Skip to main content

PayWay Net hand-off developers guide

Introduction

The Hosted Payment Page is a PayWay-hosted webpage for accepting credit card and PayPal payments. Your webserver can securely send a shopping cart to PayWay. When your customer visits PayWay to pay, the shopping cart is displayed. Once the payment is accepted, your website receives notification of the payment.

This page describes how to implement this solution.

Alternatively, if you are not a software developer, you may wish to set up a simple link from your website to the PayWay hosted page.

Your PayWay login name and password

You will require a login to PayWay to:-

  • Configure PayWay Net Hosted Payment Page,
  • Link a PayPal account to your PayWay facility,
  • View test payments you have conducted.

Sign In to PayWay. On first sign in, you will be asked to change your password and answer security questions. Keep a copy of your username and password in a secure location. If you require a password reset, you can do this online by answering your security questions.

Free test facility

For a free test facility Create a test sign in.

Configuring PayWay Net

To configure PayWay Net hosted payment page:

  1. Sign in to PayWay
  2. Click Setup Net
  3. Click Hosted Payment Page and follow the wizard

Bill Payments/Shopping Cart

This section describes only the deprecated "Bill Payments/Shopping Cart" option.

Required technology:

  • A dynamic back-end which can send a HTTPS POST directly to PayWay server,
  • The ability to make an outbound HTTPS connection to PayWay through your proxy and firewall (for secure token request),
  • A valid TLS certificate issued by a trusted certificate authority (for server to server payment notification),
  • A dynamic back-end which can receive and parse HTTPS requests with parameters or can parse XML (for customising receipt page),
  • The ability to decrypt and verify data encrypted using AES with Cipher Block Chaining (for customising receipt page)

You can pass parameters for information fields to display to the customer, hidden fields to be displayed on internal invoices and products in the shopping cart. You can request a server-to-server payment notification for straight-through processing, and customise the receipt page. Look and feel can be changed by uploading images and a custom style sheet to PayWay.

Linking a PayPal account

If you wish to accept live payments via PayPal you will require a PayPal Business or Premier account. You can use an existing one or create a new one.

Your PayPal Business or Premier account is linked to PayWay as follows:-

  1. Sign-in to PayWay
  2. Click on Administration and then Manage PayPal Accounts
  3. Click Link Another PayPal Account
  4. Enter the email address of your account and click Next. You will be redirected to PayPal.
  5. Sign in to PayPal using your PayPal email address and password
  6. Click Grant Permissions to allow PayWay to use your PayPal account. This informs PayPal that you allow PayWay to process on your behalf.
  7. In order to enable PayPal, add the parameter paypal_email with the value of the email address you linked above when sending parameters from your website to PayWay.

Sending parameters to PayWay

Secure token request

The shopping cart parameters are passed directly from your server to PayWay. This means that the customer cannot tamper with parameters. The secure token request works as follows:

  1. Your customer's browser requests the checkout page from your server
  2. Your server sends a cart token request directly to PayWay. The request contains all fields from your shopping cart (e.g. total payment amount, products) and other parameters.
  3. PayWay stores the cart details and responds with a cart token.
  4. Your site returns a HTML page to the browser including a form containing your biller code and the token. The HTML form instructs the browser to POST directly to the PayWay server when submitted.
  5. The customer's browser displays the HTML form to the customer.
  6. The customer submits the HTML form, and the browser sends it directly to PayWay.
  7. PayWay looks up the details based on the cart token and the payment flow continues.

What is a cart token?

After sending the shopping cart parameters to PayWay through a cart token request, you will receive a randomly generated string of characters which is called a cart token. When the customer arrives at the PayWay website via their browser, PayWay looks-up the shopping cart details from the cart token. Cart tokens are valid for 1 hour after they have been created, and can only be used once each.

How do I request a card token?

To request a cart token, your server sends a HTTPS POST to:

URL for Westpac PayWay

https://www.payway.com.au/RequestToken

URL for St. George PayWay

https://payway.stgeorge.com.au/RequestToken

The request body contains parameters in application/x-www-form-urlencoded format. You must provide your biller_code, username and password as parameters in your token request.

In addition you may provide other parameters described in this document. Tokens are only accepted for a list of IP addresses that you must configure on the Security Information page in the Setup Hosted Payment Page wizard.

3-D Secure

Token request parameters that are required to process the transaction with EMV 3-D Secure Version 2.

Send these parameters:

Make sure the cardholder can not tamper with these parameters before your server sends them to PayWay.
Authentication purpose
Parameter Name Description
3ds2_messageCategory

Required

01 Payment Authentication
3ds2_threeDSRequestorAuthenticationInd

Required. The reason for the Authentication request.

