NAV Navbar
Logo
Purchase
version 3.4
PHP Perl

Create a purchase order

Examples are for Verotel FlexPay PHP client library

<?php
// get your brand instance (Verotel, CardBilling, FreenomPay, Bill, PaintFest Payments)
$brand = Verotel\FlexPay\Brand::create_from_merchant_id(/* Your customer ID */ '9804000000000000');

$flexpayClient = new Verotel\FlexPay\Client(/* shop ID */ 12345, "FlexPay Signature Key", $brand);

$purchaseUrl = $flexpayClient->get_purchase_URL([
    "priceAmount" => 2.64,
    "priceCurrency" => "EUR",
    "description" => "Test purchase",
]);

Examples are for Verotel FlexPay Perl client library

use Verotel::FlexPay qw/get_purchase_URL/;

my $purchase_url = get_purchase_URL('FlexPay Signature Key',
    shopID => 65147,
    priceAmount => '6.99',
    priceCurrency  => 'USD'
);

FlexPay purchase call is used to redirect buyer to the Verotel Order Page in order to process the purchase sale.

HTTP request

Verotel
GET https://secure.verotel.com/startorder?

CardBilling
GET https://secure.billing.creditcard/startorder?

FreenomPay
GET https://secure.freenompay.com/startorder?

Bill
GET https://secure.bill.creditcard/startorder?

PaintFest Payments
GET https://secure.paintfestpayments.com/startorder?

Query parameters

Parameter Type Required Description
version Number mandatory version version of the FlexPay call, 3.4 for this version
shopID Number mandatory numerical ID of the website in the Verotel system
type String mandatory purchase
priceAmount Number mandatory priceAmount amount to be processed in nnn.nn format
priceCurrency Number mandatory priceCurrency 3 char ISO code, must be one of the Sale currencies (USD EUR GBP AUD CAD CHF DKK NOK SEK)
NOTE: only EUR is can be used for DDEU payment method system
description String mandatory description of the product. Text is displayed on the order page - max 100 printable characters
paymentMethod String optional payment method, CC, DDEU or BTC (if not set then buyers can choose from available payment methods)
NOTE: DDEU is available only in DE, AT, CH, BE, IT, NL, ES and FR

If oneClickToken is sent, the payment method must be set to CC
referenceID String optional merchant's reference identifier. It must be unique if provided
custom1 String optional pass-through variable - max 255 printable characters
custom2 String optional pass-through variable - max 255 printable characters
custom3 String optional pass-through variable - max 255 printable characters
backURL String optional URL for redirect after successful transaction - max 255 characters
declineURL String optional URL for redirect after declined transaction - max 255 characters
oneClickToken String optional the one-time oneClickToken from previous purchase
NOTE: oneClickToken is excluded from signature calculations
email String optional email of the buyer. If not set, it will be collected on the Order Page
NOTE: email is excluded from signature calculations (max 100 chars else it will be ignored)
signature String mandatory Signature calculation

Success redirect

After a successful transaction, the buyer is redirected to a nominated "Success URL" and a set of data describing the sale is sent along as HTTP parameters.

Parameter Type Description
shopID Number numerical ID of the website in the Verotel system
type String purchase
referenceID String merchant reference identifier. It must be unique if provided
saleID Number identifier of the sale in the Verotel system
priceAmount Number amount to be processed in nnn.nn format
priceCurrency String 3 char ISO code of the Sale currency
custom1 String pass-through variable - max 255 printable characters
custom2 String pass-through variable - max 255 printable characters
custom3 String pass-through variable - max 255 printable characters
paymentMethod String payment method, CC, DDEU or BTC
signature String Signature calculation

Postbacks

Examples are for Verotel FlexPay PHP client library

<?php
require_once 'vendor/autoload.php';

// get your brand instance (Verotel, CardBilling, FreenomPay, Bill, PaintFest Payments)
$brand = Verotel\FlexPay\Brand::create_from_merchant_id(/* Your customer ID */ '9804000000000000');

$flexpayClient = new Verotel\FlexPay\Client(/* shop ID */ 12345, "FlexPay Signature Key", $brand);

if (!$flexpayClient->validate_signature($_GET)){
    http_response_code(500);
    echo "ERROR - Invalid signature!";
    exit;
}

// handle correct postback
...

echo "OK";

Examples are for Verotel FlexPay Perl client library

use CGI;
use Verotel::FlexPay qw/validate_signature/;

my $cgi = new CGI;

if (!validate_signature('FlexPay Signature Key', %{$cgi->Vars})) {
    print $cgi->header( -status => '500' );
    exit;
}

// handle correct postback
...


print $cgi->header( -status => '200' );
print 'OK';

After every sale or transaction based action corresponding postback is sent to registered Postback URL.

