Integrate payment in online store | Adrenalina

Integrate payment in online store

Publicado Por | 28 junio , 2013 | Blog Adrenalina En | No Comments

The creation of online stores is on the rise and small and medium business do it, caused by the need to open market and competing with the rest of sector business, including the big ones. This is benefited by an ever-increasing acceptance and confidence of users to pay through Internet. The payment gateways get safer with every passing day, allowing for one to gain money through their online store in an increasingly easier manner.

Integrate payment in your online store

The most direct way to have your online store, if you already own a site offering your products or services, is to integrate it with a virtual POS (Point of Sale) like the Caixa’s one or other Sermepa operators, or integrate it with a payment gateway offered by Paypal. This shouldn’t be too complicated, but you must know how Paypal works like or how online credit cards are use and what’s a virtual POS.

How Paypal works like

Paypal is an US company which offers an immense variety of services related to payments through Internet. Most of the times what’s more complicated about integrating Paypal is to know what service you must use between all the choices the site offers. In most of the cases a simple and traditional integration through express payment is more than enough to fulfill your needs.

First thing you gotta do is to open a Paypal account to be able to accept the payments, which can come from credit cards or debit ones, or from other Paypal accounts.

Let’s say that you offer your store’s users to add products to their shopping cart, so that you’ll be able to realize the buying of all products in a single order.

You’ll need to integrate your Paypal app using two spots. Those are:

  • Send the data to Paypal to process the payment.
  • Receive the reply from Paypal to confirm that the payment has been correctly executed.

Sending the data to Paypal

To send your shopping cart data to Paypal you only need a hidden form within your site to send that data to Paypal. Let me show you an example:

<form action="https://www.paypal.com/webscr" name="paypal_checkout" method="POST">
<!-- Your Paypal account -->
<input name="business" value="user@business.com" type="hidden"/> 
<input name="currency_code" value="EUR" type="hidden"/>
<input name="payment" value="sale" type="hidden"/>
<!-- Correct return URL -->
<input name="return" value="http://yourstore.com/paypal_success.html" type="hidden"/> 
<!-- Error return URL -->
<input name="cancel_return" value="http://yourstore.com/paypal_cancel.html" type="hidden"/> 
<!-- Notification URL -->
<input name="notify_url" value="http://yourstore.com/paypal_notify.php" type="hidden"/> 
<input name="bn" value="YourBusiness_Cart_WPS_EN" type="hidden"/> 
<input name="cpp_header_image" value="http://yourstore.com/logo.png" type="hidden"/>
<input name="cpp_payflow_color" value="#FFFFFF" type="hidden"/>
<input name="item_name" value="yourstore.com" type="hidden"/>
<input name="charset" value="utf-8" type="hidden"/>
<input name="amount" value="100.00" type="hidden"/>
<input name="tax" value="21.00" type="hidden"/>
<input name="cmd" value="_cart" type="hidden"/>
<input name="upload" value="1" type="hidden"/>
<!-- Order ID to recognize it on the notification -->
<input name="custom" value="123" type="hidden"/> 
<input name="item_number_1" value="1" type="hidden"/>
<input name="item_name_1" value="Product 1" type="hidden"/>
<input name="quantity_1" value="1" type="hidden"/>
<input name="amount_1" value="40.00" type="hidden"/>
<input name="tax_rate_1" value="21.00" type="hidden"/>
<input name="item_number_2" value="2" type="hidden"/>
<input name="item_name_2" value="Product 2" type="hidden"/>
<input name="quantity_2" value="2" type="hidden"/>
<input name="amount_2" value="30.00" type="hidden"/>
<input name="tax_rate_2" value="21.00" type="hidden"/>
<input name="submit" value="pay" type="submit"/>
</form>

You can see that we’ve got these in the shopping cart: Product 1, 40€ and two Product 2 of 30€ each. Total is 100€ plus taxes. It’s important to report in the custom field the order ID to find it in the notification which Paypal sends to the indicated URL in notify_url.

The form’s action has the Paypal direction to which we send the form. Paypal offers a test environment to test our app before executing real payments. To do this we simply change the action URL to https://www.sandbox.paypal.com/webscr.

Receiving Paypal’s reply

In the URL notified in notify_url we’ll receive a post with the payment’s confirmation which we must verify and then mark that the order’s been paid. It’s important to remember that this process is where the order is confirmed as paid, and not the one found in return, because that doesn’t verify the successful completion of the payment.

Next we’ll add a small PHP code to verify Paypal’s notification.

// 1. We gather all received parameters and include them into the validation command
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// 2. We select the URL to whom we send the verification depending if we're in test mode or not.
$url = $_POST['test_ipn'] == 1 ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr';
// 3. We execute the verifying call
$verification = file_get_contents($url . '?' . $req);
if ($verification == 'VERIFIED')
{
// The notification got verified. You can now execute additional security checks.
// 1. Make sure that the transaction ID (txn_id) hasn't been previously processed. 
// 2. Check that the order (custom) exists and is pending.
// 3. Check that the receiver (receiver_email) is our paypal account. 
// Process the payment
return true;
}
else
{
return false;
}

Through these 2 simple steps we’ve integrated our online store with Paypal and we can receive online payments of our products.

When writing the code which receives Paypal’s reply, we must also take into account that any change in a sent order (like cancellations or devolution by the staff or the client) will also be sent to the same notification URL and, thus, we can have our store 100% informed of the status and evolution of the orders.