01 Payment transaction
02 Recurring transaction
03 Instalment transaction
04 Add card
05 Maintain card
06 Cardholder verification as part of EMV token ID&V
Purchase information

If you will immediately conduct a payment or conduct a recurring series of payments, send these parameters:

Parameter Name Description
3ds2_purchaseInstalData Required if you and Cardholder have agreed to instalment payments. The maximum number of authorisations permitted for instalment payments. Max 999
3ds2_recurringExpiry Optional. Date after which no further authorisations shall be performed. Format YYYYMMDD
3ds2_recurringFrequency Optional. The minimum number of days between authorisations. e.g. 28. Max 9999
Merchant risk indicator

We strongly recommend you send these parameters:

Parameter Name Description
3ds2_deliveryEmailAddress For Electronic delivery, the email address to which the merchandise will be delivered.
3ds2_deliveryTimeframe

Your delivery timeframe.

01 Electronic Delivery
02 Same day shipping
03 Overnight shipping
04 Two-day or more shipping
3ds2_giftCardAmount For prepaid or gift card purchase, the purchase amount total of prepaid or gift card(s)
3ds2_giftCardCount For prepaid or gift card purchase, total count of individual prepaid or gift cards/codes purchased. Max 99
3ds2_giftCardCurr For prepaid or gift card purchase, ISO 4217 three-digit currency code of the gift card. e.g. 036 for Australian Dollars
3ds2_preOrderDate For a pre-ordered purchase, the expected date that the merchandise will be available. Format YYYYMMDD.
3ds2_preOrderPurchaseInd

Indicates whether Cardholder is placing an order for merchandise with a future availability or release date.

01 Merchandise available
02 Future availability
3ds2_reorderItemsInd

Indicates whether the cardholder is reordering previously purchased merchandise.

01 First time ordered
02 Reordered
3ds2_shipIndicator

Indicates shipping method chosen for the transaction.

You must choose the Shipping Indicator code that most accurately describes the cardholder's specific transaction, not your general business.

If one or more items are included in the sale, use the Shipping Indicator code for the physical goods, or if all digital goods, use the Shipping Indicator code that describes the most expensive item.

01 Ship to cardholder's billing address
02 Ship to another verified address you hold on file
03 Ship to address that is different than the cardholder's billing address
04 Ship to Store / Pick-up at local store (Store address shall be populated in shipping address parameters)
05 Digital goods (includes online services, electronic gift cards and redemption codes)
06 Travel and Event tickets, not shipped
07 Other (for example, Gaming, digital services not shipped, e-media subscriptions, etc.)
Cardholder Contact Details
Parameter Name Description
3ds2_email The email address associated with the account that is either entered by the cardholder, or you have on file. Max 254 characters.
3ds2_homePhone Optional. The home phone number provided by the Cardholder. Max 15 characters.
3ds2_mobilePhone Optional. The mobile phone number provided by the Cardholder. Max 15 characters.
3ds2_workPhone Optional. The work phone number provided by the Cardholder. Max 15 characters.

Use international format for phone numbers. e.g. +61499999999

Billing Address

These required parameters contain the billing address associated with the credit card.

Parameter Name Description
3ds2_billAddrLine1 First line of the street address or equivalent local portion. Max 50 characters.
3ds2_billAddrLine2 Optional. Second line of the street address or equivalent local portion. Max 50 characters.
3ds2_billAddrLine3 Optional. Third line of the street address or equivalent local portion. Max 50 characters.
3ds2_billAddrCity The city of the billing address. Max 50 characters.
3ds2_billAddrPostCode ZIP or other postal code of the billing address. Max 16 characters.
3ds2_billAddrState The state or province. Max 3 characters. Use the ISO 3166-2 country subdivision code. e.g. NSW
3ds2_billAddrCountry Use the ISO 3166-1 numeric three-digit country code. e.g. 036
Shipping Address

Send these parameters if you will ship physical goods to the cardholder:

Parameter Name Description
3ds2_addrMatch Optional. Y if Shipping Address matches Billing Address, otherwise N
3ds2_shipAddrLine1 First line of the street address or equivalent local portion. Max 50 characters.
3ds2_shipAddrLine2 Optional. Second line of the street address or equivalent local portion. Max 50 characters.
3ds2_shipAddrLine3 Optional. Third line of the street address or equivalent local portion. Max 50 characters.
3ds2_shipAddrCity The city of the shipping address. Max 50 characters.
3ds2_shipAddrPostCode ZIP or other postal code of the shipping address. Max 16 characters.
3ds2_shipAddrState The state or province. Max 3 characters. Use the ISO 3166-2 country subdivision code. e.g. NSW
3ds2_shipAddrCountry Use the ISO 3166-1 numeric three-digit country code. e.g. 036
Cardholder Account Information

These parameters contain optional information about the Cardholder Account on your website. Parameters used to define a time period can be included as either the specific date or an approximate indicator for when the action occurred. You can use either format.

