The payment form allows a merchant to send the customer to USAePay for the collection of secure payment information. This eliminates the need for individual merchants to maintain their own SSL certificates. To implement the payment form, the merchant's website needs to redirect the customer to a specially formatted URL or display a form that will post to the USA ePay site. For more information on using the payment form, please see the ePayment Form Manual.
[TODO: write better intro]
If you need to provide your customers with a link that directs them to our secure ePayment form the customer can click on a direct link, or the merchant's site can redirect the customer to a URL in the following format:
https://www.usaepay.com/interface/epayform/[key]/[command]?UMamount=[amount]&UMinvoice=[invoice]&UMmd5hash=[hash]
Where [key] is the source key copied from the sources screen, [command] is either sale, credit or authonly, [amount] is the total monetary amount of the transaction, [invoice] is the invoice or order number and [hash] is the md5hash pin (See Source Pin Code). Pin and hash are optional.
Simple sale form with a hard-coded final amount of 100.00
Simple authorization only form with a hard-coded final amount of 100.00
Simple authorization only form with a hard-coded final amount of 100.00, a description of “ePaymentForm, and the Order Number 123456
The customer can also post data directly to the payment form. The merchant's website would just need to present the customer with an HTML page containing the following form:
<form action="https://www.usaepay.com/interface/epayform/">
<input type="hidden" name="UMkey" value="[key]">
<input type="hidden" name="UMcommand" value="sale">
<input type="hidden" name="UMamount" value="[amount]">
<input type="hidden" name="UMinvoice" value="[invoice]">
<input type="hidden" name="UMmd5hash" value="[hash]">
<input type="submit" value="Continue to Payment Form">
</form>
Any of the form fields, will be managed by the API. If you create a custom payment form, you must make sure to include a hidden form field for any field you wish to pass through to the API.
If the amount will not be fixed, but will instead be entered manually by the merchant, change the input type from “hidden” to “text” as shown below:
<form action="https://www.usaepay.com/interface/epayform/">
<input type="hidden" name="UMkey" value="[key]">
<input type="hidden" name="UMcommand" value="sale">
<input type="text" name="UMamount" value="[amount]">
<input type="hidden" name="UMinvoice" value="[invoice]">
<input type="hidden" name="UMmd5hash" value="[hash]">
<input type="submit" value="Continue to Payment Form">
</form>
Setting UMtestmode to “true” puts the transaction into ”Test Mode”. For more information on what test mode does and credit card numbers to use with test mode, please see the test mode reference page.
These AVS codes are returned in the UMavsResultCode variable, and serve to provide developers with greater control over the AVS system. Many developers may choose to capture and display the UMavsResult variable instead. The UMavsResult variable contains the meaning of the code, rather than the code itself.
The following is a list of result codes for the Address Verification System (AVS) and what each one indicates. The codes listed in the Code column are the most common responses, but depending on the platform being used, codes listed in the Alternates column may be received.
| Code | Alternates | Meaning |
| YYY | Y, YYA, YYD | Address: Match & 5 Digit Zip: Match |
| NYZ | Z | Address: No Match & 5 Digit Zip: Match |
| YNA | A, YNY | Address: Match & 5 Digit Zip: No Match |
| NNN | N, NN | Address: No Match & 5 Digit Zip: No Match |
| YYX | X | Address: Match & 9 Digit Zip: Match |
| NYW | W | Address: No Match & 9 Digit Zip: Match |
| XXW | | Card Number Not On File |
| XXU | | Address Information not verified for domestic transaction |
| XXR | R, U, E | Retry / System Unavailable |
| XXS | S | Service Not Supported |
| XXE | | Address Verification Not Allowed For Card Type |
| XXG | G,C,I | Global Non-AVS participant |
| YYG | B, M | International Address: Match & Zip: Not Compatible |
| GGG | D | International Address: Match & Zip: Match |
| YGG | P | International Address: No Compatible & Zip: Match |
The following is a list of result codes for the CVV2/CVC2/CID verification system and what each one indicates. These codes are returned in the UMcvv2ResultCode variable and provide developers with greater control over the CVV2 system. Many developers choose to capture and display the UMcvv2Result variable instead. The UMcvv2Result variable contains the meaning of the code rather than the code itself.
