomerInfo.officialDocNumber   (Tax IDs for Brazil and Mexico)

    pxyTransaction.merchantProductName  (Product name that will appear on statement )

    pxyOrder.description    (Description of charge )

    Eigen

    Eigen services were integrated by HostedPCI since 2013, we support the following credit card processing features by Eigen.

    URL: https://www.eigenpayments.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Terminal ID
    Hash Password

    Elavon

    Elavon services were integrated by HostedPCI in 2016, we support the following credit card processing features by Elavon.

    URL: https://www.elavon.com/index.html

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Merchant ID
    User ID
    PIN

    First Data (Global Gateway)

    First Data Global Gateway services were integrated by HostedPCI, we support the following credit card processing features by First Data Global Gateway.

    URL: https://www.firstdata.com/en_ca/home.html

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Gateway ID
    Gateways Password

    First Data Payeezy

    First Data Payeezy services were integrated by HostedPCI in 2016, we support the following credit card processing features.

    URL: https://www.firstdata.com/en_us/all-features/payeezy.html

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    API Key
    API Secret
    Merchant Token

    First Data Virtual Terminal

    First Data Virtual Terminal (previouisly knows as Linkpoint) services were integrated by HostedPCI since 2012, we support the following credit card processing features by First Data Virtual Terminal.

    URL: https://www.firstdata.com/en_ca/home.html

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    P.12 certificate

    Global Collect

    Global Collect services were originally integrated by HostedPCI in 2013, However we have recently updated our API integration.

    URL: http://www.globalcollect.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    API Key ID
    Secret API Key
    Merchant ID
    Supported ParameterspxyCustomerInfo.birthDate   (Customer’s Birth Date)

    pxyCustomerInfo.billingLocation.title    (Billing Title)

    pxyCustomerInfo.shippingLocation.title   (Shipping Title)

    Global Payments (Realex)

    Global Payment services were integrated by HostedPCI since 2019, we support the following credit card processing features provided by Global Payment.

    URL: https://www.afex.com/canada/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Merchant ID
    Shared Secret
    Refund Password (Not enabled by default)

    Helcim Payment Gateway

    Helcim services were integrated by HostedPCI since 2014, we support the following credit card processing features provided by Helcim.

    URL: https://www.helcim.com/ca/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Merchant ID
    Token

    iATS Payments

    iATS Payments services were integrated by HostedPCI since 2013, we support the following credit card processing features provided by iATS.

    URL: http://home.iatspayments.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    User ID
    Password

    Ingenico Payment Services

    Ingenico services were integrated by HostedPCI since 2012, we support the following credit card processing features provided by Ingenico Payment Services.

    URL: https://www.ingenico.com

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    User ID
    Password
    PSP ID

    iPay/Planet Pay

    iPay services were integrated by HostedPCI since 2011, we support the following credit card processing features provided by iPay.

    URL: http://www.planetpayment.com/ipay-gateway/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Username
    Password
    Terminal ID

    Klik & Pay

    Klik & Pay services were integrated by HostedPCI in 2017, we support the following credit card processing features.

    URL: http://klikandpay.com/en/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Account ID
    Private Key

    Moneris

    Moneris services were integrated by HostedPCI since 2012, we support the following credit card processing features by Moneris.

    URL: https://www.moneris.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Store ID
    API token

    MundiPagg (Brazil)

    Mundipagg services were integrated by HostedPCI in 2015, we support the following credit card processing features by Mundipagg.

    URL: https://www.mundipagg.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Merchant Key
    Supported Parameters
    pxyCustomerInfo.gender    (Customer’s Gender)

    pxyCustomerInfo.officialDocNumber    (Official Document Number)

    pxyOrder.itemId    (Order Item ID)

    pxyOrder.unitCostInCents, pxyOrder.totalCostInCents    (Unit Price in Cents, Total Cost in Cents)

    NetBilling

    NetBilling services were integrated by HostedPCI since 2015, we support the following credit card processing features provided by NetBillings.

    URL: https://www.netbilling.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Account ID
    Affiliate ID
    Site ID

    Network Merchants (NMI)

    Network Merchants (NMI) services were integrated by HostedPCI since 2012, we support the following credit card processing features by Network Merchants.

    URL: https://www.nmi.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Username
    Password

    NPC Skipjack

    NPC Skipjack services were integrated by HostedPCI since 2014, we support the following credit card processing features provided by NPC Skipjack.

    URL: http://www.skipjack.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Serial Number
    Developer Serial Number

    Optimal Payments

    Optimal Payments services were integrated by HostedPCI since 2013, we support the following credit card processing features provided by Optimal Payments.

    URL: https://www.paysafe.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Store ID
    Store Password
    Merchant Account Number

    PayPal PayFlow Pro

    PayFlow Pro services were integrated by HostedPCI since 2009, we support the following credit card processing features by PayFlow Pro.

    URL: https://www.paypal.com/ca/home

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    PayPal username
    PayPal password
    Vender name
    Partner name

    PayPal Website Payment Pro

    Paypal Website Payment Pro was integrated by HostedPCI since 2013, we support the following credit card processing features provided by Website Payment Pro.

    URL: https://www.paypal.com/ca/home

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    API username
    API password
    Signature

    PayU

    PayU services were integrated by HostedPCI since 2016, we support the following credit card processing features provided by PayU.

