Payment Gateways

Exp:resso Store comes with many different payment gateways for you to choose from. Our payment processing is based on the open source Omnipay library, which supports dozens of existing payment gateways, and is used on thousands of websites worldwide.

In general, payment gateways fall into one of two categories: external (off-site) gateways and merchant-hosted (on-site) gateways. Merchant hosted gateways allow you to collect the customer’s credit card details directly on your site, but have much stricter requirements, such as an SSL certificate for your server. You will also be subject to much more rigorous security requirements under the PCI DSS (Payment Card Industry Data Security Standard).

Payment gateways must be enabled under Store » Settings » Payment Methods. You can then use them in your site, either by adding the payment_method="" parameter to the Checkout Tag or Payment Tag, or by submitting a payment_method form field.

Using the payment_method parameter:

{exp:store:checkout payment_method="PayPal_Express" return="store/order/ORDER_HASH"}

Under the hood, this simply adds a hidden field to your page:

<input type="hidden" name="payment_method" value="PayPal_Express" />

Using the payment_method form field:

<select name="payment_method">
    <option value="Stripe">Credit Card</option>
    <option value="Manual">Bank Transfer</option>
</select>

For on-site payment gateways, you will need to collect customer credit card details in your Checkout or Payment form. Below you will find a list of required parameters for each gateway. You can submit these parameters using regular HTML form inputs:

<input type="text" name="payment[card_no]" value="" />

Note that the name="" parameter must be specified as payment[card_no] rather than simply card_no. For a full example, see the sample template under store_example/checkout3.

If you require a payment gateway which is not yet supported, you can either develop it yourself (requires PHP experience), or we can develop it for you. If you wish to develop your own gateway, start by checking out the Omnipay library, and the store_check example extension. If you wish to receive a quote for us to develop the gateway, simply email [email protected] with the name of the gateway, and a link to (or copy of) the documentation.

Authorize.Net AIM

payment_method="AuthorizeNet_AIM"

Authorize.Net AIM (Advanced Integration Method) is an on-site payment gateway. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

In addition, you may submit a name field. If this is not submitted, the customer’s billing_name will be used. Other billing details from the order will also be passed through to the Authorize.Net.

Authorize.Net SIM

payment_method="AuthorizeNet_SIM"

Authorize.Net SIM (Simple Integration Method) is an off-site payment gateway. No extra configuration is necessary.

Order billing details will be passed through to Authorize.Net to pre-fill the payment page. However, if the customer changes their billing details in Authorize.Net, these will not be pulled back through to Store.

Buckaroo Credit Card

payment_method="Buckaroo"

Buckaroo is an off-site payment gateway available in the Netherlands. This gateway allows credit card payments via Buckaroo. No extra configuration is necessary.

Buckaroo iDEAL

payment_method="Buckaroo_Ideal"

Buckaroo is an off-site payment gateway available in the Netherlands. This gateway allows iDEAL payments via Buckaroo. No extra configuration is necessary.

Buckaroo PayPal

payment_method="Buckaroo_PayPal"

Buckaroo is an off-site payment gateway available in the Netherlands. This gateway allows PayPal payments via Buckaroo. No extra configuration is necessary.

CardSave

payment_method="CardSave"

CardSave Direct/Integrated is an on-site payment gateway. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

Coinbase

payment_method="Coinbase"

Coinbase is an off-site payment gateway with allows you to accept bitcoin payments. No extra configuration is necessary.

Dummy

payment_method="Dummy"

The Dummy payment gateway is only to be used in demonstration and testing scenarios. Any card number ending in an even number will be authorized (e.g. ‘4242424242424242’). Any card number ending in an odd number will be declined. (e.g. ‘4111111111111111’).

The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

eWay Rapid 3.0

payment_method="Eway_Rapid"

eWay Rapid is a transparent redirect gateway. It works differently to other Store gateways, because the credit card form is hosted on your website, but it is posted to an off-site service. Because of this, the implementation process is slightly different.

On the final page of your checkout, instead of the regular {exp:store:checkout} tag, you must use the {exp:store:payment} tag. This will generate the correct form to submit the customer’s card details to eWay. Note that the input names are different to that of other Store gateways, as they must match those specified in the Rapid API Documentation.

Here is a complete example of what the final page of your checkout should look like:

{exp:store:payment payment_method="Eway_Rapid" return="store/order/ORDER_HASH"}
    <input name="EWAY_CARDNAME" value="" />
    <input name="EWAY_CARDNUMBER" value="" />
    <select name="EWAY_CARDEXPIRYMONTH" />
        <option value=""></option>
        {exp_month_options}
    </select>
    <select name="EWAY_CARDEXPIRYYEAR" />
        <option value=""></option>
        {exp_year_options}
    </select>
    <input name="EWAY_CARDCVN" value="" />
{/exp:store:payment}

First Data Connect

payment_method="FirstData_Connect"

First Data Connect is an off-site payment gateway. No extra configuration is necessary.

