Contents

Request site security

 

Secure your payments

 

We strongly recommend including the additional field sitesecurity in the POST, to ensure requests to the Payment Pages cannot be modified by a customer or third party. This field contains a hash that is generated from a selection of designated fields, including a password that has been established with the Support team.

 

External
First, you will need to learn how to generate the site security hash:

Click here to open the instructions in a new tab on how to generate the sitesecurity hash.

Follow these instructions carefully and then look at the final step below to submit the hash in your POST.

 

When posting to the Payment Pages, you will need to include the sitesecurity and sitesecuritytimestamp fields in the POST, as shown below:


<html>
<head>
</head>
<body>
<!--YOUR HTML-->
<form method="POST" action="<DOMAIN>/process/payments/choice">
<input type="hidden" name="sitereference" value="test_site12345">
<input type="hidden" name="stprofile" value="default">
<input type="hidden" name="currencyiso3a" value="USD">
<input type="hidden" name="mainamount" value="100.00">
<input type="hidden" name="version" value="2">
<input type="hidden" name="orderreference" value="myorder12345">
<input type="hidden" name="sitesecurity" value="hee879a9ab97753b3a768925d50842f10e19fea03fef0b820026b6df92d415866">
<input type="hidden" name="sitesecuritytimestamp" value="2019-05-28 14:22:37">
<input type="submit" value="Pay">
</form>
</body>
</html>

Replace <DOMAIN> with a supported domain. Click here for a full list.

 

Info
As accurately as possible, the sitesecuritytimestamp should reflect the time the customer’s browser is to be redirected to the Payment Pages.

 

The value submitted in this field must be in the format YYYY-MM-DD hh:mm:ss.

The timestamp must be in the UTC time zone. (e.g. “2019-05-28 14:22:37”)

 

The customer has 3 hours from the time specified to complete the transaction, otherwise an error will be displayed on screen.

 


 

Troubleshooting

For any payment that is attempted with an incorrect hash, the customer will be presented with an error (example below) and no payment will be processed:

 


 

Tick
Your progress

Now you have configured request site security, we recommend configuring redirects, so your customers will always return to your website after their payments have been completed.

 


Click here to continue >>>