    URL: https://corporate.payu.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    API Login
    API Key
    Merchant ID
    Account ID
    Supported ParameterspxyTransaction.txnFingerPrintData    (Device Session ID)

    pxyTransaction.txnInstallmentCount    (The number of installments)

    pxyCustomerInfo.sessionId    (Transaction Cookie)

    Prism Pay

    Prism Pay services were integrated by HostedPCI since 2011, we support the following credit card processing features by Prism Pay.

    URL: http://www.prismpay.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Account ID
    Merchant PIN
    Sub Account ID

    ProPay

    ProPay services were integrated by HostedPCI since 2015, we support the following credit card processing features by ProPay.

    URL: https://www.propay.com/Canada/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Account Number
    Certification String

    PSI Gate

    PSI Gate services were integrated by HostedPCI since 2011, we support the following credit card processing features by PSI Gate.

    URL: https://www.psigate.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Store ID
    Passphrase
    Custom Merchant Ref.

    Redecard (Brazil)

    Redecard services were integrated by HostedPCI since 2015, we support the following credit card processing features provided by Redecard.

    URL: https://www.userede.com.br/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Filiacao

    Redsys

    Redsys services were integrated by HostedPCI since 2015, we support the following credit card processing features provided by Redsys.

    URl: http://www.redsys.es/en/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Username
    PasswordS
    Terminal

    SafeCharge

    SafeCharge services were integrated by HostedPCI since 2018, we support the following credit card processing features provided by SafeCharge.

    URL: https://www.safecharge.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Merchant ID
    Merchant Key
    Supported Parameters
    pxyTransaction.merchantPhoneNum    (Display phone number on the clients statement)

    pxyCustomerInfo.browserUserAgentHeader    (The customers browsers header)

    Sage Payments

    Sage Payment services were integrated by HostedPCI since 2017, we support the following credit card processing features by Sage Payments.

    URL: http://www.sage.com/ca/sage-payment-solutions

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Merchant ID
    Merchant Key

    Stripe

    Stripe services were integrated by HostedPCI since 2013, we support the following credit card processing features by Stripe.

    URL: https://stripe.com/ca

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Secret Key

    Transfirst Payment Gateway

    TransFirst services were integrated by HostedPCI since 2014, we support the following credit card processing features by TransFirst.

    URL: http://www.tsys.com/solutions/products-services/merchant/products/payment-gateway/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    TransFirst Express RegKey
    Express Gateway ID
    Merchant Account ID

    TrustCommerce

    TrustCommerce services were integrated by HostedPCI since 2019, we support the following credit card processing features provided by TrustCommerce.

    URL: https://www.trustcommerce.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization
    Authentication and security credentials
    Customer ID
    Password

    USA ePay

    USAePay services were integrated by HostedPCI since 2017, we support the following credit card processing features by USAePay.

    URL: https://usaepay.info/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Source Key
    Pin

    Vantiv

    Vantiv services were integrated by HostedPCI since 2017, we support the following credit card processing features by Vantiv.

    URL: https://www.vantiv.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization

    Authentication and security credentials
    Account ID
    Account Token
    Accepter ID
    Terminal ID
    Application ID

    Vantiv Litle

    Vantiv Litle services were integrated by HostedPCI since 2017, we support the following credit card processing features by Vantiv Litle.

    URL:  https://www.vantiv.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Gateway Tokenization

    Authentication and security credentials
    Username
    Password
    Merchant ID
    Supported ParameterspxyTransaction.txnExtraParam1     (Additional parameter)

    pxyTransaction.processorRefId    (Required for refunds and voids only)

    pxyThreeDSecAuth.paRes    (Used for making 3DS checks)

    pxyThreeDSecAuth.authTxnId    (Required for using 3DS)

    pxyCustomerInfo.profileGatewayId    (Gateway ID)

    WireCard

    Wire Cardservices were integrated by HostedPCI since 2014, we support the following credit card processing features provided by WireCard.

    URL: https://www.wirecard.com/

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Username
    Password
    Merchant Account ID

    World Pay (SecureNet)

    SecureNet services were integrated by HostedPCI since 2011, we support the following credit card processing features by SecureNet.

    URL: http://www.worldpay.com/us

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Secure ID
    Secure Key
    Supported ParameterspxyOrder.invoiceNumber    (Invoice Number)

    World Pay (XML Direct)

    World Pay services were integrated by HostedPCI since 2012, we support the following credit card processing features by World Pay.

    URL: http://www.worldpay.com/us

    Implemented Features
    Auth
    Sale (Auth + Capture)
    Capture
    Void
    Credit
    Authentication and security credentials
    Username
    Password
    Supported ParameterspxyCustomerInfo.sessionId    (World Pay Session ID)

    Salesforce Documentation

    Installing the HostedPCI App

    HostedPCI is now on the Salesforce AppExchange, where you can download our Salesforce iFrame as well as our IVR solution to accept your credit card information securely while still keeping everything organized within Salesforce.

    The HostedPCI App can be installed from the Salesforce AppExchange. Login into your Salesforce account a proceed to the AppExchange, once there search for HostedPCI and select “Get it Now”. When installing the HostedPCI App please ensure it is being installed in production and not in the sandbox.

    Configuring the HostedPCI Salesforce App

    Once the HostedPCI App is installed you can begin configuring the number of users you would like to have access to the App. There are 3 main options for configuring your users, You can either configure one specific user or for all users, you can also select to Admin users only. The next step in to the configuration process is ensuring to select SSL encrypted as well as grant access to these third-party websites.

