Wiki source for CyberSourceMigrationNotes
<<See also CyberSource<<::c::
===CyberSource Migration Notes===
CyberSource, the payment processor used by PVS, is forcing its users to migrate from HOP (Hosted Order Page) to SA (Secure Acceptance) Web/Mobile. Here are the pertinent resources that were used in transitioning the PVS donate, help-us (three-way) and API payment pages to SA:
[[http://www.cybersource.com/resources/collateral/pdf/SAMigrationTutorial.pdf | Migration Tutorial]] - 95% of the migration was accomplished with this document and the mapping guide below
[[http://www.cybersource.com/products_and_services/payment_security/secure_acceptance/installbase/resources/SecureAcceptance_API_Discovery.htm | Secure Acceptance Web Mobile: Field Mapping Guide]]
[[http://apps.cybersource.com/library/documentation/dev_guides/Secure_Acceptance_WM/Secure_Acceptance_WM.pdf | Full Configuration Guide]] - includes some details about recurring payments not in the Migration Tutorial
The basic stages of migration were as follows:
~- The proprietary algorithms contained in HOP.php have been replaced by SHA hashing. Consequently, the sample code provided by CyberSource was ported to python (security.py and security-test.py). The main difference between the two is the secret key used during hashing. There are no longer any dependencies upon PHP.
~- The submission url has changed: ""http://[test]secureacceptance.cybersource.com/pay""
~- SA now allows for the creation of multiple profiles (which you include as an attribute of the POST made during payment). This removed the need for application-specific parameters such as email addresses. We are using PVSDONA for PVS donations (made through the donate or help-us pages), and PVSAPIR for API registrations.
~- Payment tokens are required for recurring payments and are automatically generated by CyberSource. Bascially, the token provides access to sensitive customer data housed on CyberSource's servers, which removes most of the onerous PCI requirements on PVS. However, we currently do not track this token, as we do not have interfaces that permit registered members to modify their payment details.
~- Most if not all of the paramters sent to CyberSource have changed, which required line-by-line changes in api-payment-forward.html and donate-forward.html.
~- There are no need for conditionals in the html pages that are POSTed to CyberSource: Any parameters not included in either the signed_field_names or unsigned_field_names list are no longer processed by CyberSource. New parameters must be added to either one of these lists AND the appropriate *-forward.html page.
~- Order numbers are now required, in addition to a unique transaction_uuid parameter. The order number for donations are randomly generated.
~- Each profile is associated with one or more secret keys and access keys. Make sure you are using the right keys. You can find the keys in the profile security settings on the CyberSource site.
~- When testing, use the Transaction Search->Secure Acceptance Search on the CyberSource dashboard to check for errors.
----
CategoryITMisc
===CyberSource Migration Notes===
CyberSource, the payment processor used by PVS, is forcing its users to migrate from HOP (Hosted Order Page) to SA (Secure Acceptance) Web/Mobile. Here are the pertinent resources that were used in transitioning the PVS donate, help-us (three-way) and API payment pages to SA:
[[http://www.cybersource.com/resources/collateral/pdf/SAMigrationTutorial.pdf | Migration Tutorial]] - 95% of the migration was accomplished with this document and the mapping guide below
[[http://www.cybersource.com/products_and_services/payment_security/secure_acceptance/installbase/resources/SecureAcceptance_API_Discovery.htm | Secure Acceptance Web Mobile: Field Mapping Guide]]
[[http://apps.cybersource.com/library/documentation/dev_guides/Secure_Acceptance_WM/Secure_Acceptance_WM.pdf | Full Configuration Guide]] - includes some details about recurring payments not in the Migration Tutorial
The basic stages of migration were as follows:
~- The proprietary algorithms contained in HOP.php have been replaced by SHA hashing. Consequently, the sample code provided by CyberSource was ported to python (security.py and security-test.py). The main difference between the two is the secret key used during hashing. There are no longer any dependencies upon PHP.
~- The submission url has changed: ""http://[test]secureacceptance.cybersource.com/pay""
~- SA now allows for the creation of multiple profiles (which you include as an attribute of the POST made during payment). This removed the need for application-specific parameters such as email addresses. We are using PVSDONA for PVS donations (made through the donate or help-us pages), and PVSAPIR for API registrations.
~- Payment tokens are required for recurring payments and are automatically generated by CyberSource. Bascially, the token provides access to sensitive customer data housed on CyberSource's servers, which removes most of the onerous PCI requirements on PVS. However, we currently do not track this token, as we do not have interfaces that permit registered members to modify their payment details.
~- Most if not all of the paramters sent to CyberSource have changed, which required line-by-line changes in api-payment-forward.html and donate-forward.html.
~- There are no need for conditionals in the html pages that are POSTed to CyberSource: Any parameters not included in either the signed_field_names or unsigned_field_names list are no longer processed by CyberSource. New parameters must be added to either one of these lists AND the appropriate *-forward.html page.
~- Order numbers are now required, in addition to a unique transaction_uuid parameter. The order number for donations are randomly generated.
~- Each profile is associated with one or more secret keys and access keys. Make sure you are using the right keys. You can find the keys in the profile security settings on the CyberSource site.
~- When testing, use the Transaction Search->Secure Acceptance Search on the CyberSource dashboard to check for errors.
----
CategoryITMisc
