Copy link to clipboard
Copied
Hi All,
I have used Cybersource's Hosted Order Page for the past 8 years, but they are eliminating that option and are offering Secure-Acceptance in it's place. The only trouble is, Cybersource offers no ColdFusion support or API. I have pulled apart their PHP example and thought I'd share what I have working so far. You should follow the steps in http://www.cybersource.com/resources/collateral/pdf/Secure_Acceptance_WM_Quick_Start_Guide.pdf to get the AccessKey, ProfileID, and SecretKey you'll need for this example. Here are the two pages I created "payment_form.cfm" and "payment_confirmation.cfm". You can get the payment.css, payment_form.js and jquery.js from the PHP download link in the PDF I mentioned.
I'll post more, as I get father along...
Have a good one,
- Shawn
=================================================
payment_form.cfm
=================================================
<html>
<head>
<title>Secure Acceptance - Payment Form Example</title>
<link rel="stylesheet" type="text/css" href="payment.css"/>
<script type="text/javascript" src="jquery-1.7.min.js"></script>
<script type="text/javascript" src="payment_form.js"></script>
</head>
<body>
<!--- CREATE UNIQUE ID FOR TRANSACTION --->
<cfset uniqid = randrange(10000000, 99999999) & randrange(00000000, 99999999)>
<!--- FORMAT CURRENT DATE/TIME TO GREENWICH MEAN TIME AND MATCH FORMATTING FROM PHP --->
<cfset dtNow = Now() />
<cfset dtGMT = DateAdd("s", GetTimeZoneInfo().UTCTotalOffset, dtNow) />
<cfset strGMT = (DateFormat( dtGMT, "yyyy-mm-dd" )&"T"&TimeFormat( dtGMT, "HH:mm:ss" ) &"Z") />
<cfset accessKey = "[ -----PUT YOUR ACCESS_KEY HERE----- ]">
<cfset profileID = "[ -----PUT YOUR PROFILE_ID HERE----- ]">
<cfoutput>
<form id="payment_form" action="payment_confirmation.cfm" method="post">
<!--- HIDDEN FIELDS --->
<input type="hidden" name="access_key" value="#accessKey#">
<input type="hidden" name="profile_id" value="#profileID#">
<input type="hidden" name="transaction_uuid" value="#uniqid#">
<input type="hidden" name="signed_field_names" value="access_key,profile_id,transaction_uuid,signed_field_names,unsigned_field_names,signed_date_time,locale,transaction_type,reference_number,amount,currency">
<input type="hidden" name="unsigned_field_names" value="">
<input type="hidden" name="signed_date_time" value="#strGMT#">
<input type="hidden" name="locale" value="en">
<fieldset>
<legend>Payment Details</legend>
<div id="paymentDetailsSection" class="section">
<span>transaction_type:</span><input type="text" name="transaction_type" size="25" value="authorization"><br/>
<span>reference_number:</span><input type="text" name="reference_number" size="25"><br/>
<span>amount:</span><input type="text" name="amount" size="25" value="100.00"><br/>
<span>currency:</span><input type="text" name="currency" size="25" value="USD"><br/>
</div>
</fieldset>
<input type="submit" id="submit" name="submit" value="Submit"/>
</form>
</cfoutput>
</body>
</html>
=================================================
payment_confirmation.cfm
=================================================
<cfset signed_inputs_values =
"access_key="&#access_key#&",profile_id="&#profile_id#&",transaction_uuid="&#transaction_uuid#&",signed_field_names="&#signed_field_names#&",unsigned_field_names="&#unsigned_field_names#&",signed_date_time="&#signed_date_time#&",locale="&#locale#&",transaction_type="&#transaction_type#&",reference_number="&#reference_number#&",amount="&#amount#&",currency="&#currency#>
<cfset key = "[ -----PUT YOUR SECRET_KEY HERE----- ]">
<cfoutput>
<!--- CREATE HMAC SHA256 --->
<cfscript>
secret = createObject('java', 'javax.crypto.spec.SecretKeySpec' ).Init(key.GetBytes(), 'HmacSHA256');
mac = createObject('java', "javax.crypto.Mac");
mac = mac.getInstance("HmacSHA256");
mac.init(secret);
digest = mac.doFinal(signed_inputs_values.GetBytes());