    Once that is done, login into your Salesforce account to finish the configuration, proceed to “Set Up” under your account name. Then go to the Administration panel on the left hand side, scroll down and select develop, and within the the develop menu select “Sites”. Once there select “Labels”, go to “Public Access Settings”, scroll down, and under “Enabled Visualforce Page Access” section click on “Edit”. Select “ThreeDSecPin”, “HostedPCICheckoutMsg” from the left list, click “Add” > “Save”. To complete the configuration process click “Edit” under profile details, scroll down and under “Custom Object Permissions”, enable “Read, Create, Delete, Edit” for Payments and Tokens object. Click “Save”.

    Manual Installation

    Payment Terminal

    Payment Terminal Tab is a HomeTab for HostedPCIApp.

    • Salesforce requests a new iframe from HostedPCI.
    • HostedPCI verifies the website and webpage are correct.
    • HostedPCI sends the iframe to the Salesforce page.
    • User fills the payment form and clicks “Submit”.
    • Iframe is being sent back to HostedPCI for tokenization of the credit card.
    • Token is delivered back to the form and populates all the required hidden fields (CC, CVV and BIN numbers) in the form.
    • Form submits payment request with credit card token, cvv token, expiry date and amount.
    • HostedPCI submits payment request with real credit card, real cvv, expiry date and amount.
    • HostedPCI gets the payment response from the bank.
    • HostedPCI sends the response along with other information back to the Salesforce site.
    • Salesforce page can then collect the response with all the information and display it back to the user.
    Token Tab

    A user can see tokens stored in the database as well related payments.

    Payments

    A user can see transactions history.

    Call Center

    • The customer calls into your call centre
    • Your customer service representative (CSR) will begin the process by gathering the customers order as well the additional information needed
    • Once the customer is ready to enter their credit card information the CSR will then explain to the customer that they are going to make a 3-way call to a secure credit card processing system for them to enter their card number in.
    • At this time the CSR will create a new session on the HostedPCI to gather the session key needed to begin the IVR call.
    • Once the IVR call is made and the session key is inserted the CSR will insert the customer into the 3-way call
    • The customer will be prompted to enter their card information by the IVR, the difference with our system is that the customer is never separated from the CSR.
    • When the customer is finished entering their card information the CSR will end the 3-way call with the IVR and continue with the rest of the call.
    • Once the session is finished a token will pop up on the CSR’s screen which can then be used to finish the transaction.

    HostedPCI Settings

    Used for HostedPCI App configurations.

    Prerequisites

    Installation

    • Download and unzip Salesforce.com.zip file .
    • Open build.properties file in path_to_unzipped_file/deploy.
    • Enter your login credentials for Salesforce.com.If your password is XXX and security Token is 123 then sf.password = XXX123
    sf.username = your_username
    sf.password = your_password

    Windows

    • Open Command Prompt.
    cd path_to_unzipped_file
    cd deploy
    ant

    Macs

    • Open Terminal
    $cd path_to_unzipped_file
    $cd ./deploy
    $ant

    • Login into your Salesforce Org.
      Go to “Setup”.
    • In the “Administration” panel on the left go to “Manage Users” > “Permission Sets”.
      In the “Permission Sets” list on the right click “HostedPCI Developer”.
    • On the right click “Manage Assignments”.
    • On the right choose a user(s) you want to assign the app to.A user must have the permission of using apps.
    • Click “Add Assignments”.
    • Click “Done”.
    • In the AppMenu on the top right click “HostedPCI”.

    Public Website

    Prerequisites

    In order to use public web site ,”Sites” feature have to be enabled in your Salesforce Org.

    Installation

    • Login into your Salesforce Org.
      Go to “Setup”.
    • In the “Administration” panel on the left go to “Develop” > “Sites”.
    • On the right click “New”.
    • Enter site details, for the “Active Site Home Page” select “HostedPCICheckout” page.
    • Go to “Sites”. Click on the “Site Label”.
    • Click on “Public Access Settings” . Scroll down, under “Enabled Visualforce Page Access” section click on “Edit”. Select “ThreeDSecPin”,”HostedPCICheckoutMsg” from the left list, click “Add” > “Save”.
    • Click “Edit” under profile details, scroll down and under “Custom Object Permissions”, enable “Read, Create, Delete, Edit” for Payments and Tokens object.
    • Click “Save”.

