SHOPPING CART INTERFACE

This document describes how to interface a shopping cart system to WiredPay. This interface uses standard HTML forms to provide a simple way for sellers to integrate WiredPay as a method of payment for their merchandise or services.

This guide also includes examples of HTML form for interfacing to the WiredPay payment system. This form is functionally equivalent to one that merchants will need to provide within their shopping cart check-out system to interface to the WiredPay payment system. Finally, you will also find an example of the form and the parameters that the IPN system posts back to the seller's server.

This documentation is made short and direct, enabling anyone, even those who are not experienced developers to easily copy and paste and edit form details and be up and running in no time. WiredPay also provides a form generation system, making the process of accepting payments for your goods using WiredPay even easier.

After you have successfully generated your form, you will find details similar to the form shown below. For the payment button to work, you must create a form using the POST method and all the parameters you send should use hidden fields.

WiredPay server listens to SCI requests through: http://www.wiredpay.com/w-sci.asp so the form action should be set to that url.

The Most Basic Form, showing only the required fields:

Parameters List

Form Field Required Description Example
acc_merchant
Yes
The receiver of the payment. Your WiredPay Account ID 100123
amount
Yes
The price of the item in USD. No currency symbols allow- only numbers. 100.99
merchant_ref
Optional
Merchant reference for this transaction.

The value of this field can be used by the merchant for the order number, or any other reference.

This field is visible in the history both to the Merchant and Buyer. If not included by Merchant, the server will create it with an empty value ("" )

1001
comments
Optional
The memo that the Merchant may want included with the payment. It is optional. If specified the Buyer cannot change the information contained within it. If not supplied or empty, the Buyer is presented with a memo field Payment for goods
status_url
Optional
The URL where payment details will be sent on successful payment. Successful payment details are sent there using the POST method. Your server can then capture and process the details if your site has a script to process IPN (Instant Payment Notification) http://www......com/status.php
payment_url
Optional
The URL the buyer will be redirected when the payment is completed successfully. This may be your Thank you page. http://www......com/thanks.php
nopayment_url
Optional
The URL where the customer will be redirected to if he/she cancels the payment or if the payment is not successful. http://www.......com/notpay.php
custom1
custom2
custom3
custom4
custom5
custom6
custom7
custom8
custom9
custom10
Optional
Custom fields allow Merchant to include additional information in the form. This information is not processed by WiredPay, but returned with every successful payment to the Merchant for his own purposes.

You may add up to 10 custom fields and values to the form. These parameters will be sent back to the url specified in the status_url field unchanged.

 

Sample Form showing the required fields and some additional fields:
Replace 100123 with your WiredPay Account ID


The sample form above is another simple form with merchant_ref, comments added and custom1 and custom2 supplied with values. If there is no need for additional fields, simply remove the lines.

The form action is set to http://www.wiredpay.com/w-sci.asp
That is where WiredPay listens to sci requests. The form method is set to POST.

Explanation of the form:

  • The first hidden field is acc_merchant. The value of it should be your Account ID.

  • The second hidden field is amount. The value of it should be the total amount you expect to receive.

  • The third hidden field is merchant_ref. This is not required, but if included, the value of it could be your invoice number or other reference.

  • The forth hidden field is comments. This too is not required, but if included, the value of it could be any comments.


  • The fifth hidden field is custom1. You can use the value of it to store any information you want WiredPay to send back during transaction. WiredPay does not process data stored there. It simply post it back to the Merchant's server

  • The sixth hidden field is custom2. You can use the value of it to store any information you want WiredPay to send back during transaction.

  • The last item there is the image. The src refers to where WiredPay Buy Now button is located.

Parameters Sent Back By WiredPay to the url indicated in status_url field by Merchant

If you indicated status_url and added a url in its value, the following parameters will be sent back to this url using the POST method. Below are all the parameters explained:

Form Field Sent Back Description Example
acc_merchant
Yes
The receiver of the payment. Your WiredPay Account ID 100123
acc_payer
Yes
The Payer's WiredPay Account ID 101234
amount
Yes
The price of the item in USD. Only numbers. 100.99
merchant_ref
Yes
If included by you, the value sent back is the same as specified by you. 1001
comments
Yes
If included by you, the value sent back is the same as specified by you. Payment for goods
status_url
Yes
If included by you, the value sent back is the same as specified by you. http://www......com/status.php
payment_url
Yes
If included by you, the value sent back is the same as specified by you. http://www......com/thanks.php
nopayment_url
Yes
If included by you, the value sent back is the same as specified by you. http://www.......com/notpay.php
custom1
custom2
custom3
custom4
custom5
custom6
custom7
custom8
custom9
custom10
Yes
All custom fields are sent back with their values intact. Customer15645

For every successful payment WiredPay server will also send back 3 additional fields as indicated below:
batch_num
Yes
This is a unique batch number used by WiredPay to identify this particular transaction. Every successful payment receives a unique batch number. 1023011
sha_hash
Yes

The sha_hash value sent to the Merchant's server contains a string compiled from information contained within the form and your account Alternate Password. It enables the Merchant to verify the authenticity of the data received from WiredPay .

The sha_hash value is generated using a formula as explained below

 
md5_hash
Yes
The md5_hash value is generated from a concatenated string, using MD5. Explanation on how the string is concatenated follows  

How the string is generated:

The value of selected fields are concatenated with a colon ( : ) used to seperate each value from the other. Your account Alternate Password is also included in the concatenation. The string derieved from the concatenation is then HASH using Sha256 formula and stored in sha_hash. The same string is hash again using MD5 formula and stored in md5_hash.

Fields used for the concatenation are:

acc_merchant
acc_payer
amount
merchant_ref
batch_num
Your Account Alternate Password

Let's assume your Account Alternate Password is: AltPass123
Let's assume the above selected fields have the following values

acc_merchant = 100123
acc_payer= 101234
amount = 20.99
merchant_ref =15465
batch_num = 1023011
Your Account Alternate Password = AltPass123

The concatenation will be done as follows:

100123:101234:100.99:15465:1023011:AltPass123

The string above will then be HASH using Sha256. The following is the value of the Hash
0AAC5559AC85578929DA8BE063029BB697D814BEF112FF300929573F3197C208

That value will be stored in the sha_hash and sent together with the other form values to the url specified in the status_url by the Merchant

Note that ( : ) is added in the string. Also note that if the merchant_ref is empty, an empty space will be added.

To get the value stored in md5_hash. The same concatenation is done.

100123:101234:100.99:15465:1023011:AltPass123

The string above will then be HASH using MD5. The following is the value of the MD5 Hash
7AEFC0AC4F39E305BA67016CBECDD699
md5_hash will now have the above value.

To verify the authenticity of the data received from WiredPay , perform the following:

  1. Concatenate the value in the fields acc_merchant, acc_payer, amount, merchant_ref, batch_num, and your Account Alternate Password. Ensure to seperate each value with colon.

  2. Now Hash your concatenation string using Sha256.

  3. Compare the value of your HASH string with the value stored in the sha_hash field you received. If they are not the same, do not trust the information received. You may implement your own checks to ensure the payment was truely made into your account.

  4. You may decide to verify using the value in md5_hash. If you wish to verify using the value in md5_hash, ensure to hash your value using MD5.

WiredPay uses two different hash algorithms (Sha256 and MD5) so as to give the merchant the opportunity to verify data received from WiredPay in any of the algorithm they are more familiar with. If you are verifying the authenticity of the data received from WiredPay using Sha256, then compare your value with the value stored in sha_hash. If you are verifying using MD5, then compare your value with the value stored in md5_hash.