Postback data are sent as GET request.

Verifying postback

As security measure postback have to be validated that it contains correctly computed Signature.

Responding to postback

The Verotel system expects HTTP status code 200 and plain text OK response.

Success postback

The successful sale postback is sent to the nominated "Postback URL" immediately after the sale has been processed. The postback is sent only for successfully approved transactions. The data in the postback provide essential information about the sale. If more information is needed, for example billing address or email address of the buyer, the merchant should query the status page.

Parameter Type Description
shopID Number numerical ID of the website in the Verotel system
type String purchase
referenceID String merchant reference identifier. It must be unique if provided
saleID Number identifier of the sale in the Verotel system
transactionID Number identifier of the transaction in the Verotel system (only avaible for postbacks version 2)
priceAmount Number amount to be processed in nnn.nn format
priceCurrency String 3 char ISO code of the Sale currency
custom1 String pass-through variable - max 255 printable characters
custom2 String pass-through variable - max 255 printable characters
custom3 String pass-through variable - max 255 printable characters
paymentMethod String payment method, CC, DDEU or BTC
oneClickToken String if the feature is enabled - oneClickToken valid for next purchase
signature String Signature calculation
truncatedPAN String Truncated (masked) payment instrument identification, e.g. card number
CCBrand String Only present if paid via Credit Card, represents the card brand, e.g. VISA

Credit postback

Credit postback call is sent to the merchant's postback URL when the sale transaction is credited by merchant, Verotel support or by system (e.g. when an automated refund is performed).

Parameter Type Description
shopID Number numerical ID of the website in the Verotel system
event String credit
referenceID String merchant reference identifier. It must be unique if provided
saleID Number identifier of the sale in the Verotel system
priceAmount Number amount of refunded transaction
priceCurrency String refunded transaction currency
transactionID Number transaction id of credit transaction
parentID Number transaction id of transaction which was credited
type String purchase
custom1 String pass-through variable - max 255 printable characters
custom2 String pass-through variable - max 255 printable characters
custom3 String pass-through variable - max 255 printable characters
signature String Signature calculation

Chargeback postback

Chargeback postback call is sent to the merchant's postback URL when sale transaction is chargebacked. This also blacklists the buyer.

Parameter Type Description
shopID Number numerical ID of the website in the Verotel system
event String chargeback
referenceID String merchant reference identifier. It must be unique if provided
saleID Number identifier of the sale in the Verotel system
priceAmount Number amount of chargebacked transaction
priceCurrency String chargebacked transaction currency
transactionID Number transaction id of credit transaction
parentID Number transaction id of transaction which was credited
type String purchase
custom1 String pass-through variable - max 255 printable characters
custom2 String pass-through variable - max 255 printable characters
custom3 String pass-through variable - max 255 printable characters
signature String Signature calculation

Status page request

Examples are for Verotel FlexPay PHP client library

Symfony\Component\Yaml\Yaml package used to parse status page. Packagist

<?php
// get your brand instance (Verotel, CardBilling, FreenomPay, Bill, PaintFest Payments)
$brand = Verotel\FlexPay\Brand::create_from_merchant_id(/* Your customer ID */ '9804000000000000');

$flexpayClient = new Verotel\FlexPay\Client(/* shop ID */ 12345, "FlexPay Signature Key", $brand);

$statusURL = $flexpayClient->get_status_URL(['saleID' => 123456]);

$statusPageData = Symfony\Component\Yaml\Yaml::parse(file_get_contents($statusURL));

// handle data fetched from status page

Examples are for Verotel FlexPay Perl client library

use Verotel::FlexPay qw/get_status_URL/;
use LWP::Simple;

my $url = get_status_URL('FlexPay Signature Key', shopID => 12345, saleID => 98765);
my $content = get $url;

print $content;

A status of a sale made with a FlexPay API can be reviewed by querying the status page. Status page provides complete information about the sale, the buyer, and its status.