    Common error codes

    Error CodeDescription
    PPA_ACT_1User not logged-in, please check the user name and passkey are valid
    PPA_ACT_2Invalid version, please use the correct version
    PPA_ACT_3Too many mapping failures, contact HPCI admin
    PPA_ACT_4SSL Required for the request, please https to submit the request
    PPA_ACT_5Credit card mapping failure, please make sure only mapped credit card numbers are used for the request
    PPA_ACT_6Payment gateway not configured for the currency, please contact HPCI to setup the correct gateway details
    PPA_ACT_7Credit card operation failed, please check the gateway specific return codes
    PPA_ACT_8Invalid amount, please check the amount sent
    PPA_ACT_9Dependent credit card operation not found, please provide the correct reference number for the dependent transaction
    PPA_ACT_10Unknown error, please contact HPCI
    PPA_ACT_11Invalid operation, please verify the request
    PPA_ACT_12Required parameter missing, please make sure missing parameter is provided
    PPA_ACT_13CVV mapping failed, please verify the request
    PPA_ACT_14Invalid expiry, please verify credit card expiry
    PPA_ACT_15Credit card payment failed
    PPA_ACT_16Used a duplicate transaction for the same reference number
    PPA_ACT_17Credit card payment declined
    PPA_ACT_18CC Token expired
    PGT_SER_1Unknown provider.
    PGT_SER_2Could not auth.
    PGT_SER_3Could not void
    PGT_SER_4Could not find
    PGT_SER_5Processing transaction
    PGT_SER_6Not implemented
    PGT_SER_7Capture not found.
    PGT_SER_8Points system not enabled
    PGT_SER_9Gateway parameter is missing. Please review the additional response fields for more details.
    PGT_SER_10Parameter not supported
    PGT_SER_11Result empty
    PGT_SER_12Could not initialize
    PGT_SER_13Invalid amount
    PGT_SER_14Unknown Auth transaction
    PGT_SER_15Unknown Sale transaction
    PGT_SER_16Unknown Void transaction
    PGT_SER_17Unknown Capture transaction
    PGT_SER_18Unknown Credit transaction
    PGT_SER_19Could not complete credit
    PGT_SER_20Call timeout
    PGT_SER_21Unknown lookup exception
    PGT_SER_22Preprocessor filter transaction rejected. Custom rule invoked.
    PGT_SER_23Could not tokenize
    PGT_SER_24Could not capture
    PGT_SER_25Processing mode not supported
    MCC_1iFRAME error, Credit card not valid
    MCC_2IFRAME error, CVV not valid
    AMC_ACT_2This error is a packet replay error. This happens when a user has attempted to resubmit a form multiple times, it is usually through the use of back button.
    URU_3This error means that the socked timeout, this can occur because there is a temporary issue with the payment gateway.

