XML API into the SecureHosting transaction system
Summary
To provide an API into the current SecureHosting transaction system supporting the creation, refund, authorisation and detail capture of transactions through the UPG payment provider.
Interface
Calls will be made using XML (utf8 encoded) over a https connection to our servers.
The script to call will be:-
And each call should be posted using the variable name ‘xmldoc’.
XML Calls
The following pages now detail the specific xml required in order to perform the calls listed above. Examples have been included showing both the input and output xml files.
Transactions:
<?xml version="1.0"?>
<request>
<type>transaction</type>
<authtype>authorise</authtype>
<authentication>
<shreference>SH200037</shreference>
<checkcode>26423</checkcode>
</authentication>
<transaction>
<cardnumber>4242424242424242</cardnumber>
<cardstartmonth>01</cardstartmonth>
<cardstartyear>04</cardstartyear>
cardexpiremonth>01</cardexpiremonth
cardexpireyear>06</cardexpireyear>
<cv2>424</cv2>
switchnumber>2</switchnumber
cardholdersname>SecureHosting</cardholdersname
cardholdersemail></cardholdersemail
cardholderaddr1>Address 1</cardholderaddr1
cardholdercity>City</cardholdercity
cardholderstate>State</cardholderstate
cardholderpostcode>Postcode</cardholderpostcode
<currency>GBP</currency>
<transactionamount>34.99</transactionamount>
<transactiontax>3.50</transactiontax>
<shippingcharge>1.00</shippingcharge>
<secuitems><![CDATA[[1129||Laptop|350.00|1|350.00]]]></secuitems>
</transaction>
<callback>
<callbackurl>
<callbackdata>variable|value</callbackdata>
</callback>
<emailmanager>
<forename>Forename</forename>
<surname>Surname</surname>
<addtolists>
<listid>1</listid>
<listid>4</listid>
</addtolists>
</emailmanager>
</request>
Result on Success: -
<?xml version="1.0"?>
<result>
<status>OK</status>
<reference>1234567</reference>
<transactiontime>23:59:59</transactiontime>
<transactiondate>2005-06-10</transactiondate>
<cv2avsresult>ALL MATCH</cv2avsresult>
<cardtype>Visa Debit</cardtype>
</result>
Result on Error: -
<?xml version="1.0"?>
<result>
<status>ERROR</status>
<statustext>ERROR_DESCRIPTION</statustext>
</result>
Notes:
Any fields can be passed and captured as part of the transaction, the standard field (node) names should be defined as those set up within the “Settings/Form Field Settings” menu within your Securehosting account.
The “authtype” node is only available for a “transaction” call and is optional it is only required if you wish to override the auth type that is used ie. If your account is set to authorise immediately but you have a transaction that you wish to put through on pre-auth as you have limited stock etc.
The types which can be defined are:- “authorise” (authorise payments immediately) and “pre_auth” (verify card/funds without debiting the card) ie.
<authtype>authorise</authtype>
<authtype>pre_auth</authtype>
The format for the secuitems node is:- itemcode|itemskew|itemdesc|itempric|itemquan|itemtota
Failed transactions will be returned with a status of ERROR, a “reason” node will return the transaction error message.
The callback and emailmanager parent nodes are optional.
Error Messages:
A number of predefined error messages maybe additionally returned when performing tasks. These errors should help any error debugging by more precisely documenting the problem.
DATABASE_ERROR – Problem connecting to database.
INVALID_LOGIN – Incorrect SH Reference, checkcode or password.
NO_XML_PASSED – No XML document passed.
BAD_XML_PASSED – Invalid XML passed.
DATA_ERROR – An error with the data passed, such as invalid transaction id for a refund.
CREDIT_ERROR – An error the credit system, check enough credits exist.
UPG_ERROR – Specific error with payment gateway.
TRANSACTION_ERROR – An error occurred with the payment, a further node called reason will contain more details.
Mail Order Transactions:
<?xml version="1.0"?>
<request>
<type>moto</type>
<authentication>
<shreference>SH200037</shreference>
<checkcode>26423</checkcode>
</authentication>
<transaction>
<cardnumber>4242424242424242</cardnumber>
<cardstartmonth>01</cardstartmonth>
<cardstartyear>04</cardstartyear>
cardexpiremonth>01</cardexpiremonth
cardexpireyear>06</cardexpireyear>
<cv2>424</cv2>
switchnumber>2</switchnumber
cardholdersname>SecureHosting</cardholdersname
cardholdersemail></cardholdersemail
cardholderaddr1>Address 1</cardholderaddr1
cardholdercity>City</cardholdercity
cardholderstate>State</cardholderstate
cardholderpostcode>Postcode</cardholderpostcode
<currency>GBP</currency>
<transactionamount>34.99</transactionamount>
<transactiontax>3.50</transactiontax>
<shippingcharge>1.00</shippingcharge>
<secuitems><![CDATA[[itemcode|itemskew|itemdesc|itempric|itemquan|itemtota]]]></secuitems>
</transaction>
<callback>
<callbackurl>
<callbackdata>variable|value</callbackdata>
</callback>
<emailmanager>
<forename>Forename</forename>
<surname>Surname</surname>
<addtolists>
<listid>1</listid>
<listid>4</listid>
</addtolists>
</emailmanager>
</request>
Please note:
The only difference between the XML calls for a normal transaction and a mail order transaction is the type element.