The card security codes are 3 or 4 digit codes printed or embossed on Visa, Mastercard, American Express and Discover cards. These codes are also referred to as CVV2, CVC, CSC or CCID. Their purpose is to provide additional protection against fraudulent card use. Below is a list of possible result codes.
| Code | Meaning |
| M | Match |
| N | No Match |
| P | Not Processed |
| S | Should be on card but not so indicated |
| U | Issuer Not Certified |
| X | No response from association |
| (blank) | No CVV2/CVC data available for transaction. |
It is essential that developers pay attention to the version number of the API. The version number is broken up into three positions: compatibility.features.fixes. For example: v2.4.1 The first position (2 in this example) represents the compatibility level. Any application developed with any version 2 of the API will always work with any other revision of version 2. But applications developed with version 3, will not be compatible with version 2.
When a new version of the gateway API is released, the URL will change to keep scripts written on the old version from breaking. The second position (4 in this example) refers to the addition of new fields/features. These features provide additional functionality and are not mandatory. The third position (1 in this example) indicates bug fixes, when nothing structural has changed within the API.
The following is a list of CGI variables that need to be passed to the gateway url. If you are using the client-side method some can be embedded as hidden tags, and others much match your field. An example of a client-side form can be found above.
Note: CC stands for real-time credit card transactions, Checks stands for real-time check processing.
| Field | Required | Description |
| UMcommand | | Processing Command. Possible values are: sale, credit, void, creditvoid, authonly, capture, postauth, check and checkcredit. Default is sale. |
| UMkey | x | The source key (assigned by the server when you created a source in your virtual terminal). |
| UMmd5hash | | If a pin is set by the merchant then a validation hash consisting of the pin + the invoice number + the amount + an optional hash key is required. (See Source Pin Code section). |
| UMmd5key | | An optional string to increase uniqueness of hash string. |
| UMignoreDuplicate | | Set to yes if you would like to override the duplicate transaction handling. |
| UMauthCode | x | Authorization Code obtained “offline” (ie telephone authorization). Only required for Post Auth. |
| UMrefNum | x | The UMrefNum received when a transaction was authorized via either the “sale” or “authonly” commands. Required for void and capture commands. |
| UMcard | CC | Credit Card Number with no spaces or dashes. |
| UMexpir | CC | Expiration Date in the form of MMYY with no spaces or punctuation. |
| UMrouting | Checks | Bank Routing number. Required when UMcommand is set to check or checkcredit. |
| UMaccount | Checks | Checking Account Number. Required when UMcommand is set to check or checkcredit. |
| UMamount | x | Charge amount without $. This is the grand total including tax, shipping and any discounts. |
| UMcurrency | * | Currency of UMamount. Required if using a MCP based account. Must be one of the 3 digit numeric codes found here. |
| UMtax | | Portion of above charge amount (UMamount) that is sales tax. |
| UMnontaxable | | Set to yes if transaction is not taxable. (optional, platform dependant) |
| UMtip | | Portion of charge amount (UMamount) for gratuity (tip). |
| UMshipping | | Portion of above charge amount (UMamount) that is for shipping charges. |
| UMdiscount | | The amount of any discounts that were applied. |
| UMsubtotal | | The amount of the order before tip, shipping, discount and tax were applied. UMsubtotal+UMtip+UMshipping-UMdiscount+UMtax must equal UMamount. If UMsubtotal is not specified, it will be ignored. |
| UMcustid | | Unique customer id. |
| UMinvoice | x | Unique Invoice or order number. |
| UMorderid | | Order identifier. This field can be used to reference the order to which this transaction corresponds. This field can contain up to 64 characters and should be used instead of UMinvoice when orderid is longer that 10 digits. |