If the cardholder has not signed in to your website, send these parameters:

Parameter Name Description
3ds2_chAccAgeInd

Optional. Length of time that the cardholder has had the account with you

01 for No account (guest checkout)
3ds2_paymentAccInd

Optional. Indicates the length of time that the payment account was enrolled in the cardholder's account with you.

01 for No account (guest checkout)

If the cardholder has signed in to your website, send these parameters:

Parameter Name Description
3ds2_acctID Optional. Cardholder Account Identifier. Additional information about the account optionally provided by you. Max 64 characters.
3ds2_chAccAgeInd

Optional. Length of time that the cardholder has had the account with you.

02 Created during this transaction
03 Less than 30 days
04 30-60 days
05 More than 60 days
3ds2_chAccChange Optional. Date that the cardholder's account with you was last changed, including Billing or Shipping address, new payment account, or new user(s) added. Format YYYYMMDD
3ds2_chAccChangeInd

Optional. Length of time since the cardholder's account information with you was last changed, including Billing or Shipping address, new payment account, or new user(s) added.

01 Changed during this transaction
02 Less than 30 days
03 30-60 days
04 More than 60 days
3ds2_chAccDate Optional. Date that the cardholder opened the account with you. Format YYYYMMDD
3ds2_chAccPwChange Optional. Date that cardholder's account with you had a password change or account reset. Format YYYYMMDD
3ds2_chAccPwChangeInd

Optional. Indicates the length of time since the cardholder's account with you had a password change or account reset.

01 No change
02 Changed during this transaction
03 Less than 30 days
04 30-60 days
05 More than 60 days
3ds2_nbPurchaseAccount Optional. Number of purchases with this cardholder account during the previous six months. Max 9999.
3ds2_paymentAccAge Optional. Date that the payment account was enrolled in the cardholder's account with you. Format YYYYMMDD
3ds2_paymentAccInd

Optional. Indicates the length of time that the payment account was enrolled in the cardholder's account with you.

01 No account (guest check-out)
02 During this transaction
03 Less than 30 days
04 30-60 days
05 More than 60 days
3ds2_provisionAttemptsDay Optional. Number of Add Card attempts in the last 24 hours. Max 999.
3ds2_shipAddressUsage Optional. Date when the shipping address used for this transaction was first used with you. Format YYYYMMDD.
3ds2_shipAddressUsageInd

Optional. Indicates when the shipping address used for this transaction was first used with you.

01 This transaction
02 Less than 30 days
03 30-60 days
04 More than 60 days
3ds2_shipNameIndicator

Optional. Indicates if the Cardholder Name on the account is identical to the shipping Name used for this transaction.

01 Account Name identical to Shipping Name
02 Account Name different than Shipping Name
3ds2_suspiciousAccActivity

Optional. Indicates whether you have experienced suspicious activity (including previous fraud) on the cardholder account.

01 No suspicious activity has been observed
02 Suspicious activity has been observed
3ds2_txnActivityDay

Optional. Number of transactions (successful and abandoned) for this cardholder account across all payment accounts in the previous 24 hours. Max 999.

3ds2_txnActivityYear

Optional. Number of transactions (successful and abandoned) for this cardholder account across all payment accounts in the previous year. Max 999.

Parameters

The built-in parameters you can pass to PayWay are listed in PayWay Request Parameters. You can create your own parameters for information fields, hidden fields and products.

Use this URL to conduct hosted payment page transactions:

URL for Westpac PayWay

https://www.payway.com.au/MakePayment?BillerCode=XXXXXX&token=TTTTT

URL for St. George PayWay

https://payway.stgeorge.com.au/MakePayment?BillerCode=XXXXXX&token=TTTTT

Your Biller Code can be found in the Setup Net wizard. You obtain a token as described above.

Information fields

Information fields are additional fields that you wish to display on the payment pages. You provide a list of information fields using built-in parameters information_fields and suppress_field_names as follows:

Parameter Name Parameter Value
information_fields Name,Address,Address2
supress_field_names Address2
Name Bob
Address 15 Bob Street
Address2 Bobsville

These parameters will appear in a tabular format as transaction details on the payment page. If you do not wish to display the label of an information field (say, for Address2) you can suppress field names. This is done with suppress_field_names, in the same format as information_fields.

Hidden fields

Hidden fields contain information that is not displayed to the customer but may be returned to your website via:

  • server to server payment notification,
  • browser redirect after payment (if specified in URL).