Refunds:
<?xml version="1.0"?>
<request>
<type>refund</type>
<authentication>
<shreference>SH200037</shreference>
<password>testing</password>
</authentication>
<transaction>
<reference>1374617</reference>
<amount>34.99</amount>
</transaction>
</request>
Result on Success: -
<?xml version="1.0"?>
<result>
<status>OK</status>
</result>
Result on Error: -
<?xml version="1.0"?>
<result>
<status>ERROR</status>
<statustext>ERROR_DESCRIPTION</statustext>
</result>
Error Messages:
A number of predefined error messages maybe additionally returned when performing tasks. These errors should help any error debugging by more precisely documenting the problem.
DATABASE_ERROR – Problem connecting to database.
INVALID_LOGIN – Incorrect SH Reference or password.
NO_XML_PASSED – No XML document passed.
BAD_XML_PASSED – Invalid XML passed.
DATA_ERROR – An error with the data passed, such as invalid transaction id for a refund.
CREDIT_ERROR – An error the credit system, check enough credits exist.
UPG_ERROR – Specific error with payment gateway.
Authorisations:
<?xml version="1.0"?>
<request>
<type>authorisation</type>
<authentication>
<shreference>SH200037</shreference>
<password>testing</password>
</authentication>
<transaction>
<reference>1374617</reference>
<amount>34.99</amount>
</transaction>
</request>
Result on Success: -
<?xml version="1.0"?>
<result>
<status>OK</status>
</result>
Result on Error: -
<?xml version="1.0"?>
<result>
<status>ERROR</status>
<statustext>ERROR_DESCRIPTION</statustext>
</result>
Notes:
“Amount” should be the authorisation amount, this can be either the full transaction amount or a partial amount.
Error Messages:
A number of predefined error messages maybe additionally returned when performing tasks. These errors should help any error debugging by more precisely documenting the problem.
DATABASE_ERROR – Problem connecting to database.
INVALID_LOGIN – Incorrect SH Reference or password.
NO_XML_PASSED – No XML document passed.
BAD_XML_PASSED – Invalid XML passed.
DATA_ERROR – An error with the data passed, such as invalid transaction id for an authorisation.
AUTH_ERROR – An error performing the authorisation, such as the original transaction > 28 days.
CREDIT_ERROR – An error the credit system, check enough credits exist.
UPG_ERROR – Specific error with payment gateway.
Additional Payments:
<?xml version="1.0"?>
<request>
<type>additional</type>
<authentication>
<shreference>SH200037</shreference>
<checkcode>779085</checkcode>
</authentication>
<transaction>
<reference>16807157</reference>
<currency>GBP</currency>
<transactionamount>34.99</transactionamount>
<transactiontax>3.50</transactiontax>
<shippingcharge>1.00</shippingcharge>
<secuitems<![CDATA[[123||example|34.99|1|34.99]]]</secuitems>
<cardholdersname>SecureHosting</cardholdersname>
<cardholdersemail></cardholdersemail>
<cardholderaddr1>Address 1</cardholderaddr1>
<cardholderaddr2>Address 2</cardholderaddr2>
<cardholdercity>City</cardholdercity>
<cardholderstate>State</cardholderstate>
<cardholdercountry>Country</cardholdercountry>
<cardholderpostcode>Postcode</cardholderpostcode>
<cv2>424</cv2>
</transaction>
<callback>
<callbackurl>
<callbackdata>variable|value</callbackdata>
</callback>
</request>
Result on Success: -
<?xml version="1.0"?>
<result>
<status>OK</status>
<reference>1234567</reference>
<transactiontime>23:59:59</transactiontime>
<transactiondate>2007-06-05</transactiondate>
<cv2avsresult>ALL MATCH</cv2avsresult>
<cardtype>Visa Debit</cardtype>
</result>
Result on Error: -
<?xml version="1.0"?>
<result>
<status>ERROR</status>
<statustext>ERROR_DESCRIPTION</statustext>
</result>
Notes:
If you leave any of the following fields blank the values from the original transaction will be used:-
cardholdersname, cardholderaddr1, cardholderaddr2, cardholdercity, cardholderstate, cardholdercountry, cardholderpostcode
Please note as with a normal transaction any field can be passed and captured as part of the additional transaction, the standard field (node) names should be defined as those set up within the Form Field Settings.