| UMponum | | Purchase Order number. Only required for corporate purchasing cards. |
| UMticket | | Obsolete, included for backward compatibility. Use UMinvoice instead |
| UMdescription | | Description of transaction. |
| UMcvv2 | | CVV2 data for Visa. |
| UMcustemail | | Customer's Email Address. |
| UMcustreceipt | | Yes/No. Sends the Customer a Receipt. This overrides the setting for the merchant and source. |
| UMname | x | Name on card or checking account. |
| UMstreet | CC | Street Address |
| UMzip | CC | Zip code |
| UMdlnum | Checks | Driver's license number. |
| UMdlstate | Checks | Driver's license state of issue. |
| UMchecknum | Checks | Check number. (optional) |
| UMclerk | | Indicates the clerk/person processing transaction, for reporting purposes. (optional) |
| UMtranterm | | Indiactes the terminal used to process transaction, for reporting purposes. (optional) |
| UMresttable | | Indicates the restaurant table, for reporting purposes. (optional) |
| UMip | | The IP address of the client requesting the transaction. This is used in many of the fraud modules. |
| UMsoftware | | Allows application developers to stamp their application name and version number onto each transaction. Used to assist customers with trouble shooting. (optional) |
| UMredir | |
| UMredirApproved | | Redirection URL - If the card is approved, redirect to this URL. No fields are passed back. Typically merchants should enable merchant receipts with this option. To enable merchant receipts for a source, see Merchant Email Receipts above. |
| UMredirDeclined | | Redirection URL - If the card is not approved, redirect to this URL. No fields are passed back. If UMredirApproved is set but UMredirDeclined is not, the gateway will display the template entered in the sources area. This feature overrides the “Declined Template” feature that is available in the Source Key settings screen. If both are set, the declined template will be ignored and the user will be redirect to the UMredirDeclined url. |
| UMechofields | | Echo input fields in response. If UMechofields is set to yes then all fields included in the form (except for the credit card number, key, expiration and cvc) will be included in the redirection URL as GET variables. This is only useful with the client-side method. For example if you post a form with the field “comments” to the gateway and set UMredir to “http://mysite.com/handler.cgi” then the gateway will redirect to http://mysite.com/handler.cgi?comments=… Please Note: Use of this feature is not recommended for security reasons. These fields will typically be logged in your web server log files. On many hosting companies these log files are world-readable which means that anyone would be able to read the information. |
| UMonError | | Instructs the gateway what to do when a decline is received when multiple transactions are being processed (see “Split Payments” above). Can be set to Stop, Continue or Void. Defaults to “Stop” |
| UMtestmode | | If UMtestmode is set to 1 the gateway will simulate a transaction without actually processing the card. All fraud and verification checks are performed. |
| Billing Address | Shipping Address |
| UMbillfname | UMshipfname |
| UMbilllname | UMshiplname |
| UMbillcompany | UMshipcompany |
| UMbillstreet | UMshipstreet |
| UMbillstreet2 | UMshipsreet2 |
| UMbillcity | UMshipcity |
| UMbillstate | UMshipstate |
| UMbillzip | UMshipzip |
| UMbillcountry | UMshipcountry |
| UMbillphone | UMshipphone |
| UMemail |
| UMfax |
| UMwebsite |
| Field | Description |
| UMrecurring | If set to yes, the system will enter the transaction as a recurring billing entry once the initial transaction has been approved. |
| UMbillamount | Sets the monetary amount to charge on each cycle. If this field is left blank the UMamount will be used instead. This is NOT the “initial” charge or “setup” charge, this is only the “recurring” charge. UMamount determines the initial charge. |
| UMschedule | Determines the recurring billing schedule. Possible values are daily, weekly, biweekly, monthly, bimonthly, quarterly, biannually, or annually. (defaults to monthly) |
| UMnumleft | Number of transactions remaining in recurring billing cycle. If the recurring billing should go on indefinitely, set this to *. (defaults to *) |
