About Hosted Payment Page

General information about Hosted Payment Page

The Hosted Payment Page is a checkout that contains only the step of selecting the payment method. It is a HTML form with responsive design that is displayed properly on all devices.

In the case of payments via Hosted Payment Page, the shop redirects its customers to the Paygate HTML form where they selects their payment method. After confirming the selection depending on the payment method Paygate forwards the customer to a Paygate HTML form or to a form from an external service provider and notifies the shop after completion about the payment result.

Following table contains the payment methods which you can use via Hosted Payment Page:

Payment type	PayType
Credit card	CC
Direct debit	EDD
PayPal	PayPal
iDEAL	iDEAL
Sofort	Sofort
giropay	giropay
paydirekt	paydirekt
Alipay	Alipay
Bancontact	BanconPP
Bank Transfer	BankTranPP
BitPay	BitPayPP
Dragonpay	DragonPP
eNETS	ENETSPP
Finland Online Bank Transfer	FinOBTPP
Indonesia ATM	IndoATMPP
Multibanco	MultibanPP
My Bank	MyBankPP
MyClear FPX	MyClearPP
Przelewy 24	P24PP
POLi	POLiPP
PostFinance	POSTFINPP
paysafecard	PSCPP
QIWI	QIWIPP
RHB Bank	RHBBankPP
SafetyPay	SafetyPPP
7-Eleven	SevenElePP
Skrill	SkrillPP
TrustPay	TrustPayPP
Apple Pay	ApplePay
B4Payment	B4Payment
Boleto	BoletoPP
CUP	CUPPP
EPS	EPS
Wechat	WechatPP

Cookie-/session - handling

Following table lists all card brands that can be uses via the Hosted Payment Page. When submitting the value CC in parameter PayTypes all brands are displayed that are configured for a certain merchant. Selecting specific brands can be done by submitting a string of the desired brand names separated by pipe signs.

Kreditkartenmarke / Scheme Names → values for CCBrand
AirPlus
AMEX
ARGENCARD
Aura
Bancontact
CABAL
Cartes Bancaires
Maestro
CBN
CENCOSUD
ComfortCard
CUP
Dankort
DINERS
Discover
Elo
Hipercard
JCB
Laser
Maestro
MasterCard
NARANJA
RuPay
SHOPPING
TOTAL
VISA

Process of payment

To make payments via the Hosted Payment Page you send a request to following URL with HTTPS GET or HTTPS POST:

https://www.computop-paygate.com/paymentPage.aspx

All details required for payment processing are forwarded as parameters. The parameters are encrypted with Blowfish to ensure that neither the customer nor a third party can manipulate the data.

When calling the form Paygate decrypts the parameters and shows the HTML page with the payment methods. The customer selects the payment method and triggers the forwarding by clicking the button "Next".

After the payment has been made Paygate redirects the customers back to a shop page via HTTPS GET (URLSuccess, URLFailure) and transmits the result of the payment as a Blowfish-encrypted parameter string to these URLs. In addition Paygate transmits the result via HTTPS POST to the shop's Notify page (URLNotify). The shop accepts the payment result and decrypts the data in order to inform the customer about the status.

Calling the Hosted Payment Page

Calling the Hosted Payment Page starts with the correct composition of the parameters which consist of a key and a value and which are separated by an equals sign (=):

MerchantID=Test

All parameters are assembled in a character string and separated by the character &:

Amount=100&Currency=EUR&TransID=12345

Notice: Since the characters "=" and "&" are used as separating characters, these characters cannot be transmitted as values. All values which you transmit without BlowFish-encryption must be URL-Encoded.

A correct parameter character string for Paygate contains three basic parameters: MerchantID, Len and Data. The parameters MerchantID and Len are unencrypted. Only the Data parameter is Blowfish-encrypted:

MerchantID=Test&Len=67&Data=0A67FE96a65d384350F50FF1

The Data parameter contains the sensitive payment details such as amount and currency. The encrypted bytes are Hex-encoded and completed to two characters from the left with a zero. Encryption is via Blowfish ECB and is available to you as source-code and components.

The Len parameter is very important for encryption because it contains the length of the unencrypted(!) character string in the Data parameter. Since the data quantity to be encrypted is increased by a multiple of 8 in the case of the Blowfish encryption, the correct length of the character string must be known for decryption. Otherwise accidental characters emerge at the end of the character string.

The parameters are transmitted via HTTPS POST or HTTPS GET. The recommended transmit method is HTTPS POST because the parameter character string in the case of GET is attached to the URL, which is limited to 2048 bytes depending on the browser.