HTTP request

Verotel
GET https://secure.verotel.com/status/order?

CardBilling
GET https://secure.billing.creditcard/status/order?

FreenomPay
GET https://secure.freenompay.com/status/order?

Bill
GET https://secure.bill.creditcard/status/order?

PaintFest Payments
GET https://secure.paintfestpayments.com/status/order?

Query parameters

Parameter Type Description
version Number 3.4
shopID Number numerical ID of the website in the Verotel system
referenceID String Merchant's reference identifier if provided (referenceID OR saleID must be posted - NOT BOTH)
saleID Number Verotel saleID identifier (referenceID OR saleID must be posted - NOT BOTH)
signature String Signature calculation

Response

Parameter Description
response FOUND - purchase record found and returned
NOTFOUND - purchase not found
ERROR - error (see 'error' key)
error message (for response=ERROR)
saleID identifier of the transaction in Verotel System
shopID ID of website in Verotel system
paymentMethod an identifier of payment method that was used for the transaction.
Can be one of following: Credit Card, Direct Debit EU or Bitcoin
priceAmount amount processed. in nnn.nn formatt
priceCurrency 3 char ISO code of the Sale currency
description Product description text - max 100 printable characters
referenceID Merchant reference identifier - max 100 printable characters
name name of the buyer
email email address of the buyer
country selected or detected country ISO code (ISO 3166-1-alpha-2 code)
oneClickToken If the feature is enabled - Currently valid oneClickToken
btc_transaction_status Only for Bitcoin sales: The status of Bitcoin transaction as set by the postback from Bitcoin processor:
paid - the transaction was successfully sent to the processor
complete - the transaction was confirmed and processed completely
invalid - the transaction could not be processed, it was unsuccessful
createdOn Timestamp of purchase creation
saleResult purchase processing result (APPROVED)
billingAddr_fullName billing address: full name field value
billingAddr_company billing address: company field value
billingAddr_addressLine1 billing address: 1st line field value
billingAddr_addressLine2 billing address: 2nd line field value
billingAddr_city billing address: city name
billingAddr_zip billing address: zip code / postal code
billingAddr_state billing address: US state code (ISO 3166-2)
billingAddr_country billing address: country ISO code (ISO 3166-1-alpha-2 code)

One Click Purchase

The One Click functionality allows buyers to pay instantly without any type of confirmation. The instant One Click will try to chargetheir previously saved credit card without the need to re-enterthe CVV code or any other additional information. This allows the FlexPay purchase sales to be processed quickly without distracting the buyer unnecessarily.

Security

The One Click functionality has been designed to be as secure as possible to minimize any risks of misuse and to protect both, merchants and buyers alike. The same fraud prevention measures apply as per standard Order Page interactions.

Enabling the One Click

The One Click feature is disabled by default and it is a subject to approval by Verotel. Please contact merchantsupport@verotel.com to enquire. This document assumes the feature is enabled.

Limitations

Interaction

Initial sale

In order to charge the buyer again with One Click the "oneClickToken" is required.

The token is generated with the first successful sale (normal FlexPay purchase sale with full Order Page interaction initiated by "purchase order" request) when the buyer chooses to "Remember my card for future purchases".

The Successful sale postback returns the "oneClickToken" to merchant’s system.

One Click sale

Examples are for Verotel FlexPay PHP client library

<?php
// get your brand instance (Verotel, CardBilling, FreenomPay, Bill, PaintFest Payments)
$brand = Verotel\FlexPay\Brand::create_from_merchant_id(/* Your customer ID */ '9804000000000000');

$flexpayClient = new Verotel\FlexPay\Client(/* shop ID */ 12345, "FlexPay Signature Key", $brand);

$purchaseUrl = $flexpayClient->get_purchase_URL([
    "priceAmount" => 2.64,
    "priceCurrency" => "EUR",
    "description" => "Test purchase",
    "oneClickToken" => "1FD5F342-48DB-11E6-B445-A19150BFB283"
]);

Examples are for Verotel FlexPay Perl client library

use Verotel::FlexPay qw/get_purchase_URL/;

my $purchase_url = get_purchase_URL('FlexPay Signature Key',
    shopID => 65147,
    priceAmount => '6.99',
    priceCurrency  => 'USD',
    oneClickToken => "1FD5F342-48DB-11E6-B445-A19150BFB283"
);

To perform a One Click sale, the currently active token has to be included in the next "purchase order" request.