</cfscript>
<!--- ENCODE AS iso-8859-1 --->
<cfset theSigHMAC = CharsetEncode(digest, 'iso-8859-1')>
<!--- CREATE Base64 signature --->
<cfset signature = ToBase64(digest)>
<fieldset>
<legend>Confirm Payment</legend>
Amount: #amount#
<br><br>
Date: #signed_date_time#
</fieldset>
<form id="payment_form" action="https://testsecureacceptance.cybersource.com/pay" method="post">
<input type="hidden" name="access_key" value="#access_key#">
<input type="hidden" name="amount" value="#amount#">
<input type="hidden" name="currency" value="#currency#">
<input type="hidden" name="locale" value="#locale#">
<input type="hidden" name="profile_id" value="#profile_id#">
<input type="hidden" name="reference_number" value="#reference_number#">
<input type="hidden" name="signed_date_time" value="#signed_date_time#">
<input type="hidden" name="transaction_type" value="#transaction_type#">
<input type="hidden" name="transaction_uuid" value="#transaction_uuid#">
<input type="hidden" name="unsigned_field_names" value="#unsigned_field_names#">
<input type="hidden" name="signed_field_names" value="#signed_field_names#">
<input type="hidden" name="signature" value="#signature#">
<input type="submit" id="submit" name="submit" value="confirm"/>
</form>
</cfoutput>
Copy link to clipboard
Copied
UPDATE: --------------------------------
I have been unable to move forward on this project because of an error on Cybersource's end. Apparently, Cybersource did not do sufficient testing on their new Secure Acceptance system. Now that their customers are actually trying to use it, they cannot keep up with the requests for support. I have been waiting for over 2 weeks for a response, and the only message I've received said they are "...too busy to get back to me." Now, at this point, you'd think they would move the HOP deadline.
Copy link to clipboard
Copied
Good afternoon - thanks for you post. I'm in the same situation, have you been able to get CF working with Secure Acceptance?
Any pointers?
Thanks
Scott T.
Copy link to clipboard
Copied
Yes. I got it working today.
I unchecked "Fails CVN check" and "Fails AVN check" for "Automatic Authorization Reversal" in Cybersource's control panel under Tools & Settings>Secure Acceptance>Profiles>Payment Settings.
Copy link to clipboard
Copied
Excellent! Is there any way you could walk me through the basic? I have
configured everything in CyberSource, have moified by hop.cfm, etc. I
guess I need the details on how you took you invoice created with CFM and
pushed it to one of their supported languages. I know you time is
valuable, so am certainly willing to cover your time so I can get this up
and running.
On Wed, Sep 24, 2014 at 1:58 PM, TonightWeDineInHELL <
Copy link to clipboard
Copied
Hi,
I didn't use any of the languages provided by Cybersource (PHP, .NET ect...). I wrote my own in ColdFusion. I have the pages below working. Just put in your Profile ID, AccessKey, and SecretKey. When cutting-and-pasting from this forum, you will sometimes get hard-returns where you don't want them. In the middle of a cfset for example. So after pasting, be sure to go through the code and look for those. Let me know how you do.
Thanks,
- Shawn
============================================================
payment_form.cfm
============================================================
<cfoutput>
<!--- CREATE UNIQUE ID FOR TRANSACTION --->
<cfset uniqid = randrange(10000000, 99999999) & randrange(00000000, 99999999)>
<!--- FORMAT CURRENT DATE/TIME TO GREENWICH MEAN TIME --->
<cfset dtNow = Now() />
<cfset dtSimple = DateFormat(dtNow, "mm_dd_yyyy_mm_ss") />
<cfset dtGMT = DateAdd("s", GetTimeZoneInfo().UTCTotalOffset, dtNow) />
<cfset strGMT = (DateFormat( dtGMT, "yyyy-mm-dd" )&"T"&TimeFormat( dtGMT, "HH:mm:ss" ) &"Z") />
<!--- CREATE REFERENCE_NUMBER AND TOTAL_COST --->
<cfset reference_number = #dtSimple#>
<cfset total_cost = '100.00'>