Virtual POS

POS stands for Point Of Sale. To be clear, a Virtual POS is like the device used to pay with credit cards but online. If we want to sell our products online without needing a Paypal account, and getting the money straight into the bank account, we’ve got the choice to ask our bank to hire a virtual POS. Banks like La Caixa, Banc Sabadell, etc. use the Servired network (sermepa), meaning that the integration system is the same for all of them.

The 1st step to integrate your store with Sermepa is hiding the POS in your bank to obtain the access keys, both of the test environment and of the production one. Some like Banc Sabadell offer some common codes for general testing, interesting if you want to check the integration before talking it with your bank. We’ll use these codes in the sample code.

Like in the previous example, so as to achieve integration, we’ll need to create a form to send the data to sermepa and receive the reply to mark the request as completed. We also have an environment to carry out testing. Main differences with the previous system are:

  • Sermepa only requests thetotal amount the user has to pay, without data of what articles are in the cart or of the applied taxes. It’s the amount which will be rested from the buyer’s credit card.
  • Sermepa only sends a notice to confirm the payment. If there’s some posterior cancellation o devolution from the sermepa control panel it won’t report that fact to our site. It’s important to know that to decide the work fluxes and not have unreal or erroneous data in the site.

Sending the data t o Sermepa

We next show an example of the payment data sending form:

<?php
$message = '12100' . '123' . '327234688' . '978' . '0' . 'http://yourstore.com/sermepa_notify.php' . 'qwertyasdf0123456789';
$signature = sha1($message);
?>
<form action="https://sis-t.sermepa.es/sis/realizePayment" name="sermepa_checkout" method="POST">
<input name="Ds_Merchant_Amount" value="12100" type="hidden"/>
<input name="Ds_Merchant_Currency" value="978" type="hidden"/>
<input name="Ds_Merchant_Order" value="123" type="hidden"/>
<input name="Ds_Merchant_MerchantCode" value="327234688" type="hidden"/>
<input name="Ds_Merchant_MerchantURL" value="http://yourstore.com/sermepa_notify.php" type="hidden"/>
<input name="Ds_Merchant_MerchantSignature" value="<?php echo $signature; ?>" type="hidden"/>
<input name="Ds_Merchant_Terminal" value="001" type="hidden"/>
<input name="Ds_Merchant_TransactionType" value="0" type="hidden"/>
<input name="Ds_Merchant_UrlOK" value="http://yourstore.com/paypal_success.html" type="hidden"/>
<input name="Ds_Merchant_UrlKO" value="http://yourstore.com/paypal_cancel.html" type="hidden"/>
<input name="Ds_Merchant_MerchantName" value="yourstore.com" type="hidden"/>
<input name="Ds_Merchant_ConsumerLanguage" value="1" type="hidden"/>
<input name="submit" value="pay" type="submit"/>
</form>

In this case you build a signature using the private key which sermepa provides (the last element in the message). Like in the Paypal case, the process which is found in the MerchantURL will be the responsible to signal the order as correct, not the URL OK. We must also notice that the amount to be paid is in centimes (12100 = 121.00€) and that currency 978 is Euros. The URL where we’ll send the form is that of the real environment. To realize tests we can usehttps://sis-t.sermepa.es:25443/sis/realizarPago.

Receive the reply from Sermepa

When processing the reply from Sermepa we needn’t send a confirmation, but we’ll check that the signature of its reply is correct given the parameters we got sent. We’ll show a small PHP example:

// 1. We gather the received data.
$amount = $_POST['Ds_Amount'];
$order = $_POST['Ds_Order'];
$merchant_code = $_POST['Ds_MerchantCode'];
$currency = $_POST['Ds_Currency'];
$response = $_POST['Ds_Response'];
$tpv_signature = $_POST['Ds_Signature'];
$authorisation_code = $_POST['Ds_AuthorisationCode'];
// 2. Make sure the mandatory parameters aren't empty
if (empty($amount) || empty($order) || empty($merchant_code) || empty($currency) || empty($response) || empty($tpv_signature))
{
return false;
}
// 3. Check if a sent signature is correct
$message = $amount . $order . $merchant_code . $currency . $response . 'qwertyasdf0123456789';
$signature = sha1($message);
if (strtolower($signature) != strtolower($tpv_signature))
{
return false;
}
// The notifaction's been verified. Now you can carry out additional security checks.
// 1. Check that the transaction exists and is pending
// 2. Check that the order hasn't been previously processed
// 3. Check that the amount and currency are correct.
// Process the payment
return true;

Once these 2 steps are done our app will be ready to receive payment from clients’ credits card in a safe environment.

When it comes to building apps which allow product buying it’s important to be conscious of what we offers, both to the online store client, and to the person who needs to handle these orders. We’ve seen the simplicity which integrating online payments has, but you’ll have to work to monitor the orders and recognize the state they are in, sending them to the providers, carry out the delivery, etc. Depending on the business’ difficulty this can complicate a little or a lot, thus in some cases it’s easier to hire pros which offer efficient solutions to create and manage your online store.

Autor: mauro flores

Estudiamos y analizamos su negocio en profundidad, definimos objetivos y planteamos la estrategia de marketing más adecuada centrándonos en conseguir cada uno de los objetivos propuestos. Solicita Presupuesto Ahora

Uso de cookies

En este sitio web utilizamos cookies propias y de terceros para mejorar nuestros servicios, para que usted tenga la mejor experiencia de usuario y analizar su visita. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.