Notice: Please note that the maximum length of a payment request is limited to 5120 characters. If you require longer strings please contact Computop Helpdesk.

The following listings show the development of a payment request. The first listing is the unencrypted parameter character string:

MerchantID=Test&TransID=100000001&Amount=11&Currency=EUR&URLSuccess=https://www.shop.com/ok.html&URLFailure=https://www.shop.com/failed.html&URLNotify=https://www.shop.com/notify.cgi&OrderDesc=My order

Notice: Please note that a value is to be assigned to each parameter. Do not transmit empty parameters, as this can cause the payment to fail.

This character string is encrypted and transmitted as the Data parameter. The HTTPS GET request for the Hosted Payment Page looks like this:

Notice: Please note that parameters like Language or URLBack are transmitted unencrypted. A table with all possible unencrypted parameters can be found also witihn this document.

Paygate interface

Definitions

Data formats

Format	Description
a	alphabetical
as	alphabetical with special characters
n	numeric
an	alphanumeric
ans	alphanumeric with special characters
ns	numeric with special characters
bool	boolean expression (true or false)
3	fixed length with 3 digits/characters
..3	variable length with maximum 3 digits/characters
enum	enumeration of allowed values
dttm	ISODateTime (YYYY-MM-DDThh:mm:ss)

Abbreviations

Abbreviation	Description	Comment
CND	condition
M	mandatory	If a parameter is mandatory, then it must be present
O	optional	If a parameter is optional, then it can be present, but it is not required
C	conditional	If a parameter is conditional, then there is a conditional rule which specifies whether it is mandatory or optional

Notice: Please note that the names of parameters can be returned in upper or lower case.

Parameters of the Hosted Payment Page

These parameters are mandatory for all payment methods and has to be submitted Blowfish-encrypted within the Data parameter to the Hosted Payment Page.

Notice: Please take all further parameters specifically for a payment method from the manual of that respective payment method.

The following table describes the encrypted payment request parameters:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Key Format CND Description Beschreibung
MerchantID
ans..30
M
MerchantID, assigned by Computop. Additionally this parameter has to be passed in plain language too.
HändlerID, die von Computop vergeben wird. Dieser Parameter ist zusätzlich auch unverschlüsselt zu übergeben.

Key Format CND Description Beschreibung
Amount
n..10
M
Amount in the smallest currency unit (e.g. EUR Cent). Please contact the Computop Helpdesk, if you want to capture amounts <100 (smallest currency unit).
Betrag in der kleinsten Währungseinheit (z.B. EUR Cent). Bitte wenden Sie sich an den Computop Helpdesk, wenn Sie Beträge < 100 (kleinste Währungseinheit) buchen möchten.

Key Format CND Description Beschreibung
Currency
a3
M
Currency, three digits DIN / ISO 4217, e.g. EUR, USD, GBP. Please find an overview here: A1 Currency table
Währung, drei Zeichen DIN / ISO 4217, z.B. EUR, USD, GBP. Hier eine Übersicht: A1 Währungstabelle

Key Format CND Description Beschreibung
MAC
an64
M
Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here:
HMAC Authentication (Request)
HMAC Authentication (Notify)
Hash Message Authentication Code (HMAC) mit SHA-256-Algorithmus. Details finden Sie hier:
HMAC-Authentisierung (Anfrage)
HMAC-Authentisierung (Notify)

Key	Format	CND	Description	Beschreibung
TransID	ans..64	M	TransactionID provided by you which should be unique for each payment	Ihre eigene TransaktionsID, die für jede Zahlung eindeutig sein muss

Key		Format	CND	Description	Beschreibung
RefNr		ns..30	O	Unique reference number exact format depends on the available paymethods for your MerchantId. Please choose your format in that way that all paymethods are covered.	eindeutige Referenznummer das genaue Format hängt von den Zahlarten Ihrer MerchantId ab. Wählen Sie das Format so, dass alle möglichen Zahlarten kompatibel sind.
OrderDesc		ans..384	M	Description of purchased goods, unit prices etc. Please note: The first 27 characters appear on the customer-account statement. You can view the full data in Computop Analytics.	Beschreibung der gekauften Waren, Einzelpreise etc. Bitte beachten Sie: Die ersten 27 Zeichen erscheinen auf dem Kontoauszug des Kunden. In Computop Analytics können Sie die kompletten Daten einsehen.

Key	Format	CND	Description	Beschreibung
UserData	ans..1024	O	If specified at request, Paygate forwards the parameter with the payment result to the shop.	Wenn beim Aufruf angegeben, übergibt das Paygate die Parameter mit dem Zahlungsergebnis an den Shop.

