Documentation
WebsiteHelp

Hosted AddCard Page

Suggest Edits

Ecentric’s Hosted AddCard Page is a quick set-up, PCI DSS compliant service that enables customers to save cards on a secure page hosted by Ecentric Payment Systems.

When a customer saves their card, the card details are encrypted with industry-standard cryptography and stored in Ecentric’s PCI-compliant vault. In this process, stored cards are also tokenised – which is a security technique of associating a unique, random set of characters called a “token” with each stored card. This helps keep payment data safe during transactions, because tokens are used instead of card numbers.

Implementation

Step 1: Generate signature

Use the following fields when generating a SHA256 signature (also called a checksum):

  • Secret Key provided by Ecentric
  • MerchantID provided by Ecentric
  • UserID is a value generated by the merchant and is a unique reference to identify returning customers. The data type is ALPHANUMERIC only (no spaces or special characters).

📘

Important

The variables are required to be pipe ('|' ) delimited and the hashed value then converted to upper case.

Example: SHA256(“SecretKey|MerchantID|UserID”).Upper()


Step 2: Call Hosted AddCard Page

Send an HTML form POST with the required fields (specified below) and signature to the endpoint URL: https://sandbox.ecentric.co.za/hpp/wallet/addcard

  • MerchantID
  • UserID
  • ChecksumHash

Step 3: Process the response

The Gateway will return an HTML form POST with the response back to the URL that was provided by the merchant. The expected successful and failure transaction response fields are listed below. (See Hosted Payment Data Fields for further details regarding each field).

The response will include a checksum value generated by Ecentric using the calculation elements below. It is recommended that merchants implement their own checksum calculation and compare it to the value received in order to verify that the response data originated from Ecentric and has not been tampered with.

Signature elements to be used to calculate the checksum in the response:
SHA256(“SecretKey|Token|UserID|Result|Message”).Upper()

Response Example

<form method="post" action="http://staging.live.securemobipay.com/server/fake_oauth.php?action=ecentric_card_tokenize_response">
<input type="hidden" name="Token" value="DB633ED0-4D58-471E-8A2B-648FD012A955">
<input type="hidden" name="UserID" value="whatever UserID passed by Merchant">
<input type="hidden" name="Message" value="Success.">
<input type="hidden" name="Checksum"  value="E840DCC7DC154EC0E9605A0168FB75F2AC5D9ECCD1199D010DA99AF85F942A61">
<input type="hidden" name="Result" value="Success">
</form>

Updated about 2 months ago