Refer a Friend

Cardsave Gateway from Worldpay

Developer Support

Redirect/Hosted Integration

With the Redirect/Hosted Integration method, the customer is passed to the Cardsave secure Hosted Payment Page in order to take the payment. Messages are sent back to the merchant's website system regarding the status of the transaction.

The Hosted Payment Page can be skinned so the merchants customer does not feel they are being taken to a bogus site to take the payment.

Developers often opt for this option because they feel more familiar with the integration method, no SSL is required for the Server Postback method and security on shared servers is less of an issue.

With the option of using no SSL this method incorporates a hash digest with the data sent over the internet to protect the authenticity of the data.

There is no need to use an SSL if using the server post back method and a basic installation of the base language is all that should be required in order to implement this method.

Security updates in various browsers now interrupt the post back to the customer's browser. It is possible that the merchant's server is not informed if a payment has been taken by the payment gateway. To combat this, we have implemented a Server Postback method for the result of the transaction directly to the merchant server and not via the customers browser.

The Server Post back process is as follows:

  1. The merchant's website posts to the Cardsave Hosted Payment Page with a unique OrderID.
  2. The card details are entered on the hosted payment form and submitted to the payment gateway, a result is returned to the Cardsave hosted payment form.
  3. The results are posted directly to the merchants server from the gateway.
  4. The website server (from the URL it was posted to), echo's back a response for the gateway to read, to confirm delivery of the result. There should not be ANY other characters in the response (including white space, or any HTML). Here are some valid examples: StatusCode=0 StatusCode=0&Message=Results received OK StatusCode=30&Message=Database timeout error StatusCode=30&Message=Unhandled exception
  5. Once the confirmation message is received by the payment gateway, a further message is posted back to the "CallbackURL". This message includes the CrossReference and OrderID for reconciliation of the response. Having already received the result of the transaction, the website can display the result of the transaction to the customer.

The Hosted Payment Page can be skinned to take a look and feel of the main website.

Below is the Hosted Payment Pag skinning pack, which provides help and template examples for a developer to customise.

Hosted Payment Page skinning pack

Click one of the links below to download one of our working code examples:

PHP

PHP Server Postback Code Example

PHP Simple POST Redirect Example (SSL Recommended)

Classic ASP

Classic ASP Server Postback Code Example

Classic ASP POST Redirect Code Example (SSL Recommended)

.NET

C#.NET 3.5/4.0 Server Postback Code Example

VB.NET 3.5/4.0 Server Postback Code Example

VB.NET 2.0 POST Redirect Code Example (SSL Recommended)

ColdFusion

ColdFusion Server Redirect Code Example

Skinning Pack

The Hosted Payment Page skinning pack, which provides help and template examples for a developer to customise the Hosted Payment Page.

Hosted Payment Page skinning pack

API

The API and POST URL for the Hosted Payment Page is as follows:

https://mms.cardsaveonlinepayments.com/Pages/PublicPages/PaymentForm.aspx