Samport/TellusPay API integration (3-D Secure)

[jocke4u]

I am working on an API integration with Samport/TellusPay using 3-D Secure transactions but have some issues to solve.

When the process_payment(...) method are triggered a 3-D Secure initiation are executed, in that method I must provide a "next step URL" where the customer returns to after the credit card processing. What URL should I use with Virtuemart?

[jocke4u]

The integration to Samport/TellusPay and usage of 3-D Secure transaction must be perormed in a certain way/order depending on the card type. The specs say that the following flow are valid.

Prereqs
User have choosen this payment method and have entered all needed data and press the "confirm order" button which triggers this process.

1. Initiate 3-D Secure transaction, gets a XML repsonse.
2.1 If the card was a 3-D Secure card a redirect must happen (in a new page in virtuemart process flow, embedded IFRAME or popup)
2.2 If the card is NOT a 3-D secure, go to 3
3. Authorize the transaction to reserve the money
4. Transaction are finished with result success or failed and updates the order according to the result.
5. The finish page as is today in virtuemart are displyed

My question is how this are going to be implemented. I think the virtuemart process flow must be modified or does virtuemart have support for this?
Do you know if there is other similar process/behaviour in any payment process?

Any other idea?

[jocke4u]

I have had contact with Samport today and they have released a module for Virtuemart for handling credit cards with a hosted solution (as in PayPal). I have made some tests and can see it's working but need some adjustments.

For the API integration there is a need for a more dynamic configuration for the checkout process. Maybe the configurable process as it is today i enough but for each step (e.g. payment) I think there is a need for a more dynamic approach with additional sub processes or pre/post methods in the current payment modules.

[jocke4u]

Here is the first version of payment module for Samport API integration.

[attachment cleanup by admin]

[sunburst]

Hi,

I'm starting work on integrating this samport payment module for a Norwegian site and notice that you have a module here as well but Samport also provide a module too. What's the difference between your version and samport's version?

thanks,

[jocke4u]

Hi,

I'm starting work on integrating this samport payment module for a Norwegian site and notice that you have a module here as well but Samport also provide a module too. What's the difference between your version and samport's version?

thanks,

When I was started Samport hadn't released their version yet and they also said that they will provide a implementation for HOSTED version, I did a API version. Later on they released a HOSTED version but doesn't know about the status today, if they have a API version as well.

[sunburst]

Thanks for your reply, I'm looking for an API solution. So may use your one too.

This is the one they have given me, see attachment.

--- EDITED ---

This is the official HOST SOLUTION version and not the API SOLUTION



[attachment cleanup by admin]

[jocke4u]

Sure, make some tests with it and make the modifications you need.

[sunburst]

Hi Joacim J,

Sorry for the taken i while to get bacvk in touch and many thanks for releasing this script, much appreciated.

Looks like you're script is the only API solution since Samport only offers the Hosted solution currently.

I have followed your instructions and have setup and configured samport in the payment method. Now we need to test it.

Is there anything else that needs to be setup on the demo account?
ie, Settings --> repsonse URL --> Approved:   and      Denied:

Also, how would i go about carrying out the test? Will i need to purchase a SSL certificate (sharad or dedicated)?

thanks,

sunburst

[jocke4u]

Hi,

I have not got started yet and the project have been put on ice due to heavy workload :-(

Test both regular (old) credit cards and the newer that are using 3-D Secure since there are different flows (3-D Secure makes a redirect to the card issuer). What I can remember there are no special configuration in Samports Web Manager, as the HOSTED solution requires.

Make the changes in administration panel for the payment type reflecting your Samport account.

Yes, you should get your own dedicated SSL certificate and the best is also to have a dedicated server (since the credit card numbers are stored in the database, encrypted but to be more secured.....)

Good luck!

[sunburst]

Thanks for your quick reply.

So you aren't using it at the moment and you can't really confirm that it is a working solution?

Yes you are right, nothing needs to be configured from the web manager and SSL cert is not needed during the test with the demo account.

I have also added Norwegian currency as well but need to know when testing, do we just make simply make a purchase on the site with a credit card and see if the transaction has been processed.

I also noticed this line here:

$validation_string = md5( $my->id . "Xf35tG0i7Yc" . $mosConfig_secret . ENCODE_KEY . $orderId);

where it says: Xf35tG0i7Yc

Does this have to be changed?

thank you,

[jocke4u]

Thanks for your quick reply.

So you aren't using it at the moment and you can't really confirm that it is a working solution?

I have only used it in testing mode with both real credit cards and test card numbers. You should always test it yourself since its about money transactions even if I would have said that it's 100% working for me.

Yes you are right, nothing needs to be configured from the web manager and SSL cert is not needed during the test with the demo account.

I used a self generated SSL cert for test, just to get the correct behaviour during tests.

I have also added Norwegian currency as well but need to know when testing, do we just make simply make a purchase on the site with a credit card and see if the transaction has been processed.

During the tests you can not get the transaction to the full end status according to Samport.

I also noticed this line here:

$validation_string = md5( $my->id . "Xf35tG0i7Yc" . $mosConfig_secret . ENCODE_KEY . $orderId);

where it says: Xf35tG0i7Yc

Does this have to be changed?

I added this just to get an extra strong validation on the returning redirect (when using 3-D Direct). You can change it but then you are required to change it in two places in the code (search for them) otherwise it will not match and the request will be rejected.

[sunburst]

Many thanks for your help and replies.

I think we have chosen to go with the Hosted solution just now as we can't be taking chances at this point. However, API solution is still a very good option as we really wanted to keep our customers on our site during checkout. So i think we will re-visit this script later. Got to see how well the ecommerce site does first.

thank you,

[jocke4u]

The same goes for me. The hosted solution are much more simple and put less requirements on the shop.

I will for now go for the Payer solution (from http://pay-read.se) since it's even more simple (doesn't require a "inlösenavtal" with the bank)

[sunburst]

Thanks looks good but we have already gone with Samport for the mean time. Cost is a problem with us at the moment so all this requirement for security using API is better dealt with by the payment system company i guess, as you know there have recently been many security issues with Joomla extensions lately so it's not the right time to be taken risk at the moment.

I'm just enquiring about branding on the Hosted solution. At least this way it should still look more like our shop so we can live with that.

By the way, sorry what is "inlösenavtal"? I don't speak Swedish (my fault really), but would like to know.

thanks,