    Java Samples

    Other Samples

    package com.isyn.app.payment;
    import java.io.BufferedReader;
    import java.io.InputStreamReader;
    import java.io.OutputStreamWriter;
    import java.io.UnsupportedEncodingException;
    import java.net.URL;
    import java.net.URLConnection;
    import java.net.URLDecoder;
    import java.net.URLEncoder;
    import java.text.DecimalFormat;
    import java.util.HashMap;
    import java.util.Map;
    @SuppressWarnings("unused")
    public class ProxyHPCIProcessorApp {
      // define service constants
      private static final String PXY_AUTH = "/iSynSApp/paymentAuth.action";
      private static final String PXY_SALE = "/iSynSApp/paymentSale.action";
      private static final String PXY_CAPTURE = "/iSynSApp/paymentCapture.action";
      private static final String PXY_CREDIT = "/iSynSApp/paymentCredit.action";
      private static final String PXY_VOID = "/iSynSApp/paymentVoid.action";
      private static final String PXYPARAM_APIVERSION = "apiVersion";
      private static final String PXYPARAM_APITYPE = "apiType";
      private static final String PXYPARAM_APITYPE_PXYHPCI = "pxyhpci";
      private static final String PXYPARAM_USERNAME = "userName";
      private static final String PXYPARAM_USERPASSKEY = "userPassKey";
      private static final String PXYPARAM_PXY_TRANSACTION_CUSISO = "pxyTransaction.txnCurISO";
      private static final String PXYPARAM_PXY_TRANSACTION_AMOUNT = "pxyTransaction.txnAmount";
      private static final String PXYPARAM_PXY_TRANSACTION_MER_REFID_NAME = "pxyTransaction.merchantRefIdName";
      private static final String PXYPARAM_PXY_TRANSACTION_MER_REFID = "pxyTransaction.merchantRefId";
      private static final String PXYPARAM_PXY_TRANSACTION_PROCESSOR_REFID = "pxyTransaction.processorRefId";
      private static final String PXYPARAM_PXY_CC_CARDTYPE = "pxyCreditCard.cardType";
      private static final String PXYPARAM_PXY_CC_NUMBER = "pxyCreditCard.creditCardNumber";
      private static final String PXYPARAM_PXY_CC_EXPMONTH = "pxyCreditCard.expirationMonth";
      private static final String PXYPARAM_PXY_CC_EXPYEAR = "pxyCreditCard.expirationYear";
      private static final String PXYPARAM_PXY_CC_CVV = "pxyCreditCard.cardCodeVerification";
      private static final String PXYPARAM_PXY_CUSTINFO_CUSTOMERID = "pxyCustomerInfo.customerId";
      private static final String PXYPARAM_PXY_CUSTINFO_EMAIL = "pxyCustomerInfo.email";
      private static final String PXYPARAM_PXY_CUSTINFO_INSTR = "pxyCustomerInfo.instructions";
      private static final String PXYPARAM_PXY_CUSTINFO_CUSTIP = "pxyCustomerInfo.customerIP";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_FIRSTNAME = "pxyCustomerInfo.billingLocation.firstName";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_LASTNAME = "pxyCustomerInfo.billingLocation.lastName";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_COMPANYNAME = "pxyCustomerInfo.billingLocation.companyName";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_ADDRESS = "pxyCustomerInfo.billingLocation.address";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_CITY = "pxyCustomerInfo.billingLocation.city";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_STATE = "pxyCustomerInfo.billingLocation.state";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_ZIPCODE = "pxyCustomerInfo.billingLocation.zipCode";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_COUNTRY = "pxyCustomerInfo.billingLocation.country";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_PHONENUMBER = "pxyCustomerInfo.billingLocation.phoneNumber";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_FAX = "pxyCustomerInfo.billingLocation.fax";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_TAX1 = "pxyCustomerInfo.billingLocation.tax1";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_TAX2 = "pxyCustomerInfo.billingLocation.tax2";
      private static final String PXYPARAM_PXY_CUSTINFO_BILLADDR_TAX3 = "pxyCustomerInfo.billingLocation.tax3";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_FIRSTNAME = "pxyCustomerInfo.shippingLocation.firstName";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_LASTNAME = "pxyCustomerInfo.shippingLocation.lastName";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_COMPANYNAME = "pxyCustomerInfo.shippingLocation.companyName";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_ADDRESS = "pxyCustomerInfo.shippingLocation.address";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_CITY = "pxyCustomerInfo.shippingLocation.city";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_STATE = "pxyCustomerInfo.shippingLocation.state";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_ZIPCODE = "pxyCustomerInfo.shippingLocation.zipCode";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_COUNTRY = "pxyCustomerInfo.shippingLocation.country";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_PHONENUMBER = "pxyCustomerInfo.shippingLocation.phoneNumber";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_FAX = "pxyCustomerInfo.shippingLocation.fax";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_TAX1 = "pxyCustomerInfo.shippingLocation.tax1";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_TAX2 = "pxyCustomerInfo.shippingLocation.tax2";
      private static final String PXYPARAM_PXY_CUSTINFO_SHIPADDR_TAX3 = "pxyCustomerInfo.shippingLocation.tax3";
      private static final String PXYPARAM_PXY_ORDER_INVNUM = "pxyOrder.invoiceNumber";
      private static final String PXYPARAM_PXY_ORDER_DESC = "pxyOrder.description";
      private static final String PXYPARAM_PXY_ORDER_TOTALAMT = "pxyOrder.totalAmount";
      private static final String PXYPARAM_PXY_ORDER_SHIPPINGAMT = "pxyOrder.shippingAmount";
      private static final String PXYPARAM_PXY_ORDER_ORDERITEMS = "pxyOrder.orderItems[";
      private static final String PXYPARAM_PXY_ORDER_ORDERITEM_ID = "].itemId";
      private static final String PXYPARAM_PXY_ORDER_ORDERITEM_NAME = "].itemName";
      private static final String PXYPARAM_PXY_ORDER_ORDERITEM_DESC = "].itemDescription";
      private static final String PXYPARAM_PXY_ORDER_ORDERITEM_QTY = "].itemQuantity";
      private static final String PXYPARAM_PXY_ORDER_ORDERITEM_PRICE = "].itemPrice";