Hidden fields are visible when you sign-in to PayWay and view transactions. You can instruct PayWay to hide fields using the hidden_fields parameters as shown in the example below. In this example, PromotionCode and PartnerCode are hidden fields.

Parameter Name Parameter Value
hidden_fields PromotionCode,PartnerCode
PromotionCode A93DS
PartnerCode TYE

Product fields

Parameters which are not built-in parameters and not listed as hidden fields or information fields will be interpreted as product fields.

The format of product fields is as follows:-

Parameter Name Parameter Value
The name of product [<quantity>,]<price>
DVD 5,20.5
OLED TV 9999.99

These examples:

  • Add 5 DVDs worth $20.50 each to the transaction.
  • Add one OLED TV worth $9999.99 to the transaction.

PayWay will calculate the total product costs based on all products. There are options for calculating and displaying GST using gst_rate, gst_added and gst_exempt_fields. See PayWay Request Parameters.

Receiving payment notification

PayWay Net can notify you with the result of each individual payment to allow you to process the order. This notification can be sent:-

  • Via email to your nominated email address,
  • Directly from PayWay to your server over HTTPS for straight-through processing.

Configure these options using the Setup Net menu option. The remainder of this chapter discusses the HTTPS payment notification option.

Pre-requisites

In order to use server to server payment notification, your website must have:

  • a valid TLS certificate issued by a trusted certificate authority,
  • a dynamic back-end which can receive and parse HTTPS requests with Basic Auth and parameters or can parse XML.

Security

It is important for you to verify that the notification originated from the PayWay server and not a fraudster. To allow you to verify this, a username and password are included in each notification.

Your website must check that the Basic Auth username and password in the Authorization header match your credentials in PayWay for each notification to ensure that the request came from the PayWay server. If the username or password is not correct, you must ignore the notification. To find your PayWay Net server to server payment notification username and password refer to the Configuration section below. This is not the same password that you use to sign-in to the PayWay website.

Configuration

To configure server to server payment notifications use the Setup Net pages in PayWay. You must be using the Billing Payments/Shopping Cart configuration. Enter your URL under the Server-to-Server Payment Notification section. Your server to server payment notification username and password are shown on the next page.

PayWay will send parameters listed in Payment Notification Parameters. This configuration is recommended.

If you leave the Notification Post Type blank, PayWay will send parameters that you request in your URL. See Default Post Type.

Processing the payment notification

The page you write to receive the payment notification request must return an HTTP status of 200 ( success), or PayWay will post the same notification to you again. You should only return a status of 200 if you have successfully processed the response and saved the payment to your database.

You should check that your server has not previously processed a notification for the given receipt number.

If after three retries your server does not return a HTTP 200 response we will send you an email notification and stop retrying that particular payment notification.

Customer receipts

After making a payment, your customer can email themselves a receipt. To change the details shown on the receipt:

  1. Sign-in to PayWay.
  2. Click on the gear icon for Settings.
  3. Click on Company Details.

The purpose of Browser Returns Links and Redirect is to display appropriate web pages to your customer. PayWay Net can be configured with:-

  • A button linking back to your website if the customer decides to continue shopping rather than completing the payment,
  • A button linking back to your website on the payment receipt page,
  • To redirect the browser to your website instead of displaying a payment receipt page (advanced).

When redirecting after payment, PayWay will provide an encrypted list of ampersand delimited parameters and instruct the customer's browser to pass them to your site. The encrypted parameters include details about the outcome of the transaction. Use this method to display a customised receipt page.

Pre-requisites

To create a customised receipt based on the outcome of the transaction, your website must have:-

  • a dynamic back-end which can receive parsed GET parameters,
  • the ability to decrypt and verify data encrypted using AES 128 with Cipher Block Chaining, using PKCS-7 Padding.

Configuration

To configure browser redirect use the Setup Net pages in PayWay. You must be using the Billing Payments/Shopping Cart configuration. Enter your URL under the Browser Return section. If you wish to receive information and hidden fields, specify the name of the fields as shown in this example:

www.example.com?PromotionCode&Name&Address

If you wish to decrypt the payment information, step to the Security Information page in the Setup Net wizard and note the HTTP Parameter Encryption key.

Decrypting Parameters

The parameters are encrypted using AES 128 with Cipher Block Chaining, using PKCS-7 Padding. The decryption algorithm should be initialised with a 16 byte, zero-filled initialization vector, and should use your encryption key (which can be found on the Security page of PayWay Net Shopping Cart setup).