<form action="payment_confirmation.cfm" method="POST">
<!--- FIELDS FOR CYBERSOURCE CONNECTION --->
<input type="text" name="access_key" value="[--- ---YOUR ACCESS KEY--- ---]">
<input type="text" name="profile_id" value="[--- ---YOUR PROFILE ID--- ---]">
<input type="text" name="transaction_uuid" value="#uniqid#">
<input type="text" name="signed_field_names" value="access_key,profile_id,transaction_uuid,signed_field_names,unsigned_field_names,signed_date_time,locale,transaction_type,reference_number,amount,currency,bill_to_forename,bill_to_surname,bill_to_email,bill_to_address_line1,bill_to_address_city,bill_to_address_postal_code,bill_to_address_state,bill_to_address_country">
<input type="text" name="unsigned_field_names" value="">
<input type="text" name="signed_date_time" value="#strGMT#">
<input type="text" name="locale" value="en">
<input type="text" name="transaction_type" size="25" value="authorization">
<input type="text" name="reference_number" size="25" value="#reference_number#">
<input type="text" name="amount" size="25" value="#total_cost#">
<input type="text" name="currency" size="25" value="USD">
<input type="text" name="bill_to_forename" size="25" value="John">
<input type="text" name="bill_to_surname" size="25" value="JOHNSON">
<input type="text" name="bill_to_email" size="25" value="#john@johnson.com">
<input type="text" name="bill_to_address_line1" size="25" value="123 1st Ave">
<input type="text" name="bill_to_address_city" size="25" value="AnyTown">
<input type="text" name="bill_to_address_state" size="2" value="FL">
<input type="text" name="bill_to_address_postal_code" size="25" value="33351">
<input type="text" name="bill_to_address_country" size="2" value="US">
<input type="submit" id="submit" name="submit" value="Submit"/>
</form>
</cfoutput>
============================================================
============================================================
payment_confirmation.cfm
============================================================
<!--- REQUIRED LIST OF SIGNED FIELDS FOR HMAC --->
<cfset signed_items =
"access_key="&#access_key#&",profile_id="&#profile_id#&",transaction_uuid="&#transaction_uuid#&",signed_field_names="&#signed_field_names#&",unsigned_field_names="&#unsigned_field_names#&",signed_date_time="&#signed_date_time#&",locale="&#locale#&",transaction_type="&#transaction_type#&",reference_number="&#reference_number#&",amount="&#amount#&",currency="&#currency#&",bill_to_forename="&#bill_to_forename#&",bill_to_surname="&#bill_to_surname#&",bill_to_email="&#bill_to_email#&",bill_to_address_line1="&#bill_to_address_line1#&",bill_to_address_city="&#bill_to_address_city#&",bill_to_address_postal_code="&#bill_to_address_postal_code#&",bill_to_address_state="&#bill_to_address_state#&",bill_to_address_country="&#bill_to_address_country#>
<cfoutput>
<cfset key = "[--- ---YOUR SECRET KEY--- ---]">
<!--- CREATE HMAC SHA256 --->
<cfscript>
secret = createObject('java', 'javax.crypto.spec.SecretKeySpec' ).Init(key.GetBytes(), 'HmacSHA256');
mac = createObject('java', "javax.crypto.Mac");
mac = mac.getInstance("HmacSHA256");
mac.init(secret);
digest = mac.doFinal(signed_items.GetBytes());
</cfscript>
<!--- ENCODE AS iso-8859-1 --->
<cfset theSigHMAC = CharsetEncode(digest, 'iso-8859-1')>
<!--- CREATE Base64 signature --->
<cfset signature = ToBase64(digest)>
<!--- HIDDEN FORM ELEMENTS TO SUBMIT TO CYBERSOURCE --->
<!--- LIVE TRANSACTIONS https://secureacceptance.cybersource.com/pay --->
<!--- TEST TRANSACTIONS https://testsecureacceptance.cybersource.com/pay --->
<form id="payment_form" name="payment_form" action="https://secureacceptance.cybersource.com/pay" method="post">
<input type="hidden" name="access_key" value="#access_key#">
<input type="hidden" name="amount" value="#amount#">
<input type="hidden" name="currency" value="#currency#">