GoCardless

payment_method="GoCardless"

GoCardless is an off-site payment gateway. No extra configuration is necessary.

Manual

payment_method="Manual"

The manual payment gateway serves a special purpose in Store. When you need to accept cheque or bank deposit payments, you should use the manual payment gateway. The gateway simply authorizes all payments, allowing the order to proceed. You may then manually mark the payment as “captured” in the Store control panel when payment is received.

If you wish to have more than one manual payment gateway available to your customers, you can create additional gateways using the extension hooks. For an example, see the store_check extension.

MIGS 3-Party

payment_method="Migs_ThreeParty"

MIGS (MasterCard Internet Gateway Service) 3-Party is an off-site payment gateway. MIGS is a white label service, and is generally offered by your bank under a different name. Known services using MIGS include:

• ANZ eGate (Australia / NZ)
• Commonwealth Bank CommWeb (Australia)

No extra configuration is necessary.

MIGS 2-Party

payment_method="Migs_TwoParty"

MIGS (MasterCard Internet Gateway Service) 2-Party is an on-site payment gateway. See MIGS 3-Party above for a list of known banks using this service.

The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

Mollie

payment_method="Mollie"

Mollie is an off-site payment gateway available in the Netherlands, which supports iDEAL. No extra configuration is necessary.

Netaxept

payment_method="Netaxept"

Netaxept is an off-site payment gateway available in Norway. No extra configuration is necessary.

NetBanx

payment_method="NetBanx"

NetBanx is an on-site payment gateway. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

PayFast

payment_method="PayFast"

PayFast is an off-site payment gateway. No extra configuration is necessary.

Payflow

payment_method="Payflow_Pro"

Payflow is an on-site payment gateway, which is run by PayPal, but allows you to use a regular merchant account. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

PaymentExpress (DPS) PxPay

payment_method="PaymentExpress_PxPay"

PaymentExpress (DPS) PxPay is an off-site payment gateway. It is also sometimes (inconsistently) referred to as PxAccess. No extra configuration is necessary.

PaymentExpress (DPS) PxPost

payment_method="PaymentExpress_PxPost"

PaymentExpress (DPS) PxPost is an on-site payment gateway. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

PayPal Express

payment_method="PayPal_Express"

PayPal Express Checkout is an off-site payment gateway. PayPal is probably the most well-known and easy to set up payment gateway.

PayPal Express Checkout requires an API Username, Password, and Signature. These are different from your PayPal account details. You can obtain your API details by logging in to your PayPal account, and clicking Profile > My Selling Tools > API Access > Request/View API Credentials > Request API Signature.

PayPal Pro

payment_method="PayPal_Pro"

PayPal Website Payments Pro is an on-site payment gateway. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

Pin Payments

payment_method="Pin"

Pin is an on-site payment gateway. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

Alternatively, you may use Pin.js to generate a client-side card token, and reduce PCI compliance requirements on your server. The card token should be submitted as a hidden input with name="payment[token]". For more information, see the Pin.js documentation.

Sage Pay Direct

payment_method="SagePay_Direct"

Sage Pay Direct is an on-site payment gateway. The following fields must be submitted:

• name
• card_no
• exp_month
• exp_year
• csc

Sage Pay Server

payment_method="SagePay_Server"

Sage Pay Server is an off-site payment gateway. No extra configuration is necessary.

SecurePay Direct Post

payment_method="SecurePay_DirectPost"

SecurePay Direct Post is a transparent redirect gateway. It works differently to other Store gateways, because the credit card form is hosted on your website, but it is posted to an off-site service. Because of this, the implementation process is slightly different.

On the final page of your checkout, instead of the regular {exp:store:checkout} tag, you must use the {exp:store:payment} tag. This will generate the correct form to submit the customer’s card details to SecurePay. Note that the input names are different to that of other Store gateways, as they must match those specified in the Direct Post API Documentation.

Here is a complete example of what the final page of your checkout should look like:

{exp:store:payment payment_method="SecurePay_DirectPost" return="store/order/ORDER_HASH"}
    <input name="EPS_CARDNUMBER" value="" />
    <select name="EPS_EXPIRYMONTH" />
        <option value=""></option>
        {exp_month_options}
    </select>
    <select name="EPS_EXPIRYYEAR" />
        <option value=""></option>
        {exp_year_options}
    </select>
    <input name="EPS_CCV" value="" />
{/exp:store:payment}

Stripe

payment_method="Stripe"

Stripe is an on-site payment gateway. However, it is much easier to set up than most on-site payment gateways, because it uses Javascript to convert credit card details into a secure token, before sending data to your server. This means that you don’t have to worry about the usual PCI DSS requirements for handling sensitive credit card details, since they are never sent to your server.