Before decryption, the parameters passed with the redirect will appear as follows:

EncryptedParameters=QzFtdn0%2B66KJV5L8ihbr6ofdmrkEQwqMXI3ayF7UpVlRheR7r5fA6IqBszeKFoGSyR7c7J4YsXgaOergu5SWD%2FvL%2FzPSrZER9BS7mZGckriBrhYt%2FKMAbTSS8FXR72gWJZsul9aGyGbFripp7XxE9NQHVMWCko0NlpWe7oZ0RBIgNpIZ3JojAfX7b1j%2F5ACJ79SVeOIK80layBwCmIPOpB%2B%2BNI6krE0wekvkkLKF7CXilj5qITvmv%2FpMqwVDchv%2FUNMfCi4uUA4igHGhaZDQcV8U%2BcYRO8dv%2FnqVbAjkNwBqxqN3UPNFz0Tt76%2BP7H48PDpU23c61eM7mx%2FZh%2Few5Pd0WkiCwZVkSZoov97BWdnMIw5tOAiqHvAR3%2BnfmGsx

Signature=huq1shmZ6k7L5BYxjGI2lJvQxffqa%2FogZR5oO8Ln2oc%3D

The signature is generated through the following procedure:

  1. Convert the query parameters string to UTF-8 bytes
  2. Perform an MD5 hash on the bytes
  3. Encrypt the hash using AES-128 in CBC mode
  4. Encode the encryption output to Base-64

This signature can be used to verify that the text was transmitted correctly. After decryption, the parameters will appear as follows:

bank_reference=1234&card_type=VI&payment_amount=100&PromotionCode=ABCD&...

For details of parameters, see Browser Redirect Parameters.

Testing and going live

To test your software, create a free test facility.

When you are ready to use your live facility:-

  • Click Setup Net in the menu
  • Click Hosted Payment Page in the menu
  • Follow the wizard until and end and click the Go Live button
  • Modify your application to pass your live biller_code
  • Modify your application to pass your live merchant_id, rather than TEST
  • If you wish to use PayPal, link your PayPal account to PayWay
  • Modify your application to pass your live paypal_email, rather than test@example.com
  • If your live system is hosted separately to your test system and you are using secure token requests, you must add additional IP addresses through the Hosted Payment Page wizard.

You can continue to use your test facility after you have gone live.

Test card numbers

When using the test merchant, only the card numbers below are valid. All other card numbers will return a response of "42 No Universal Account". Each card number will return a specific response.

If you want to test a card which has low funds, you would use card number 4564710000000020 with an amount higher than $10. Note that if you enter an incorrect expiry date for one of the test cards, you will get a response of 54. If you enter an incorrect CVN, you will get a response of 01 or 05 depending on the card type.

Cards listed as "Fraud Guard" will decline if you have Fraud Guard enabled on your facility.

The test merchant simulates a live gateway but may be used without any risk of transactions actually being processed through the banking system.

Test Card Number Expiry Date CVV Response Description Transaction Status
4564710000000004 02/19 847 08 Visa Approved Approved
5163200000000008 08/20 070 08 MC Approved Approved
2221000000000009 01/20 009 08 MC Approved Approved
4564710000000012 02/05 963 54 Visa Expired Declined
4564710000000020 05/20 234 51 Visa Low Funds ($10 credit limit) Declined
5163200000000016 12/19 728 04 MC Stolen Declined
4564720000000037 09/19 030 05 Visa invalid CVV2 Declined
376000000000006 06/20 2349 08 Amex Approved
343400000000016 01/19 9023 62 Amex Restricted Declined
36430000000007 06/22 348 08 Diners Approved
36430000000015 08/21 988 43 Diners Stolen Declined
5163200000000024 02/19 847 If Fraud Guard is active 34 otherwise 08 Fraud Guard Declined if Fraud Guard is active
5163200000000032 02/19 847 If Fraud Guard is active 34 otherwise 05 Fraud Guard Declined
6250947000000014 12/33 123 08 UnionPay Approved

Test PayPal transactions

You can test the integration between your website and PayWay using a simulation of PayPal provided by PayWay (PayWay does not make use of the PayPal Sandbox.) You can use any details for the buyer on the PayPal simulation page.

Refund transactions

PayWay Net transactions can only be refunded through the PayWay portal screens. See the PayWay User Guide for more detailed instructions on how to achieve this.

Card types accepted

PayWay Net accepts the following card types via your Merchant Facility:

  • Visa
  • MasterCard
  • UnionPay

You may also accept the following card types if you have a merchant facility with the charge card company. You can contact the charge card company on the number below to arrange a merchant facility:

Refer to the PayWay User Guide for information on setting up these in PayWay once you have established your charge card merchant facility.

Support

For issues relating to your Merchant agreement with American Express, contact Amex on 1300 363 614.