<input type="hidden" name="locale" value="#locale#">
<input type="hidden" name="profile_id" value="#profile_id#">
<input type="hidden" name="reference_number" value="#reference_number#">
<input type="hidden" name="signed_date_time" value="#signed_date_time#">
<input type="hidden" name="transaction_type" value="#transaction_type#">
<input type="hidden" name="transaction_uuid" value="#transaction_uuid#">
<input type="hidden" name="unsigned_field_names" value="">
<input type="hidden" name="signed_field_names" value="#signed_field_names#">
<input type="hidden" name="bill_to_forename" size="25" value="#bill_to_forename#"><br/>
<input type="hidden" name="bill_to_surname" size="25" value="#bill_to_surname#"><br/>
<input type="hidden" name="bill_to_email" size="25" value="#bill_to_email#"><br/>
<input type="hidden" name="bill_to_address_line1" size="25" value="#bill_to_address_line1#"><br/>
<input type="hidden" name="bill_to_address_city" size="25" value="#bill_to_address_city#"><br/>
<input type="hidden" name="bill_to_address_postal_code" size="25" value="#bill_to_address_postal_code#"><br/>
<input type="hidden" name="bill_to_address_state" value="#bill_to_address_state#">
<input type="hidden" name="bill_to_address_country" value="#bill_to_address_country#">
<input type="hidden" name="signature" value="#signature#">
</form>
</cfoutput>
<!--- SCRIPT TO SUBMIT THE HIDDEN FORM --->
<!--- SCRIPT WAITS 1/2 SECOND THEN SUBMITS AUTOMATICALLY --->
<script type="text/javascript">
if (document.getElementById("payment_form")) { // if it's loaded
form = document.getElementById("payment_form");
setTimeout("submitForm()", 500); // set timout
}
function submitForm() {
form.submit(); // submits form
}
</script>
============================================================
============================================================
receipt.cfm
============================================================
<!--- If YOU HAVE A Transaction Response Page SETUP IN CYBERSOURCE --->
<!--- CYBERSOURCE CONTROL PANEL - Tool & Settings>Profiles>[your profile]>Customer Response>Transaction Response Page --->
<!--- THESE ARE ALL THE FIELDS RETURNED BACK TO YOU FROM CYBERSOURCE --->
<cfoutput>
<br> AUTH_AMOUNT=#AUTH_AMOUNT#
<br> AUTH_AVS_CODE=#AUTH_AVS_CODE#
<br> AUTH_AVS_CODE_RAW=#AUTH_AVS_CODE_RAW#
<br> AUTH_CODE=#AUTH_CODE#
<br> AUTH_RESPONSE=#AUTH_RESPONSE#
<br> AUTH_TIME=#AUTH_TIME#
<br> DECISION=#DECISION#
<br> FIELDNAMES=#FIELDNAMES#
<br> MESSAGE=#MESSAGE#
<br> REASON_CODE=#REASON_CODE#
<br> REQ_ACCESS_KEY=#REQ_ACCESS_KEY#
<br> REQ_AMOUNT=#REQ_AMOUNT#
<br> REQ_BILL_TO_ADDRESS_CITY=#REQ_BILL_TO_ADDRESS_CITY#
<br> REQ_BILL_TO_ADDRESS_COUNTRY=#REQ_BILL_TO_ADDRESS_COUNTRY#
<br> REQ_BILL_TO_ADDRESS_LINE1=#REQ_BILL_TO_ADDRESS_LINE1#
<br> REQ_BILL_TO_ADDRESS_POSTAL_CODE=#REQ_BILL_TO_ADDRESS_POSTAL_CODE#
<br> REQ_BILL_TO_ADDRESS_STATE=#REQ_BILL_TO_ADDRESS_STATE#
<br> REQ_BILL_TO_EMAIL=#REQ_BILL_TO_EMAIL#
<br> REQ_BILL_TO_FORENAME=#REQ_BILL_TO_FORENAME#
<br> REQ_BILL_TO_PHONE=#REQ_BILL_TO_PHONE#
<br> REQ_BILL_TO_SURNAME=#REQ_BILL_TO_SURNAME#
<br> REQ_CARD_EXPIRY_DATE=#REQ_CARD_EXPIRY_DATE#
<br> REQ_CARD_NUMBER=#REQ_CARD_NUMBER#
<br> REQ_CARD_TYPE=#REQ_CARD_TYPE#
<br> REQ_CURRENCY=#REQ_CURRENCY#
<br> REQ_LOCALE=#REQ_LOCALE#
<br> REQ_PAYMENT_METHOD=#REQ_PAYMENT_METHOD#
<br> REQ_PROFILE_ID=#REQ_PROFILE_ID#
<br> REQ_REFERENCE_NUMBER=#REQ_REFERENCE_NUMBER#
<br> REQ_TRANSACTION_TYPE=#REQ_TRANSACTION_TYPE#
<br> REQ_TRANSACTION_UUID=#REQ_TRANSACTION_UUID#
<br> SIGNATURE=#SIGNATURE#
<br> SIGNED_DATE_TIME=#SIGNED_DATE_TIME#
<br> SIGNED_FIELD_NAMES=#SIGNED_FIELD_NAMES#
<br> TRANSACTION_ID=#TRANSACTION_ID#
</cfoutput>
============================================================
Copy link to clipboard
Copied
Thank you.... I have been able to bet it working on our test environment, will try production later this weekend! You have been most helpful and bailed me out big time.
