Hosted Pay Page
Overview
The EdgePay Hosted Pay Page is a service for websites that provides a payment form to your customer for inputting credit or eCheck payment information that will post directly to our server and return the non-sensitive results back to you via a redirect message and a response URL that you define.
By using the EdgePay Hosted Pay Page service, your company will never store, process, or transmit sensitive payment information (credit card or checking account) on your server. This both reduces risks associated with security breaches and reduces the requirements for PCI compliance.
Below is a data/process flow model diagram.
Prior to using this process, you must use our Hosted Pay Page function in our Processing Center to construct your custom Hosted Pay Page as well as creating your Pay Button and defining your Post Back URL on your server to receive the payment response. The diagram also includes a web hook confirmation process that is a future deliverable.
Setting up the Hosted Pay Page
After logging into the EdgePay Processing Center, you will navigate to the settings tab to access the Hosted Payment Page. By selecting "Add Details" you will be able to design your page. Once saved, use the "Copy Button Code" to copy the code used to call the Hosted Payment Page. Contact Developers Support for access to these resources.
Payment Button Integration & One-Time Authentication Code
In this step you will integrate two functions for requesting payments. First, at checkout you will insert code to request a "One-Time Authentication Code" (OTAC) using your EdgePay server credentials. The request/response is a RESTful message using JSON format. This request will include your merchant key from your server to authenticate the request. This will be provided by Developers Support. The response will include the OTAC that will be inserted into the Pay Button JavaScript. The OTAC is valid for only 15 minutes. Below is the request/response for the OTAC.
POST/otac HTTP 1.1 HOST: api.edgepay-uat.com (for sandbox testing. for production use HOST: edgepayapi.com) content-type: application/json merchantKey: (insert your production key) externalReferenceID: 1234567890987654 (your unique ID for every transaction) transactionDate: 2018-05-23T02:00:00 (use UTC time zone) { "merchantID":"1234567890987654", (IDs assigned by GET) "terminalID":"9876543210123456" }
The service will respond with:
Connection->Keep-alive Content-Encoding->gzip Content-Type->application/json:charset=UTF-8 Date->Mon, 11 Jun 2018 18:43:10 GMT Transfer-Encoding->Chunked Vary->Accept-Encoding { "result":"A", "reponseCode":"A0000", "responseMessage":"Success", "merchantID":"1234567890987654", "terminalID":"9876543210123456", "timestamp":"2018-05-23-02-01-00", "transactionID":"CS11832432617456679", "otac":"6f31eb30-e30a-4c9a-a361-f9ec9391c556" }
If the EdgePay service is unable to process your request, you will see the following response example.
{ "result":"C" "responseCode":"EP0012" "responseMessage":"Authentication failed, please use valid credentials", "merchantID":"1234567890987654", "terminalID":"9876543210123456", "timestamp":"2018-05-23-02-01-00" }
Other results may include:
"result":"D", "responseCode":"EP0102", "responseMessage":"The value of '%s' or element '%s' is not valid",
Under the above condition we will include both the variable and the element.
"result":"D", "responseCode":"EP0326", "responseMessage":"System error please try again",
Under the above condition, you should request the OTAC again. If multiple failures, call us for help!
Once you have your OTAC, take the "Pay" button code from the Hosted Payment Page (this was created as part of setting up your custom Hosted Payment Page in our Processing Center).
When you serve your customer the "Pay" button, update the JavaScript variables:
edgepayAmount = "The total amount you wish to charge"
edgepayOtac = "The OTAC retrieved from the previous step"
When your customer clicks the "Pay" button, the JavaScript will pass your variables to our server and return your custom Hosted Payment Page to the customer to input the payment information and submit for payment.
The transaction will be submitted to EdgePay for payment processing. Included in the Hosted Payment Page setup is the redirect URL our system will use to redirect the response to your server.
Once we process the payment, we will generate an HTTP 300 redirect message and reply to the customer's browser that will use the response and forward the message via HTTP 200 onto your GET server, query the response URL string, and generate the result page for your customer. Below is an example of the response you will receive back from the HTTP 300 redirect to your server.
Request URL: http://ec2-36-220-202-7.us-west-2.compute.amazonaws.com/home/hpp?result=A&responseCode=A0000&responseMessage=Success&amount=10.01&maskedAccount=401200xxxxxx5439&transactionID=CS12345678909876543×tamp=2018-09-28T20:16:34 Request Method: GET Status Code: 200 OK Content Length: Variable Content Type: text/html;charset=utf-8
We recommend using the "result" variable to determine the next step and response to your customer. More information on generating responses can be found here.