Failed transactions will be returned with a status of ERROR, a “reason” node will return the transaction error message.
The callback nodes are optional.
Error Messages:
A number of predefined error messages maybe additionally returned when performing tasks. These errors should help any error debugging by more precisely documenting the problem.
DATABASE_ERROR – Problem connecting to database.
INVALID_LOGIN – Incorrect SH Reference, checkcode or password.
NO_XML_PASSED – No XML document passed.
BAD_XML_PASSED – Invalid XML passed.
DATA_ERROR – An error with the data passed, such as invalid transaction id for a refund.
CREDIT_ERROR – An error the credit system, check enough credits exist.
UPG_ERROR – Specific error with payment gateway.
TRANSACTION_ERROR – An error occurred with the payment, a further node called reason will contain more details.
Order TrackingSet Status:
<?xml version="1.0"?>
<request>
<type>setstatus</type>
<authentication>
<shreference>SH200037</shreference>
<password>testing</password>
</authentication>
<transaction>
<reference>1374617</reference>
<status>Payment Processed</status>
<note><![CDATA[Your payment has been processed!]]></note>
</transaction>
</request>
Result on Success: -
<?xml version="1.0"?>
<result>
<status>OK</status>
</result>
Result on Error: -
<?xml version="1.0"?>
<result>
<status>ERROR</status>
<statustext>ERROR_DESCRIPTION</statustext>
</result>
Notes:
If the order status doesn’t already exist, it will be created. The field is case insensitive.
Error Messages:
A number of predefined error messages maybe additionally returned when performing tasks. These errors should help any error debugging by more precisely documenting the problem.
DATABASE_ERROR – Problem connecting to database.
INVALID_LOGIN – Incorrect SH Reference or password.
NO_XML_PASSED – No XML document passed.
BAD_XML_PASSED – Invalid XML passed.
DATA_ERROR – An error with the data passed, such as invalid transaction id for the update.
Order Tracking Get Status:
<?xml version="1.0"?>
<request>
<type>getstatus</type>
<authentication>
<shreference>SH200037</shreference>
<password>testing</password>
</authentication>
<transaction>
<reference>1374617</reference>
<passwordfield>cardholdersemail</passwordfield>
<password></password>
</transaction>
</request>
Result on Success: -
<?xml version="1.0"?>
<result>
<status>OK</status>
<transaction>
cardholdersname>SecureHosting</cardholdersname
cardholdersemail></cardholdersemail
cardholderaddr1>Address 1</cardholderaddr1
cardholdercity>City</cardholdercity
cardholderstate>State</cardholderstate
cardholderpostcode>Postcode</cardholderpostcode
<currency>GBP</currency>
<transactionamount>34.99</transactionamount>
<transactiontax>3.50</transactiontax>
<shippingcharge>1.00</shippingcharge>
purchaseditems
<item>
code>001</code>
<skew>skew_code</skew>
<description><![CDATA[Product Description]]></description>
<price>10.00</price>
<qty>2</qty>
<totalprice>20.00</totalprice>
</item>
</purchaseditems>
<extrafields>
<field1>value1</field1>
<field2>value2</field2>
</extrafields>
</transaction>
</result>
Result on Error: -
<?xml version="1.0"?>
<result>
<status>ERROR</status>
<statustext>ERROR_DESCRIPTION</statustext>
</result>
Error Messages:
A number of predefined error messages maybe additionally returned when performing tasks. These errors should help any error debugging by more precisely documenting the problem.
DATABASE_ERROR – Problem connecting to database.
INVALID_LOGIN – Incorrect SH Reference or password.
NO_XML_PASSED – No XML document passed.
BAD_XML_PASSED – Invalid XML passed.
DATA_ERROR – An error with the data passed, such as invalid transaction id for the update.
INVALID_PASSWORD – Incorrect transaction reference or password relating to transaction.
Appendix 1: PHP Transaction Example
$xmlfile = "./api_transaction.xml";
$xmldoc = file_get_contents($xmlfile);
$post_vars = "xmldoc=".urlencode($xmldoc);
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $post_vars);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_TIMEOUT, 15);
$xml_text = trim(curl_exec ($ch));
if ($xml_text == "") print (date("Y-m-d H:i:s")." XML Doc Empty");
if (curl_error($ch)) print (date("Y-m-d H:i:s")." cURL Call Failed - ".curl_error($ch));
curl_close ($ch);
print $xml_text;
Transaction XML APIPage 1 of 12