Payment Gateways

Exp:resso Store comes with many different payment gateways for you to choose from. If your payment provider isn’t supported already, it’s also easy to develop your own gateway.

In general, payment gateways fall into one of two categories: external (off-site) gateways and merchant-hosted (on-site) gateways. Merchant hosted gateways allow you to collect the customer’s credit card details directly on your site, but have much stricter requirements, such as an SSL certificate for your server. You will also be subject to much more rigorous security requirements under the PCI DSS (Payment Card Industry Data Security Standard). For small sites, you will usually want to start with an off-site gateway.

Payment gateways must be enabled under Store » Settings » Payment Methods. You can then use them in your site, either by adding the payment_method=”” parameter to the Checkout Tag or Payment Tag, or by submitting a payment_method form field.

Using the payment_method parameter:

{exp:store:checkout payment_method="paypal" return="store/order/ORDER_HASH"}

Using the payment_method form field:

<select name="payment_method">
  <option value="stripe">Credit Card</option>
  <option value="manual">Bank Transfer</option>
</select>

For on-site payment gateways, you will need to collect customer credit card details in your Checkout or Payment form. Below you will find a list of required parameters for each gateway. You can submit these parameters using regular HTML form inputs:

<input type="text" name="payment[card_no]" value="" />

Note that the name="" parameter must be specified as payment[card_no] rather than simply card_no. For a full example, see the sample template under store_example/checkout3.

2Checkout

payment_method="2checkout"

2Checkout is an off-site payment gateway. No extra configuration is necessary.

Authorize.Net AIM

payment_method="authorize_net"

Authorize.Net AIM (Advanced Integration Method) is an on-site payment gateway. The following fields must be submitted:

  • card_no
  • exp_month
  • exp_year
  • csc

In addition, you may submit a name field. If this is not submitted, the customer’s billing_name will be used. Other billing details from the order will also be passed through to the Authorize.Net.

Authorize.Net SIM

payment_method="authorize_net_sim"

Authorize.Net SIM (Simple Integration Method) is an off-site payment gateway. No extra configuration is necessary.

Order billing details will be passed through to Authorize.Net to pre-fill the payment page. However, if the customer changes their billing details in Authorize.Net, these will not be pulled back through to Store.

Buckaroo

payment_method="buckaroo"

Buckaroo is an off-site payment gateway available in the Netherlands, which supports iDEAL. No extra configuration is necessary.

CardSave Direct

payment_method="cardsave"

CardSave Direct/Integrated is an on-site payment gateway. The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

DPS PaymentExpress PxPay

payment_method="dps_pxpay"

DPS PaymentExpress PxPay is an off-site payment gateway. It is also sometimes (inconsistently) referred to as PxAccess. No extra configuration is necessary.

DPS PaymentExpress PxPost

payment_method="dps_pxpost"

DPS PaymentExpress PxPost is an on-site payment gateway. The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

Dummy

payment_method="dummy"

The Dummy payment gateway is only to be used in demonstration and testing scenarios. It will accept payment only when the card_no is set to “4111111111111111”, with a valid expiry date. All other transactions will be declined.

The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

eWay Hosted

payment_method="eway"

eWay Hosted is an on-site payment gateway. The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

eWay Shared

payment_method="eway_shared"

eWay Shared is an off-site payment gateway. No extra configuration is necessary.

You can customize various aspects of the payment page, by providing URLs in the gateway settings. Remember that the payment page will be delivered over SSL, so your logo URLs must be HTTPS, otherwise the user will see browser warnings.

eWay Shared (UK)

payment_method="eway_shared_uk"

eWay Shared UK is an off-site payment gateway, which implements a slightly different API used by eWay UK. No extra configuration is necessary.

GoCardless

payment_method="gocardless"

GoCardless is an off-site payment gateway. No extra configuration is necessary.

iDEAL

payment_method="ideal"

iDEAL is an off-site payment gateway available in the Netherlands, based on online banking.

iDEAL requires that you present a choice of banks to the customer, before they are redirected to their bank’s internet banking page. To do this, Store has a special {ideal_issuer_options} variable which you can insert into the final page of your template. You should add the following code to your template:

<select id="payment_issuer" name="payment[issuer]">
  {ideal_issuer_options}
</select>

The list of issuers will be automatically loaded from the gateway, and cached in ExpressionEngine.

Manual

payment_method="manual"

The manual payment gateway serves a special purpose in Store. When you need to accept cheque or bank deposit payments, you should use the manual payment gateway. The gateway simply authorizes all payments, allowing the order to proceed. You may then manually mark the payment as “captured” in the Store control panel when payment is received.

Mollie

payment_method="mollie"

Mollie is an off-site payment gateway available in the Netherlands, which supports iDEAL. No extra configuration is necessary.

