1. Public

PaymentSITE

Created by Alex Varone
Mar 23, 2021

During checkout, the website server should not have access to sensitive credit card data. Do not place credit card fields on the final checkout page. Instead, use one of the implementation methods below to redirect the user to a hosted payment page. (See “Implementation Methods” below.)

The hosted payment page accepts the sensitive credit card data and redirects the user back to the checkout page. The redirect returns the transaction response data as a URL parameter. (See “Transaction Response Data” below.)

Transaction Flow Options

Sale Transaction

  • The hosted payment page executes a cc:sale transaction and returns the approval (plus a token) to the website.

  • Before submitting the transaction information, the website should verify that it has not been modified.

AuthOnly Transaction

  • The hosted payment page executes a cc:authonly transaction and returns the approval (plus a token) to the website.

  • After executing the transaction, the website captures the transaction via the API.

  • Before submitting the transaction information, the website should verify that it has not been modified.

Token Transaction

  • The hosted payment page executes a cc:save transaction and returns a token to the website.

  • The website uses the returned token to execute the final transaction via the API.

Post Transaction Redirect URL

  • Preconfigure the redirect URL or send it as a URL parameter to the hosted payment page.

  • Use separate redirects for transaction approvals and declines with the xRedirectURL and/or xRedirectURL_NotApproved variables.

  • xRedirectURL: Set this on the backend or in the request (or both to override it).

  • xRedirectURL_NotApproved: This can be set on the backend or in the request (or both to override it).

  • xPostUrl: Used to get a postback/IPN. This can be set on the backend or in the request (or both to override it, if allowed in settings).
    Redirect sends the returned parameters in the query string.


Example:
https://www.cardknox.com/?xCurrency=USD&xDate=6%2F29%2F2020%204%3A26%3A47%20PM&xResult=A&xStatus=Approved&xErrorCode=00000&xAuthCode=09379A&xAuthAmount=1.03&xRefNum=341260411&xToken=0p3q5479g1g3h2p34g5763008044gg0p&xBatch=5128197&xMID=xxxxxxxxxx9999&xTID=xxxxx6789&xAvsResult=Address%3A%20No%20Match%20&5_Digit_Zip%3A_No_Match&xAvsResultCode=NNN&xCvvResult=No%20CVV%20data%20available&xMaskedCardNumber=4xxxxxxxxxxx1111&xName=t%20test&xExp=0620&xCardType=Visa&xEntryMethod=Keyed&xCustom10=Payment%20Site

Implementation Methods

Redirect

  • The user is redirected to the hosted payment page.

  • Customize the hosted payment page with your logo.

iFrame

  • The hosted payment page is embedded in your own checkout page.

  • The user never leaves your website.

  • See a demo of this implementation at secure.cardknox.com/iframedemo.

Transaction Response Data

This table lists the fields returned in a redirect URL.

Variable Name

Description

Variable Name

Description

xAuthAmount

Amount authorized on card

xAuthCode

Authorization code

xAvsResult

AVS result message

xAvsResultCode

AVS result code

xBatch

Batch number

xCardType

Card type (Visa, Mastercard, etc.)

xCvvResult

CVV result

xCvvResultCode

CVV result code

xErrorCode

Error code

xMaskedCardNumber

Masked card number

xName

Name on card

xRefNum

Transaction reference number

xResult

Result (Status Code) (A, D, E)

xStatus

Result status message (Approved, Declined, Error)

xToken

Token for use with subsequent transactions

xError

Error message (if any)