| UMstart | Start date. Default is tomorrow. Must be entered in YYYYMMDD format. If set to UMstart=next the date of the next billing cycle will be used. For example if today is 1/10/2004 and UMschedule=monthly then UMstart will be set to 2/10/2004. |
| UMexpire | Expiration date. The date when the billing will be disabled. Default is no expiration. Must be entered in YYYYMMDD format. |
| UMcustom[1-20] | Optional fields for storing custom data. This data is stored in customer record not the transaction record. |
The following fields are only required in participating in the Verified by Visa or Mastercard Secure Code programs:
| Field | Description |
| UMcardauth | Set UMcardauth=true to enable cardholder authentication using the integrated gateway authentication system. |
| UMpares | Cardholder authentication payload. (When using integrated authentication system.) |
| UMxid | This field is obsolete. |
| UMcavv | CAVV value received from third part authenticator. If you support CAVV but customer did not participate you must send UMcavv=-1. This flags our system that you support VbV/MC Secure Code. (Only needed if not using the gateway authentication system.) |
| UMeci | ECI value received from third party authenticator. (Only needed if not using the gateway authentication system.) |
The following fields are only required in a card present environment such as a retail store, restaurant or hotel.
| Field | Description |
| UMcardpresent | Set UMcardpresent=true to enable card present mode. If UMmagstripe is sent, UMcardpresent will be automatically set to true. |
| UMmagstripe | Mag stripe data read from card. Can include Track 1, Track 2 or both. |
| UMtermtype | The type of terminal being used: POS (cash register), StandAlone (self service terminal), Unattended (ie gas pump) Unkown (defaults to Unknown) |
| UMmagsupport | Describes the magstripe reading capabilities of your POS hardware: yes, no, contactless, unknown (default is unknown unless magstripe has been sent). |
| UMcontactless | UMmagstripe was read via contactless swiper: yes or no (default is no). |
The following CGI variables are returned to your script along with any other fields you have passed to gate.php. For example, if you pass the variable FavoriteColor, gate.php will echo FavoriteColor back in the response.
| Field | Description |
| UMstatus | Status of the transaction. The possible values are: Approved, Declined, Verification and Error. |
| UMauthCode | Authorization number. |
| UMrefNum | Transaction reference number |
| UMbatch | Batch reference number. This will only be returned for sale and auth commands. Warning: The batch number returned is for the batch that was open when the transaction was initiated. It is possible that the batch was closed while the transaction was processing. In this case the transaction will get queued for the next batch to open. |
| UMavsResult | AVS result in readable format |
| UMavsResultCode | AVS result code. |
| UMcvv2Result | CVV2 result in readable format. |
| UMcvv2ResultCode | CVV2 result code. |
| UMvpasResultCode | Verified by Visa (VPAS) or Mastercard SecureCode (UCAF) result code. |
| UMresult | Transaction result |
| UMerror | Error description if UMstatus is Declined or Error. |
| UMerrorcode | A numerical error code. |
| UMacsurl | Verification URL to send cardholder to. Sent when UMstatus is verification (cardholder authentication is required). |
| UMpayload | Authentication data to pass to verification url. Sent when UMstatus is verification (cardholder authentication is required). |
| UMisDuplicate | Indicates whether this transaction is a folded duplicate or not. 'Y' means that this transaction was flagged as duplicate and has already been processed. The details returned are from the original transaction. Send UMignoreDuplicate to override the duplicate folding. |
| UMconvertedAmount | Amount converted to merchant's currency, when using a multicurrency processor. |
| UMconvertedAmountCurrency | Merchant's currency, when using a multicurrency processor. |
| UMconversionRate | Conversion rate used to convert currency, when using a multicurrency processor. |
| UMcustnum | Customer reference number assigned by gateway. Returned only if UMrecurring=yes. |