Because the card details are not submitted to your server, you should not give them name="" parameters. Instead, you should create form inputs with data-stripe attributes so that the Stripe javascript library can find them:

<input type="text" value="" data-stripe="number" />
<input type="text" value="" data-stripe="name" />
<select data-stripe="exp-month">
    <option value=""></option>
    {exp_month_options}
</select>
<select data-stripe="exp-year">
    <option value=""></option>
    {exp_year_options}
</select>
<input type="text" size="4" value="" data-stripe="cvc" />

You must also create a hidden form input to hold the Stripe card token:

<input type="hidden" id="payment_token" name="payment[token]" value="" />

Stripe requires some extra Javascript to be added to your Checkout or Payment form. For more information, please see the Stripe Documentation. A simple example is shown below:

$(function() {
    $.getScript('https://js.stripe.com/v2/', function() {
        Stripe.setPublishableKey('YOUR_PUBLISHABLE_KEY_HERE');
    });

    /* Ensure your checkout submit button has id="checkout_submit" */
    $checkout_submit = $("#checkout_submit").click(function() {

        /* Only handle requests for Stripe gateway */
        if (this.form.elements["payment_method"].value == "Stripe") {

            /* Temporarily disable the checkout submit button */
            $checkout_submit.attr('disabled', true);

            /* Create a Stripe card token */
            Stripe.card.createToken($(this.form), stripeResponseHandler);

            /* We don't want to submit the form yet */
            return false;
        }
    });

    /* This function is triggered once Stripe has generated the token */
    function stripeResponseHandler(status, response) {
        /* Re-enable the checkout submit button */
        $checkout_submit.attr('disabled', false);

        /* Check whether we have a valid credit card */
        if (response.error) {
            alert(response.error.message);
        } else {
            /* Set the card token and submit the checkout form */
            $("#payment_token").val(response.id);
            $checkout_submit.off("click").click();
        }
    }
});

TargetPay DIRECTebanking

payment_method="TargetPay_Directebanking"

TargetPay is an off-site payment gateway. This gateway allows you to use TargetPay to process DIRECTebanking payments. No extra configuration is necessary.

TargetPay iDEAL

payment_method="TargetPay_Ideal"

TargetPay is an off-site payment gateway. This gateway allows you to use TargetPay to process iDEAL payments. No extra configuration is necessary.

TargetPay Mr Cash

payment_method="TargetPay_Mrcash"

TargetPay is an off-site payment gateway. This gateway allows you to use TargetPay to process Mr Cash payments. No extra configuration is necessary.

2Checkout

payment_method="TwoCheckout"

2Checkout is an off-site payment gateway. No extra configuration is necessary.

Ogone - e-Commerce

payment_method="Ogone_Ecommerce"

1. Log into your Ogone Admin Interface
2. Go to Configuration -> Account -> Languages and URL and enable languages
3. Go to Configuration -> Technical Information -> Global security parameters -> Set your Hash algo
4. Go to Configuration -> Technical Information -> Data and origin verification -> Checks for e-Commerce -> Security for request parameters -> Set: URL of the merchant page containing the payment form that will call the page
5. Go to Configuration -> Technical Information -> Data and origin verification -> Checks for e-Commerce -> Security for request parameters -> Set: SHA-IN pass phrase
6. Go to Configuration -> Technical Information -> Transaction feedback -> Check: “I would like to receive transaction feedback parameters on the redirection URLs.”
7. Go to Configuration -> Technical Information -> Transaction feedback -> Security for request parameters -> Set a SHA-OUT pass phrase

WorldPay

payment_method="WorldPay"

WorldPay is an off-site payment gateway. There are several configuration changes you must make in your WorldPay Merchant Admin Interface before it will work correctly:

1. Log into your WorldPay Merchant Admin Interface
2. Under Installations, click Setup next to your Installation ID
3. In the Payment Response URL field, enter <wpdisplay item=MC_callback>
4. Make sure the Payment Response enabled? option is enabled
5. Make sure the Enable the Shopper Response option is enabled
6. In the Payment Response password field, choose a password, and record this in your Store gateway settings
7. In the MD5 secret for transactions field, choose a password, and record this in your Store gateway settings

If you do not set a Payment Response password and MD5 secret, your WorldPay gateway will not be secure, and it will be possible to submit fake payments on your site.