      private static final String PXYPARAM_PXY_ORDER_ORDERITEM_TAXABLE = "].itemTaxable";
      private static final String PXYRESP_CALL_STATUS = "status";
      private static final String PXYRESP_RESPONSE_STATUS = "pxyResponse.responseStatus";
      private static final String PXYRESP_PROCESSOR_REFID = "pxyResponse.processorRefId";
      private static final String PXYRESP_RESPSTATUS_NAME = "pxyResponse.responseStatus.name";
      private static final String PXYRESP_RESPSTATUS_CODE = "pxyResponse.responseStatus.code";
      private static final String PXYRESP_RESPSTATUS_DESCRIPTION = "pxyResponse.responseStatus.description";
      private static final String PXYRESP_CALL_STATUS_SUCCESS = "success";
      private static final String PXYRESP_CALL_STATUS_ERROR = "error";
      private static final String PXYRESP_CALL_ERRID = "errId";
      private static final String PXYRESP_CALL_ERRMSG = "errMsg";
      private static final String PXYRESP_RESPONSE_STATUS_APPROVED = "approved";
      private static final String PXYRESP_RESPONSE_STATUS_DECLINED = "declined";
      private static final String PXYRESP_RESPONSE_STATUS_ERROR = "error";
      private static final String PXYRESP_RESPONSE_STATUS_REVIEW = "review";
      // define constructor
      public ProxyHPCIProcessorApp() {
        logMessage("Init proxy processor");
      }
      public static void logMessage(String msg) {
        System.out.println(msg);
      }
      public static String callUrl(String urlString, Map<string, string=""> paramMap) {
        String urlReturnValue = "";
        try {
          // Construct data
          StringBuffer dataBuf = new StringBuffer();
          boolean firstParam = true;
          for (String paramKey : paramMap.keySet()) {
            if (!firstParam) dataBuf.append("&");
            dataBuf.append(URLEncoder.encode(paramKey, "UTF-8")).append("=")
            .append(URLEncoder.encode(paramMap.get(paramKey), "UTF-8"));
            firstParam = false;
          }
          String data = dataBuf.toString();
          // Send data
          URL url = new URL(urlString);
          URLConnection conn = url.openConnection();
          conn.setDoOutput(true);
          OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
          wr.write(data);
          wr.flush();
          // Get the response
          BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
          String line;
          wh ile ((line = rd.readLine()) != null) {
            urlReturnValue = urlReturnValue + line;
          }
          wr.close();
          rd.close();
        } catch (Exception e) {
          e.printStackTrace();
          urlReturnValue = "";
        }
        return urlReturnValue;
      } //END: callUrl
      public static Map<string, string=""> parseQueryString(String queryStr) {
        Map<string, string=""> map = new HashMap<string, string="">();
        if (queryStr == null)
          return map;
        String[] params = queryStr.split("&");
        for (String param : params) {
          String name = "";
          String value = "";
          String[] paramPair = param.split("=");
          if (paramPair != null && paramPair.length > 0) {
            name = paramPair[0];
            if (paramPair.length > 1 && paramPair[1] != null) {
              try {
                value = URLDecoder.decode(paramPair[1], "UTF-8");
              } catch (UnsupportedEncodingException e) {
                logMessage("Could not decode:" + paramPair[1]);
              }
            }
          }
          map.put(name, value);
        }
        return map;
      } //END: parseQueryString
      private String amountToAuthStr = "4.25";
      public String authOnly(String serviceUrl, String userName, String passKey, String mappedCCNum, String merchatTxnRef) throws Exception {
        // if the authorization request id
        String resultCode = "";
        logMessage("amountToAuthStr:" + amountToAuthStr);
        // make the remote call
        String callUrl = serviceUrl + PXY_AUTH;
        // prepare the mapped month and year
        Map<string, string=""> paramMap = new HashMap<string, string="">();
        paramMap.put(PXYPARAM_APIVERSION, "1.0.1");
        paramMap.put(PXYPARAM_APITYPE, PXYPARAM_APITYPE_PXYHPCI);
        paramMap.put(PXYPARAM_USERNAME, userName);
        paramMap.put(PXYPARAM_USERPASSKEY, passKey);
        paramMap.put(PXYPARAM_PXY_CC_CARDTYPE, "visa");
        paramMap.put(PXYPARAM_PXY_CC_NUMBER, mappedCCNum);
        paramMap.put(PXYPARAM_PXY_CC_EXPMONTH, "10");
        paramMap.put(PXYPARAM_PXY_CC_EXPYEAR, "2014");
        paramMap.put(PXYPARAM_PXY_CC_CVV, "123");
        paramMap.put(PXYPARAM_PXY_TRANSACTION_AMOUNT, amountToAuthStr);
        paramMap.put(PXYPARAM_PXY_TRANSACTION_CUSISO, "USD");
        paramMap.put(PXYPARAM_PXY_TRANSACTION_MER_REFID, "merRef:" + merchatTxnRef);
        paramMap.put(PXYPARAM_PXY_CUSTINFO_EMAIL, "hpcitest1@mailinator.com");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_CUSTOMERID, "hpcitest1");
        // setup addresses
        paramMap.put(PXYPARAM_PXY_CUSTINFO_BILLADDR_FIRSTNAME, "FirstName");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_BILLADDR_LASTNAME, "LastName");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_BILLADDR_ADDRESS, "123 Elm Street");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_BILLADDR_CITY, "Beverly Hills");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_BILLADDR_STATE, "CA");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_BILLADDR_ZIPCODE, "90210");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_BILLADDR_COUNTRY, "US");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_SHIPADDR_FIRSTNAME, "FirstName");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_SHIPADDR_LASTNAME, "LastName");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_SHIPADDR_ADDRESS, "123 Elm Street");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_SHIPADDR_CITY, "Beverly Hills");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_SHIPADDR_STATE, "CA");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_SHIPADDR_ZIPCODE, "90210");
        paramMap.put(PXYPARAM_PXY_CUSTINFO_SHIPADDR_COUNTRY, "US");
        // following are optional parameters
        paramMap.put(PXYPARAM_PXY_CUSTINFO_CUSTIP, "173.32.21.248");