For issues relating to your Merchant agreement with Diners Club, contact Diners on 1300 360 060.

For issues relating to your PayPal agreement visit www.paypal.com.au and click on the Help Centre or Contact Us links.

For issues relating to your PayWay facility setup, contact your Implementation Manager. Any actions listed on the "Go Live" page are completed by your implementation manager.

For issues relating to PayWay Net development, email PayWay Technical Support and provide:

  • your client number or biller code,
  • a description of the issue,
  • date/time when the issued occurred,
  • a receipt number and dollar value of a sample transaction,
  • a screenshot if relevant,
  • the web technology you are using.

PayWay request parameters

Name Type Default Description
biller_code Number Mandatory. Your six-digit PayWay Biller Code. This identifies that the payment is for your PayWay facility. To find the value for this, sign-in to PayWay. Your biller code is a six digit number displayed in the top-right corner.
merchant_id Number Your Merchant Id - identifies which of your registered merchant facilities the payment is to be processed under. Specify TEST for making test payments. For an Amex/Diners transactions, you must still pass your merchant id.
paypal_email Email Your PayPal Email address - identifies which of your linked PayPal accounts the payment is to be processed under. Specify test@example.com for making test payments. In order to conduct live payments you must link a PayPal account to your PayWay facility.
information_fields Text Comma-separated list of input field names which contain customer specific information.
required_fields Text Comma-separated list of input field names that must be entered by your customer before a payment can be made.
hidden_fields Text Comma-separated list of input field names that contain customer information that you require to identify the customer or payment, but do not wish to display to the customer.
suppress_field_names Text Comma-separated list of input information field names whose labels you do not wish to display.
receipt_address Email Address The customer's email address to which a payment notification email will be sent.
surcharge_rates Text Use surcharges as configured via PayWay sign-in. The field can be used if you wish to define the card scheme surcharge rates to be applied to payments on a payment by payment basis. This field may only be used as part of a Token Request.

See surcharge_rates below.

surcharge_rates

In general, surcharges should be configured as follows:-

  1. Sign-in to PayWay
  2. Click on "Administration" in the menu
  3. Click on "Surcharges" in the menu

The format of this field is as follows: VI/MC=0.6,UP=1.0,AX=1.5,DC=2.0.

This would set the surcharge rate to 0.6% for Visa/MasterCard, 1% for UnionPay, 1.5% for American Express and 2.0% for Diners Club.

Valid codes to use are:

  • VIC = Visa Credit
  • VID = Visa Debit
  • VI = Both Visa Credit and Visa Debit
  • MCC = Mastercard Credit
  • MCD = Mastercard Debit
  • MC = Both Mastercard Credit and Mastercard Debit
  • VI/MC = Visa Credit, Visa Debit, Mastercard Credit and Mastercard Debit
  • UP = UnionPay
  • AX = American Express
  • DC = Diners Club

Payment reference parameters

These are generally used for Bill Payments, Donations and Membership Renewals where a payment is collected against a reference number. Use payment_reference for a shopping cart to track the cart number.

Name Type Default Description
payment_reference Text Your reference number used to allocate the payment. e.g. customer number, member number, invoice number, policy number, shopping cart id etc. This appears as "Customer Reference Number" on PayWay transaction reports and is included in server to server payment notifications and browser redirects back to your site.
payment_reference_text Text Customer Reference Number The label associated with your payment reference. Displayed on the left of payment reference field.
payment_reference_text_help Text The help text associated with your payment reference. Displayed on the right of the payment reference field.
payment_reference_minimum_length Number 1 The minimum length allowed for the payment reference.
payment_reference_maximum_length Number 20 The maximum length allowed for the payment reference.
payment_reference_check_digit_algorithm Text Specifies the check digit algorithm to be applied to the payment reference. Use MOD10V01 for the Luhn algorithm (also known as Mod 10 Version 1), or MOD10V05 for the Mod 10 Version 5 algorithm, or MOD10V08 for the Mod 10 Version 8 algorithm, or MOD10V17 for the Mod 10 Version 17 algorithm.
payment_reference_change Boolean false If you are passing a payment_reference and want to allow your customer to edit the value, set this field to "true". NB. A technically adept customer could modify the payment reference if you are posting parameters via form input fields.
payment_reference_required Boolean true Flag to indicate if you require a payment reference. Set to false if you do not use payment references.
payment_amount Number Amount of the payment. If you are using surcharges, this is the amount before any surcharge is added by PayWay. A value specified for the payment_amount parameter will override PayWay's calculated payment total, though the products will still be displayed as provided. NB. A technically adept customer could modify the payment amount if you are posting parameters via form input fields.
payment_amount_text Text Payment Amount The text associated with your payment amount. Displayed on the left of payment amount field.
payment_amount_text_help Text The help text associated with your payment amount. Displayed on the right of the payment amount field.
payment_amount_minimum Number 0.01 The minimum payment amount you accept.
payment_amount_maximum Number 10000 The maximum payment amount you accept.
payment_amount_change Boolean false If you are passing a payment_amount and you want to allow your customer to edit the value, set this field to "true". NB. A technically adept customer could still modify the payment amount if you are posting parameters via form input fields.