Key	Format	CND	Description	Beschreibung
URLSuccess	ans..256	M	Complete URL which calls up Paygate if payment has been successful. The URL may be called up only via port 443. This URL may not contain parameters: In order to exchange values between Paygate and shop, please use the parameter UserData. Common notes: We recommend to use parameter "response=encrypt" to get an encrypted response by Paygate However, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess. Therefore ensure to check the "code"-value which indicates success/failure of the action. Only a result of "code=00000000" should be considered successful.	Vollständige URL, die das Paygate aufruft, wenn die Zahlung erfolgreich war. Die URL darf nur über Port 443 aufgerufen werden. Diese URL darf keine Parameter enthalten: Um Parameter durchzureichen nutzen Sie stattdessen den Parameter UserData. Allgemeine Hinweise: Wir empfehlen, den Parameter "response=encrypt" zu verwenden, um eine verschlüsselte Antwort von Paygate zu erhalten Betrüger könnten das verschlüsselte DATA-Element kopieren, welches an URLFailure gesendet wurde, und betrügerisch dasselbe DATA an URLSuccess senden. Überprüfen Sie daher unbedingt den "code"-Wert des DATA-Elements. Nur eine Antwort mit "code=00000000" sollte als erfolgreich angesehen werden.

Key	Format	CND	Description	Beschreibung
URLFailure	ans..256	M	Complete URL which calls up Paygate if payment has been unsuccessful. The URL may be called up only via port 443. This URL may not contain parameters: In order to exchange values between Paygate and shop, please use the parameter UserData. Common notes: We recommend to use parameter "response=encrypt" to get an encrypted response by Paygate However, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess/URLNotify. Therefore ensure to check the "code"-value which indicates success/failure of the action. Only a result of "code=00000000" should be considered successful.	Vollständige URL, die das Paygateaufruft, wenn die Zahlung gescheitert ist. Die URL darf nur über Port 443 aufgerufen werden. Diese URL darf keine Parameter enthalten: Um Parameter durchzureichen nutzen Sie stattdessen den Parameter UserData. Allgemeine Hinweise: Wir empfehlen, den Parameter "response=encrypt" zu verwenden, um eine verschlüsselte Antwort von Paygate zu erhalten Betrüger könnten das verschlüsselte DATA-Element kopieren, welches an URLFailure gesendet wurde, und betrügerisch dasselbe DATA an URLSuccess/URLNotify senden. Überprüfen Sie daher unbedingt den "code"-Wert des DATA-Elements. Nur eine Antwort mit "code=00000000" sollte als erfolgreich angesehen werden.

Key	Format	CND	Description	Beschreibung
Response	a7	O	Status response sent by Paygate to URLSuccess and URLFailure, should be encrypted. For this purpose, transmit Response=encrypt parameter.	Die Status-Rückmeldung, die das Paygate an URLSuccess und URLFailure sendet, sollte verschlüsselt werden. Dazu übergeben Sie den Parameter Response=encrypt.

Key	Format	CND	Description	Beschreibung
URLNotify	ans..256	M	Complete URL which Paygate calls up in order to notify the shop about the payment result. The URL may be called up only via port 443. It may not contain parameters: Use the UserData parameter instead. Common notes: We recommend to use parameter "response=encrypt" to get an encrypted response by Paygate However, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess/URLNotify. Therefore ensure to check the "code"-value which indicates success/failure of the action. Only a result of "code=00000000" should be considered successful.	Vollständige URL, die das Paygate aufruft, um den Shop zu benachrichtigen. Die URL darf nur über Port 443 aufgerufen werden. Sie darf keine Parameter enthalten: Nutzen Sie stattdessen den Parameter UserData. Allgemeine Hinweise: Wir empfehlen, den Parameter "response=encrypt" zu verwenden, um eine verschlüsselte Antwort von Paygate zu erhalten Betrüger könnten das verschlüsselte DATA-Element kopieren, welches an URLFailure gesendet wurde, und betrügerisch dasselbe DATA an URLSuccess/URLNotify senden. Überprüfen Sie daher unbedingt den "code"-Wert des DATA-Elements. Nur eine Antwort mit "code=00000000" sollte als erfolgreich angesehen werden.