        paramMap.put(PXYPARAM_PXY_ORDER_INVNUM, "Order:" + merchatTxnRef);
        paramMap.put(PXYPARAM_PXY_ORDER_DESC, "Test Order");
        paramMap.put(PXYPARAM_PXY_ORDER_TOTALAMT, amountToAuthStr);
        // paramMap.put(PXYPARAM_PXY_ORDER_SHIPPINGAMT, "1.00");
        // item 1
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "0" + PXYPARAM_PXY_ORDER_ORDERITEM_ID, "Item-1-" + merchatTxnRef);
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "0" + PXYPARAM_PXY_ORDER_ORDERITEM_NAME, "Item-Name1");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "0" + PXYPARAM_PXY_ORDER_ORDERITEM_DESC, "Item Description 1");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "0" + PXYPARAM_PXY_ORDER_ORDERITEM_QTY, "1");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "0" + PXYPARAM_PXY_ORDER_ORDERITEM_PRICE, "2.00");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "0" + PXYPARAM_PXY_ORDER_ORDERITEM_TAXABLE, "N"); // Y/N
        // item 2
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "1" + PXYPARAM_PXY_ORDER_ORDERITEM_ID, "Item-2-" + merchatTxnRef);
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "1" + PXYPARAM_PXY_ORDER_ORDERITEM_NAME, "Item-Name2");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "1" + PXYPARAM_PXY_ORDER_ORDERITEM_DESC, "Item Description 2");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "1" + PXYPARAM_PXY_ORDER_ORDERITEM_QTY, "1");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "1" + PXYPARAM_PXY_ORDER_ORDERITEM_PRICE, "1.25");
        paramMap.put(PXYPARAM_PXY_ORDER_ORDERITEMS + "1" + PXYPARAM_PXY_ORDER_ORDERITEM_TAXABLE, "N"); // Y/N
        logMessage("Make the call: " + callUrl);
        String callResult = callUrl(callUrl, paramMap);
        logMessage("Call result:" + callResult);
        // parse the url encoded key value pairs
        Map<string, string=""> resultMap = parseQueryString(callResult);
        // get the network call status
        String callStatus = resultMap.get(PXYRESP_CALL_STATUS);
        // get the payment processing status
        String paymentStatus = resultMap.get(PXYRESP_RESPONSE_STATUS);
        String processorRefId = null;
        if (callStatus != null && callStatus.equals(PXYRESP_CALL_STATUS_SUCCESS)
        && paymentStatus != null && paymentStatus.equals(PXYRESP_RESPONSE_STATUS_APPROVED)) {
          logMessage("Successful transaction");
          processorRefId = resultMap.get(PXYRESP_PROCESSOR_REFID);
          logMessage("Auth Processor Ref Id:" + processorRefId);
        }
        else {
          logMessage("Unsuccessful transaction");
          resultCode = paymentStatus;
          String statusCode = resultMap.get(PXYRESP_RESPSTATUS_CODE);
          String statusName = resultMap.get(PXYRESP_RESPSTATUS_NAME);
          String statusDesc = resultMap.get(PXYRESP_RESPSTATUS_DESCRIPTION);
          logMessage("Auth Status Code:" + statusCode);
          logMessage("Auth Status Name:" + statusName);
          logMessage("Auth Status Desc:" + statusDesc);
        }
        return processorRefId;
      }
      public void captureOnly(String serviceUrl, String userName, String passKey, String authProcessorRefId, String merchatTxnRef) throws Exception {
        // get the auth to capture
       // make the remote call
       String callUrl = serviceUrl + PXY_CAPTURE;
       Map<string, string=""> paramMap = new HashMap<string, string="">();
       paramMap.put(PXYPARAM_APIVERSION, "1.0.1");
       paramMap.put(PXYPARAM_APITYPE, PXYPARAM_APITYPE_PXYHPCI);
       paramMap.put(PXYPARAM_USERNAME, userName);
       paramMap.put(PXYPARAM_USERPASSKEY, passKey);
       // format amount
       paramMap.put(PXYPARAM_PXY_TRANSACTION_AMOUNT, amountToAuthStr);
       paramMap.put(PXYPARAM_PXY_TRANSACTION_CUSISO, "USD");
       paramMap.put(PXYPARAM_PXY_TRANSACTION_MER_REFID, "merRef:" + merchatTxnRef);
       paramMap.put(PXYPARAM_PXY_TRANSACTION_PROCESSOR_REFID, authProcessorRefId);
       logMessage("Make the call: " + callUrl);
       String callResult = callUrl(callUrl, paramMap);
       logMessage("Call result:" + callResult);
       // parse the url encoded key value pairs
       Map<string, string=""> resultMap = parseQueryString(callResult);
       // get the network call status
       String callStatus = resultMap.get(PXYRESP_CALL_STATUS);
       // get the payment processing status
       String paymentStatus = resultMap.get(PXYRESP_RESPONSE_STATUS);
       if (callStatus != null && callStatus.equals(PXYRESP_CALL_STATUS_SUCCESS)
       && paymentStatus != null && paymentStatus.equals(PXYRESP_RESPONSE_STATUS_APPROVED)) {
         logMessage("Successful transaction");
         String processorRefId = resultMap.get(PXYRESP_PROCESSOR_REFID);
         logMessage("Capture Processor Ref Id:" + processorRefId);
        }
        else {
          logMessage("Unsuccessful transaction");
          String statusCode = resultMap.get(PXYRESP_RESPSTATUS_CODE);
          String statusName = resultMap.get(PXYRESP_RESPSTATUS_NAME);
          String statusDesc = resultMap.get(PXYRESP_RESPSTATUS_DESCRIPTION);
          logMessage("Capture Status Code:" + statusCode);
          logMessage("Capture Status Name:" + statusName);
          logMessage("Capture Status Desc:" + statusDesc);
        }
      }
      public void voidOnly(String serviceUrl, String userName, String passKey, String authProcessorRefId, String merchatTxnRef) throws Exception {
        // get the auth to capture
        // make the remote call
        String callUrl = serviceUrl + PXY_VOID;
        Map<string, string=""> paramMap = new HashMap<string, string="">();
        paramMap.put(PXYPARAM_APIVERSION, "1.0.1");
        paramMap.put(PXYPARAM_APITYPE, PXYPARAM_APITYPE_PXYHPCI);
        paramMap.put(PXYPARAM_USERNAME, userName);
        paramMap.put(PXYPARAM_USERPASSKEY, passKey);
        // format amount
        paramMap.put(PXYPARAM_PXY_TRANSACTION_AMOUNT, amountToAuthStr);
        paramMap.put(PXYPARAM_PXY_TRANSACTION_CUSISO, "USD");
        paramMap.put(PXYPARAM_PXY_TRANSACTION_MER_REFID, "merRef:" + merchatTxnRef);
        paramMap.put(PXYPARAM_PXY_TRANSACTION_PROCESSOR_REFID, authProcessorRefId);
        logMessage("Make the call: " + callUrl);
        String callResult = callUrl(callUrl, paramMap);