So the next step is to post back to our application so I can update the transaction in our database. I was going to use the Merchant Post URL for that, have you implemented this side of things?
Thanks again!
Copy link to clipboard
Copied
I'm in the same boat as you all and am trying to get this to work before the deadline. I'm having problems with the encryption portion and am getting a message that says "Algorithm HmacSHA256 not available". We are using ColdFusion MX 7 on our server. Does anyone have a fix for this?
Copy link to clipboard
Copied
Well, there is Ben Nadel's Crypto.cfc I haven't used it though. bennadel/Crypto.cfc · GitHub
Any chance you can upgrade ColdFusion? Sorry I can't be more help.
- Shawn
Copy link to clipboard
Copied
I am using the Transaction Response Page setting in Cybersource's control panel
Tool & Settings
> Profiles
> [your profile]
> Customer Response
> Transaction Response Page
The variables pushed to you from Cybersource's "Transaction Response Page" are on my receipt.cfm page.
What I do, is put the details of the order in the database on the payment_form.cfm page and then put that order ID in the REQ_REFERENCE_NUMBER that is sent to Cybersource. Then, when the customer is pushed back to my site, I build a receipt based on the REQ_REFERENCE_NUMBER (the ID for the order) and write the results of the transaction in the database.
Does that help?
Copy link to clipboard
Copied
Thank you so much for your help, Shawn. I really appreciate it. I'm trying to get the server upgraded so that would probably be the best solution. Since I'm teaching a class today, I'm going to look at the other solutions later this afternoon after I finish.
Thanks again, Dana.
Copy link to clipboard
Copied
Shawn:
Thanks so much for your help with this. Like so many others, I am trying to make these three pages work on our site, but I am still trying to work out the details. For example, we have been integrating our 'hop.cfm' page into our current payment page with a cfinclude tag, specifically '<CFINCLUDE TEMPLATE="HOP.cfm">' , and we put cfinclude tag right before the page sends data to the Cybersource page. Is this still the correct location? If not, where should we put it? We are using the 'hop.cfm' page which is generated by the Cybersource Business site under the path
Tools & Settings -> Hosted Order Page -> Security -> Generate Security Script -> Coldfusion .
Is this still correct? Do we need to make further modifications to the 'hop.cfm' file?
Thanks!
Dee
Copy link to clipboard
Copied
Hi Dee,
You no longer need the HOP page. In fact, the HOP will no longer work on Oct 1, 2014 (tomorrow). Cybersource is decommissioning the HOP and replacing it with Secure Acceptance.
You will need to setup a Secure Acceptance Profile in Cybersource's control panel. Follow the steps here:
http://www.cybersource.com/resources/collateral/pdf/Secure_Acceptance_WM_Quick_Start_Guide .pdf
From there you will get the "AccessKey", "ProfileID", and "SecretKey" you need to make the "payment_form.cfm" and the "payment_confirmation.cfm" above work in place of the HOP.
- Shawn
Copy link to clipboard
Copied
Okay, thanks for explaining the outcome on the HOP.cfm file. I thought I saw some reference to HOP earlier, so I was confused, but that cleared up the matter of the HOP.cfm fi
At the same time, I went back and read the instructions for creating a profile. I had already followed those, but I went through and made sure that everything was fine-tuned and correct. Unfortunately, I have still not got the form to work, but I am closer now.
Copy link to clipboard
Copied
Sadly, I put a lot of work into this but I never got the form to get its values into the Cybersource site. Was anyone else successful, besides Shawn? If so, what changes or modifications were necessary, if any? I am very curious and interested.
Copy link to clipboard
Copied
Yes - We have been fully successful with this approach. We have of course built out more than what Shawn originally explained; his solution worked great (many things). We have taken to the point of returning the data from CyberSource in an XML string that we then store with our invoice so we can process the transaction on our end and update the database. We just move to production and did a full test with transactions processing all the way through.
Let me know where you are at on the your process, and I would be glad to assist.
st
Copy link to clipboard
Copied
Shawn,
Again many thanks, it has been working well. We would like to add the field to allow for auto settlement once authorized. Can you point us in the right direction?
Thanks
Scott T.