Token lookup parameters

This field is used to instruct PayWay to make a payment against a token requested earlier.

Name Type Default Description
token Text This is the token returned from a token request. PayWay will look up parameters based on the values passed for this token request. The biller_code must also be provided.

Credit card parameters

These are used to provide PayWay with the credit card details. These fields can only be provided via a HTML form post. If you pass these parameters, then you must also pass the token parameter.

Name Type Default Description
action Text Specify MakePayment to indicate that the payment should be collected immediately. The Credit Card details must be provided in the same request.
no_credit_card Number The credit card number
nm_card_holder Text The credit card holder name
dt_expiry_month Two digit number The expiry month
dt_expiry_year Four digit number The expiry year
no_cvn Three or four digit number The Card Verification Number (CVN). This is also known as Card Verification Value (CVV).

Product field parameters

These fields can be used to display a list of products.

Name Type Default Description
gst_rate Number Set this value if you would like PayWay to display GST against your products. Use value 10 for a GST rate of 10%.
gst_added Boolean false Flag to indicate whether you have included GST in the product's unit price. Use true if you have already added the GST. Use false if you have NOT already added the GST and want PayWay to add it.
gst_exempt_fields Text Comma-separated list of product field names that should not have GST added.
print_zero_qty Boolean true Flag to indicate if product fields with a zero quantity should be displayed. If you do not wish to display products with zero quantity, set this value to false. Any other name not listed in this table, or as one of the information_fields or hidden_fields. Any other field that is not listed will be interpreted as a product field. The name of the field should be the product name which is to be displayed. The value of the field is the quantity (number of products), followed by the unit price.

Browser return and redirect parameters

In general, these settings should be configured through the PayWay Setup Net Wizard. These fields are only valid when requesting a token.

Name Type Default Description
return_link_url HTTP URL The URL that will be used when the customer clicks the link back to your website. If you wish to receive information and hidden fields, specify the name of the fields in this URL: www.example.com?PromotionCode&Name&Address
return_link_text Text Return to <Business> The text that will be displayed on the payment receipt page to allow the customer to return to your website.
return_link_redirect Boolean false Flag to indicate whether an automatic redirection from the payment receipt page to your website should be performed.
return_link_payment_status Text all Indicates for what payment statuses (all, approved, declined) the return link will be displayed or used for redirection.
return_link_url_pre_payment HTTP URL The website URL will be used to allow the customer to return to your website prior to making a payment.
return_link_text_pre_payment Text The text that will be displayed on the button to allow the customer to return to your website prior to making a payment.

Server-to-server payment notification parameters

In general, these should be configured through the PayWay Setup Net Wizard. These fields are only valid as part of a token request.

Name Type Default Description
payment_alert Email Address Your email address to which a payment notification email will be sent.
reply_link_url HTTPS URL PayWay will send the server to server payment notification to this URL.
reply_link_post_type Text Specifies the format to be sent in the server-to-server message. Valid values are: xml, extended. Leave this field blank for the default format, and add parameters to reply_link_url to request parameters. See Payment Notification Parameters.
reply_link_email Email Address The fallback email address that an email notification will be sent to when server-to-server messages fail after three attempts.
reply_link_payment_status Text all Indicates for what payment statuses (all, approved, declined) the server-to-server messages will be sent.

Payment notification parameters

This appendix lists the PayWay built-in parameters that are returned as part of a server to server Payment Notification. The parameters you will receive depend on the configuration.