        logMessage("Call result:" + callResult);
        // parse the url encoded key value pairs
        Map<string, string=""> resultMap = parseQueryString(callResult);
        // get the network call status
        String callStatus = resultMap.get(PXYRESP_CALL_STATUS);
        // get the payment processing status
        String paymentStatus = resultMap.get(PXYRESP_RESPONSE_STATUS);
        if (callStatus != null && callStatus.equals(PXYRESP_CALL_STATUS_SUCCESS)
        && paymentStatus != null && paymentStatus.equals(PXYRESP_RESPONSE_STATUS_APPROVED)) {
          logMessage("Successful transaction");
          String processorRefId = resultMap.get(PXYRESP_PROCESSOR_REFID);
          logMessage("Void Processor Ref Id:" + processorRefId);
        }
        else {
          logMessage("Unsuccessful transaction");
          String statusCode = resultMap.get(PXYRESP_RESPSTATUS_CODE);
          String statusName = resultMap.get(PXYRESP_RESPSTATUS_NAME);
          String statusDesc = resultMap.get(PXYRESP_RESPSTATUS_DESCRIPTION);
          logMessage("Void Status Code:" + statusCode);
          logMessage("Void Status Name:" + statusName);
          logMessage("Void Status Desc:" + statusDesc);
        }
      }
      public void creditOnly(String serviceUrl, String userName, String passKey, String captureProcessorRefId, String merchatTxnRef) throws Exception {
        // get the auth to capture
        // make the remote call
        String callUrl = serviceUrl + PXY_CREDIT;
        Map<string, string=""> paramMap = new HashMap<string, string="">();
        paramMap.put(PXYPARAM_APIVERSION, "1.0.1");
        paramMap.put(PXYPARAM_APITYPE, PXYPARAM_APITYPE_PXYHPCI);
        paramMap.put(PXYPARAM_USERNAME, userName);
        paramMap.put(PXYPARAM_USERPASSKEY, passKey);
        // format amount
        paramMap.put(PXYPARAM_PXY_TRANSACTION_AMOUNT, amountToAuthStr);
        paramMap.put(PXYPARAM_PXY_TRANSACTION_CUSISO, "USD");
        paramMap.put(PXYPARAM_PXY_TRANSACTION_MER_REFID, "merRef:" + merchatTxnRef);
        paramMap.put(PXYPARAM_PXY_TRANSACTION_PROCESSOR_REFID, captureProcessorRefId);
        logMessage("Make the call: " + callUrl);
        String callResult = callUrl(callUrl, paramMap);
        logMessage("Call result:" + callResult);
        // parse the url encoded key value pairs
        Map<string, string=""> resultMap = parseQueryString(callResult);
        // get the network call status
        String callStatus = resultMap.get(PXYRESP_CALL_STATUS);
        // get the payment processing status
        String paymentStatus = resultMap.get(PXYRESP_RESPONSE_STATUS);
        if (callStatus != null && callStatus.equals(PXYRESP_CALL_STATUS_SUCCESS)
        && paymentStatus != null && paymentStatus.equals(PXYRESP_RESPONSE_STATUS_APPROVED)) {
          logMessage("Successful transaction");
          String processorRefId = resultMap.get(PXYRESP_PROCESSOR_REFID);
          logMessage("Credit Processor Ref Id:" + processorRefId);
        }
        else {
          logMessage("Unsuccessful transaction");
          String statusCode = resultMap.get(PXYRESP_RESPSTATUS_CODE);
          String statusName = resultMap.get(PXYRESP_RESPSTATUS_NAME);
          String statusDesc = resultMap.get(PXYRESP_RESPSTATUS_DESCRIPTION);
          logMessage("Credit Status Code:" + statusCode);
          logMessage("Credit Status Name:" + statusName);
          logMessage("Credit Status Desc:" + statusDesc);
        }
      }
      public static void main(String[] args) throws Exception {
        // define usage string
        String baseUsageStr = " mode[auth_capture | auth_void | credit] serviceUrl userName passKey merchatTxnRef ";
        // make sure all the parameters are present
        if (args.length < 1) {
          logMessage("Usage: java " + ProxyHPCIProcessorApp.class.getName() + baseUsageStr + " mappedCCNum");
          return;
        }
        String mode = args[0];
        if (mode.equals("auth_capture")) {
          if (args.length < 6) {
            logMessage("Usage: java " + ProxyHPCIProcessorApp.class.getName() + baseUsageStr + " mappedCCNum");
            return;
          }
          String serviceUrl = args[1];
          String userName = args[2];
          String passKey = args[3];
          String merchatTxnRef = args[4];
          String mappedCCNum = args[5];
          ProxyHPCIProcessorApp app = new ProxyHPCIProcessorApp();
          String processorRefId = app.authOnly(serviceUrl, userName, passKey, mappedCCNum, merchatTxnRef);
          if (processorRefId != null) {
            app.captureOnly(serviceUrl, userName, passKey, processorRefId, merchatTxnRef);
          }
          logMessage("Operation complete:" + mode);
        }
        else if (mode.equals("auth_void")) {
          if (args.length < 6) {
            logMessage("Usage: java " + ProxyHPCIProcessorApp.class.getName() + baseUsageStr + " mappedCCNum");
            return;
          }
          String serviceUrl = args[1];
          String userName = args[2];
          String passKey = args[3];
          String merchatTxnRef = args[4];
          String mappedCCNum = args[5];
          ProxyHPCIProcessorApp app = new ProxyHPCIProcessorApp();
          String processorRefId = app.authOnly(serviceUrl, userName, passKey, mappedCCNum, merchatTxnRef);
          if (processorRefId != null) {
            app.voidOnly(serviceUrl, userName, passKey, processorRefId, merchatTxnRef);
          }
          logMessage("Operation complete:" + mode);
        }
        else if (mode.equals("credit")) {
          if (args.length < 6) {
            logMessage("Usage: java " + ProxyHPCIProcessorApp.class.getName() + baseUsageStr + " captureTxnRef");
            return;
          }
          String serviceUrl = args[1];
          String userName = args[2];
          String passKey = args[3];
          String merchatTxnRef = args[4];
          String captureTxnRef = args[5];
          ProxyHPCIProcessorApp app = new ProxyHPCIProcessorApp();
          app.creditOnly(serviceUrl, userName, passKey, captureTxnRef, merchatTxnRef);
          logMessage("Operation complete:" + mode);
        }
        else {
          logMessage("Unknown mode:" + mode);
        }
      }
    }</string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,>