If the token is valid, the "purchase order" request is processed without any further buyer interaction.

If the order is approved, the buyer receives a standard receipt email, an approval page is displayed and the buyer is redirected to:

The new valid "oneClickToken" is passed with the Successful sale postback call to the merchant’s system for use in the next sale.

Validity of the oneClickToken

  1. The "oneClickToken" can be only be used once. It is invalidated in case the transaction is either approved or declined.

    This means that the merchant’s system has to manage storage and update the active tokens for users upon receiving Successful sale postback calls but also in case of declines. A user can be identified by e.g. custom1-3 fields or referenceID passed by the merchant’s system in the "purchase order" request and returned in the Successful sale postback.

  2. The "oneClickToken" expires automatically after 30 days. The buyer will need to enter CVV code to generate a new one and to resume the One Click functionality.

  3. The "oneClickToken" is linked to a website and to the buyer’s remembered card information stored in the form of a cookie in the browser.

This means that:

Signature calculation

Examples are for Verotel FlexPay PHP client library

<?php
// get your brand instance (Verotel, CardBilling, FreenomPay, Bill, PaintFest Payments)
$brand = Verotel\FlexPay\Brand::create_from_merchant_id(/* Your customer ID */ '9804000000000000');

$flexpayClient = new Verotel\FlexPay\Client(/* shop ID */ 12345, "FlexPay Signature Key", $brand);

$computed_signature = $flexpayClient->get_signature([
    'description' => 'Super video download',
    'priceAmount' => '9.99',
    'priceCurrency' => 'USD',
    'shopID' => 12345,
    'version' => 3.4,
]);

Examples are for Verotel Flexpay Perl client library

use Verotel::FlexPay qw/get_signature/;

my $computed_signature = get_signature('FlexPay Signature Key',
    description => 'Super video download',
    priceAmount => '9.99',
    priceCurrency => 'USD',
    shopID => 12345,
    version => 3.4
);

The signature used in FlexPay requests and postbacks is calculated as SHA-1 hash (hexadecimal output) from the request parameters.

The first parameter has to be your signatureKey, followed by the parameters ordered alphabetically by their names.

Optional arguments that are used (have value) must be contained in the signature calculation. Optional arguments that are not used must not be contained in the signature calculation.

The email parameter in "startorder" request is not included in the signature calculations.

It is mandatory to convert arguments values into UTF-8 before computing the signature.

e.g.

signature = sha1_hex( signatureKey + ":description=" + description + ":period=" + period + ":priceAmount=" + priceAmount + ":priceCurrency=" + priceCurrency + ":referenceID=" + referenceID + ":shopID=" + shopID + ":subscriptionType=" + subscriptionType + ":type=" + type + ":version=" + version )

Example calculation

Parameter Value
(signatureKey) BddJxtUBkDgFB9kj7Zwguxde4gAqha
description Super video download
priceAmount 9.99
priceCurrency USD
custom1 xxyyzz
shopID 64233
type purchase
version 3

Signature calculation using the values above

signature = sha1_hex(BddJxtUBkDgFB9kj7Zwguxde4gAqha:custom1=xxyyzz:description=Super video download:priceAmount=9.99:priceCurrency=USD:shopID=64233:type=purchase:version=3) => a043071d3db1d3bbacee04e1eaf07da0d3ab1d17

The FlexPay purchase request then is

https://secure.verotel.com/startorder?custom1=xxyyzz&description=Super+video+download&priceAmount=9.99&priceCurrency=USD&shopID=64233&type=purchase&version=3&signature=a043071d3db1d3bbacee04e1eaf07da0d3ab1d17

Payment processor

Processor name Allowed payment method Base URL
Verotel CC DDEU BTC https://secure.verotel.com/
CardBilling CC https://secure.billing.creditcard/
FreenomPay CC DDEU BTC https://secure.freenompay.com/
Bill CC DDEU BTC https://secure.bill.creditcard/
PaintFest Payments CC DDEU BTC https://secure.paintfestpayments.com/