Extended and XML post types

Parameter Name Post Type - Server to Server Extended Post Type = Server to Server XML Description
am_payment Yes Yes Amount of attempted transaction in dollars and cents. This includes any surcharge which has been paid.
am_surcharge Yes Yes Amount of Surcharge in dollars and cents.
cd_response Yes Yes The two digit response code.
cd_summary Yes Yes Use this to determine if the transaction was approved.
dt_payment Yes Yes The settlement date of the payment. Transactions after 6pm Sydney time are settled on the following day. Format: YYYYMMDD.
fl_success Yes Yes 0 = declined payment, 1 = approved payment
nm_card_holder Yes Yes The name of the credit card holder.
nm_card_scheme Yes Yes One of the following card schemes: VISA, MASTERCARD, UNIONPAY, AMEX, DINERS, UNKNOWN, JCB.
no_receipt Yes Yes Receipt Number for the transaction generated by PayWay.
password Yes (https)
No (http)		 Yes (https)
No (http)		 Your server must check that this password is correct to ensure the message came from PayWay. The password is displayed in the Setup Net wizard.
payment_reference Yes Yes The payment reference entered by the customer or passed to PayWay using the payment_reference parameter.
ti_payment Yes Yes The date/time of the transaction on the PayWay server in Sydney time. Format: 18 Sep 2009 15:04:43
TruncatedCardNumber Yes Yes The masked card number. e.g. 456471...004
tx_response Yes Yes The description of the response code.
username Yes (https)
No (http)		 Yes (https)
No (http)		 This is your PayWay client number (e.g. Q10000). This can be used if you have multiple PayWay facilities to distinguish which facility the payment is for.
PayPalEmailAddress Yes Yes If a PayPal transaction was conducted, this parameter will provide the buyer's PayPal email address.
Parameter/Name, Parameter/Value Yes Yes Information and hidden fields you send to PayWay are returned to in the server-to-server post-back.

XML post rype

If set to xml, the parameters will be built into a XML document and passed to your server as the body of a request of content-type application/xml.

The document will be of the form:


<PaymentResponse>
  <cd_source>net</cd_source>
  <no_receipt>1002431909</no_receipt>
  <payment_reference>Invoice No. 5</payment_reference>
  <cd_community>PAYWAY</cd_community>
  <cd_supplier_business>QXXXXX</cd_supplier_business>
  <am_payment>11.00</am_payment>
  <am_surcharge>1.00</am_surcharge>
  <nm_card_scheme>VISA</nm_card_scheme>
  <dt_payment>20120627</dt_payment>
  <tx_response>Approved or completed successfully</tx_response>
  <cd_summary>0</cd_summary>
  <ti_payment>27 Jun 2012 16:02:47</ti_payment>
  <cd_response>00</cd_response>
  <TruncatedCardNumber>456471...004</TruncatedCardNumber>
  <nm_card_holder>Tommy Testman</nm_card_holder>
  <fl_success>1</fl_success>
  <parameter>
    <name>test field</name>
    <value>test value</value>
  </parameter>
  <username>QXXXXX</username>
  <password>XXXXXXXXX</password>
</PaymentResponse>

Default post type

Parameters for the default post type are the same as the parameters listed in Browser Redirect Parameters. The parameters are sent as POST parameters. In order to request parameters, you must include them in your Notification URL as follows:

www.example.com?payment_reference&payment_status

Hidden and information fields are always included.

Browser redirect parameters

The following is a list of the parameters that are returned as part of the browser redirect. Parameters are passed as an encrypted string.

Parameter Name Description
bank_reference Receipt number generated by PayWay
card_type One of the following card schemes: VISA, MASTERCARD, UNIONPAY, AMEX, DINERS,UNKNOWN, JCB.
payment_amount Total amount of attempted transaction in dollars and cents. This includes any surcharge or GST which has been included paid.
payment_date The settlement date of the payment. Transactions after 6pm Sydney time are settled on the following day. Format: YYYYMMDD
payment_number Receipt number generated by PayWay
payment_reference The payment reference input by the customer or passed to PayWay using the payment_reference parameter.
payment_status declined or approved
payment_time The date/time of the transaction on the PayWay server in Sydney time. Format: 18 Sep 2009 15:04:43
remote_ip The IP address of the customer.
response_code The two digit response code.
response_text The description of the response code.
summary_code Use this to determine if the transaction was successful or not.
information fields Information fields you sent to PayWay are included if you specify them in your return URL. For example, if you have information fields named Name and "Address1 and Address2, you can request these by setting the return URL to: www.example.com?Name&Address1&Address2
hidden fields Hidden fields you sent to PayWay are included if you specify them in your return URL. For example, if you have a hidden fields named PromotionCode and PartnerCode, you can request these by setting the return URL to: www.example.com?PromotionCode&PartnerCode

Common response codes

Disclaimer

The information contained in this publication is provided for learning purposes only and is subject to change. Revisions may be issued from time to time that encompass changes or additions to this module.

This is a guide only and it is not comprehensive. It does not impinge on or overrule any formal arrangement you may enter into with the Bank. The Bank and its officers shall not have any liability for any losses of any kind incurred in connection with any action, inaction or decision taken in reliance on the information herein or for any inaccuracies, errors or omissions. In this publication references to the "Bank" are to Westpac Banking Corporation ABN 33 007 457 141 and to any of its operating Divisions, including BankSA and St.George.