Nets (BBS) Netaxept

payment_method="netaxept"

Netaxept is an off-site payment gateway available in Norway. No extra configuration is necessary.

payment_method="ogone_directlink"

Ogone DirectLink is an on-site payment gateway. The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

Payflow Pro

payment_method="payflow_pro"

Payflow is an on-site payment gateway, which is run by PayPal, but allows you to use a regular merchant account. The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

Paymate

payment_method="paymate"

Paymate is an off-site payment gateway. No extra configuration is necessary.

PayPal Express

payment_method="paypal_express"

PayPal Express Checkout is an off-site payment gateway. PayPal is probably the most well-known and easy to set up payment gateway.

PayPal Express Checkout requires an API Username, Password, and Signature. These are different from your PayPal account details. You can obtain your API details by logging in to your PayPal account, and clicking Profile > My Selling Tools > API Access > Request/View API Credentials > Request API Signature.

PayPal Pro

payment_method="paypal_pro"

PayPal Website Payments Pro is an on-site payment gateway. The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

Rabo OmniKassa

payment_method="rabo_omnikassa"

Rabo OmniKassa is an off-site payment gateway. No extra configuration is necessary.

Sage Pay Direct

payment_method="sagepay_direct"

Sage Pay Direct is an on-site payment gateway. The following fields must be submitted:

  • card_no
  • card_type
  • name
  • exp_month
  • exp_year
  • csc

Sage Pay Server

payment_method="sagepay_server"

Sage Pay Server is an off-site payment gateway. No extra configuration is necessary.

Stripe

payment_method="stripe"

Stripe is an on-site payment gateway. However, it is much easier to set up than most on-site payment gateways, because it uses Javascript to convert credit card details into a secure token, before sending data to your server. This means that you don’t have to worry about the usual PCI DSS requirements for handling sensitive credit card details, since they are never sent to your server.

Because the card details are not submitted to your server, you should not give them name="" parameters. Instead, you should create form inputs with id="" parameters so that you can reference them from Javascript:

<input type="text" id="payment_card_no" value="" />
<input type="text" id="payment_name" value="" />
<select id="payment_exp_month">
  <option value=""></option>
  {exp_month_options}
</select>
<select id="payment_exp_year">
  <option value=""></option>
  {exp_year_options}
</select>
<input type="text" id="payment_card_csc" size="4" value="" />

You must also create a hidden form input to hold the Stripe card token:

<input type="hidden" id="payment_token" name="payment[token]" value="" />

Stripe requires some extra Javascript to be added to your Checkout or Payment form. For more information, please see the Stripe Documentation. A simple example is shown below:

$(function() {
  $.getScript('https://js.stripe.com/v1/', function() {
    Stripe.setPublishableKey('YOUR_PUBLISHABLE_KEY');
  });

  /* Ensure your checkout submit button has id="checkout_submit" */
  $("#checkout_submit").click(function() {

    /* Only handle requests for Stripe gateway */
    var payment_method;
    $.each($(this.form).serializeArray(), function(index, a) {
      if (a.name == "payment_method") { payment_method = a.value; }
    });

    if (payment_method == "stripe") {

      /* Temporarily disable the checkout submit button */
      $("#checkout_submit").attr('disabled', true);

      /* Create a Stripe card token */
      Stripe.createToken({
        name: $("#payment_name").val(),
        number: $("#payment_card_no").val(),
        cvc: $("#payment_card_csc").val(),
        exp_month: $("#payment_exp_month").val(),
        exp_year: $("#payment_exp_year").val()
      }, stripeResponseHandler);

      /* We don't want to submit the form yet */
      return false;
    }
  });

  /* This function is triggered once Stripe has generated the token */
  function stripeResponseHandler(status, response) {
    /* Re-enable the checkout submit button */
    $("#checkout_submit").attr('disabled', false);

    /* Check whether we have a valid credit card */
    if (response.error) {
      alert(response.error.message);
    } else {
      /* Set the card token and submit the checkout form */
      $("#payment_token").val(response['id']);
      $("#checkout_submit").unbind("click").click();
    }
  }
});

Webteh Direct

payment_method="webteh"

Webteh Direct is an on-site payment gateway, available in Croatia. The following fields must be submitted:

  • card_no
  • name
  • exp_month
  • exp_year
  • csc

WorldPay

payment_method="worldpay"

WorldPay is an off-site payment gateway. There are several configuration changes you must make in your WorldPay Merchant Admin Interface before it will work correctly:

  1. Log into your WorldPay Merchant Admin Interface
  2. Under Installations, click Setup next to your Installation ID
  3. In the Payment Response URL field, enter <wpdisplay item=MC_callback>
  4. Make sure the Payment Response enabled? option is selected
  5. In the Payment Response password field, choose a password, and record this in your Store gateway settings
  6. In the MD5 secret for transactions field, choose a password, and record this in your Store gateway settings

If you do not set a Payment Response password and MD5 secret, your WorldPay gateway will not be secure, and it will be possible to submit fake payments on your site.