Parameters for Hosted Payment Page

Following parameters are optional and can be submitted unencrypted to the Hosted Payment Page:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Key	Format	CND	Description	Beschreibung
Template	ans..20	O	Name of XSLT-file with your own layout for the pay form. If you want to use the redesigned and downwards compatible Computop template, please transfer the template name “ct_compatible”. If you want to use the responsive Computop template for mobile devices, please transfer the template name “ct_responsive”.	Name der XSLT-Datei mit Ihrem individuellen Layout für das Bezahlformular. Wenn Sie das neugestaltete und abwärtskompatible Computop-Template nutzen möchten, übergeben Sie den Templatenamen „ct_compatible“. Wenn Sie das responsive Computop-Template für mobile Endgeräte nutzen möchten, übergeben Sie den Templatenamen „ct_responsive“.

Key

Format

CND

Description

Beschreibung

CCTemplate

ans..20

O

Name of XSLT-file with your own layout for the credit card form. This is used only if the customer selects a credit card brand and then clicks on „Next“ button.

If you don't submit a value the responsive Computop credit card form template is displayed.

Name der XSLT-Datei mit Ihrem individuellen Layout für das Kreditkartenformular. Dies greift nur, wenn der Kunde eine Kreditkartenmarke auswählt und auf die Schaltfläche „Weiter“ klickt.

Wenn Sie keinen Wert übergeben, wird das responsive Computop-Kreditkartenformular-Template angezeigt.

SDDTemplate

ans..20

O

Name of XSLT-file with your own layout for the direct debit form. This is used only if the customer selects direct debit as payment method and clicks on „Next“ button.

If you don't submit a value the responsive Computop direct debit form template is displayed.

Name der XSLT-Datei mit Ihrem individuellen Layout für das Lastschriftenformular. Dies greift nur, wenn der Kunde Lastschrift als Zahlart auswählt und auf die Schaltfläche „Weiter“ klickt.

Wenn Sie keinen Wert übergeben, wird das responsive Computop-Lastschriftenformular-Template angezeigt.

Language

a2 (enum)

O

Language code: <de> German, <al> Albanian, <at> Austrian, <cz/cs> Czech, <dk> Danish, <en> English, <fi> Finish, <fr> French, <gr> Greek, <hu> Hungarian, <it> Italian, <jp> Japanese, <nl> Dutch, <no> Norwegian, <pl> Polish, <pt> Portuguese, <ro> Romanian, <ru> Russian, <es> Spanish, <se> Swedish, <sk> Slovakian, <sl> Slovenian, <tr> Turkey, <zh> Simplified Chinese.

No details means the language is German.

Sprachcode: <de> deutsch, <al> albanisch, <at> österreichisch, <cz/cs> tsche-chisch, <dk> dänisch, <en> englisch, <fi> finnisch, <fr> französisch, <gr> grie-chisch, <hu> ungarisch, <it> italienisch, <jp> japanisch, <nl> holländisch, <no> norwegisch, <pl> polnisch, <pt> portugiesisch, <ro> rumänisch, <ru> russisch, <es> spanisch, <se> schwedisch, <sk> slowakisch, <sl> slowenisch, <tr> tür-kisch, <zh> Simplified Chinese

Ohne Angabe ist die Sprache Deutsch.

Key Format CND Description Beschreibung
URLBack
ans..256
O
Complete URL which Paygate calls in case that Cancel is clicked by the customer.
The parameter "URLBack" can be sent
either as plain parameter (unencrypted) (compatibility mode)
or be part of encrypted payment request parameters (preferred mode)
In order to exchange values between Paygate and shop you may use something like this:
URLBack=https://your.shop.com/back.php?param1%3Dvalue1%26param2%3Dvalue3%26status%3Dcancelled
When user cancels payment this URL is called exactly like this and you may use URL Decode to extract parameter and values.
Vollständige URL, die das Paygate aufruft, wenn der Kunde auf Abbruch klickt.
Der Parameter "URLBack" kann
sowohl unverschlüsselt ans Paygate übermittelt werden (Kompabilitätsmodus)
als auch in den verschlüsselten Übergabeparametern (bevorzugte Variante)
Wenn Sie Parameter/Werte in der URLBack übergeben möchten, so können Sie folgende Methode verwenden:
URLBack=https://your.shop.com/back.php?param1%3Dvalue1%26param2%3Dvalue3%26status%3Dcancelled
Wenn der Kunde auf Abbruch klickt, so wird die URL genauso aufgerufen, so dass Sie URL Decode verwenden können, um Parameter und Werte zu extrahieren.

Key

Format

CND

Description

Beschreibung

PayTypes

ans..256

O

With this parameter you can override the payment methods to be displayed, i.e. you can decide within this parameter separated by pipe which of the available payment methods are displayed.

Take the possible values from the column PayType within the table of payment methods given above.

Example: …&PayTypes=CC|EDD|Alipay

Mit diesem Parameter können Sie die anzuzeigenden Zahlarten übersteuern, d.h. sie können in diesem Parameter Pipe-getrennt entscheiden, welche der zur Verfügung stehenden Zahlarten angezeigt werden.

De möglichen Werte entnehmen Sie aus der Spalte PayType in der obigen Tabelle der Zahlarten.

Beispiel: …&PayTypes=CC|EDD|Alipay

Optional parameters for Hosted Payment Page

Corporate PaymentPage: XSLT layout for forms

You can change the parameter Template to create an individual layout for your Hosted Payment Page form which exactly matches the shop layout To this end your graphic designer can design an HTML-template in the shop-design based on XSLT (Extensible Stylesheet Language Transformation). Computop Helpdesk copies this XSLT-template to our Paygate Server. If you enter the name of your XSLT-file in the Template parameter, the Paygate form will appear in your layout.

The XSLT templates for the Hosted Payment Page form have several advantages:

Merchants can bypass the costly PCI-security authorisation
The Hosted Payment Page is responsive, i.e. it works on Smartphones, Tablets or on the Laptop

For general information about XSLT see www.w3.org.

The subsequent conventions apply for the use of the Corporate Paypage with XSLT:

File names

A XSL file designed by you defines your individual layout. The associated XML file contains the texts that are to be displayed on the form. Hence, multilingualism is easy. Always use your MerchantID in the names of the files.

Purpose	Naming
XSL template	MerchantID_PaymentPage.xsl
XML text file	MerchantID_PaymentPage.xml
Sub folder for pictures, CSS- and JS-files	Templates/imagesMerchantID_PaymentPage

In order not to receive safety notices, please ensure that external image sources are retrieved via SSL.

In order to call the individual layout, use the ‘Template’ parameter with your MerchantID and attach it unencrypted to the call of the form of Hosted Payment Page, for example:

https://www.computop-paygate.com/paymentPage.aspx?MerchantID=IhreMID&Len=123&Data=AGSDJ…ASDF&template=IhreMerchantID

Hidden Fields

The following hidden fields must be implemented so that the values can be passed on when sending the form:

Value of	Name of hidden field
MerchantID	"MerchantID"
Request length	"Len"
Request data	"Data"
Template	"Template"
Language	"Language"
URL for back button	"URLBack"
Payment method	"PaymentMethod"
Credit card brand	"CreditCardBrand"

Language selection

The language selection on the Hosted Payment Page form occurs automatically depending on the parameter Language. Other language areas are filtered out. If you wish to access the field of another language area e.g. with JavaScript, you can do so via the following path: paygate/language/@name.

XML structure

The ‘Language’ parameter controls which section of the XML text file is read out. German ‘de’ is always used as standard.

The XML file should have the following basic structure:

<?xml version="1.0" encoding="utf-16"?>
      </languages>
            <language name="de">
                  <title>Zahlung</title>
                  ...
            </language>
            <language name="en">
                  <title>Payment</title>
                  ...
            </language>
      </languages>

‘UTF-8’ is also possible for the encoding.

With <xsl:variablename=““ select=“paygate/language/@name”/> you can directly address an XML language section from the XSL file.

For an overview of which parameters are rendered by the Hosted Payment Page, please examine the following structure (XSL file is rendered against the following XML string):

strXML = "<?xml version='1.0' encoding='windows-1252'?>" & _
<paygate>
      <merchantID>...</merchantID>
      <len>257</len>
      <data>E98D4...F7065</data>
      <template>
      <urlBack><![CDATA[http://www.google.de]]></urlBack>
      <paymentMethods>
            <VISA type="CC" displayName="Visa"/>
            <MasterCard type="CC" displayName="MasterCard"/>
            <AMEX type="CC" displayName="American Express"/>
            <DINERS type="CC" displayName="Diners Club International"/>
            <Discover type="CC" displayName="Discover"/>
            <JCB type="CC" displayName="JCB"/>
            <EDD lowercase="edd">
            <PayPal lowercase=="paypal">
            <iDEAL lowercase=="ideal">
      </paymentMethods>
      <language name="de">
            <title>Zahlung</title>
            ...
      </language>
</paygate>

In your XSL file you can access each single value within this XML structure which is rendered in the backend based on the XML language file and additional values.

JavaScript

You can find individual JavaScript methods either in the HEAD section of your XSL file or within the file main.js that can be found in the images folder at Templates/imagesMerchantID_PaymentPage/js.

Notice: Please do not use any external links to your JavaScript!

Space shortcuts

Page tree