The Hosted Payment Page is a checkout that contains only the step of selecting the payment method. It is a HTML form with responsive design that is displayed properly on all devices.
In the case of payments via Hosted Payment Page, the shop redirects its customers to the 1cs Online Payment System HTML form where they selects their payment method. After confirming the selection depending on the payment method 1cs Online Payment System forwards the customer to a 1cs Online Payment System HTML form or to a form from an external service provider and notifies the shop after completion about the payment result.
Following table contains the payment methods which you can use via Hosted Payment Page:
Payment type
PayType
Credit card
CC
Direct debit
EDD
PayPal
PayPal
iDEAL
iDEAL
Klarna
KlarnaPM
Sofort
Sofort
giropay
giropay
paydirekt
paydirekt
Alipay
Alipay
Bancontact
BanconPP
Bank Transfer
BankTranPP
BitPay
BitPayPP
Bluecode
Bluecode
Dragonpay
DragonPP
eNETS
ENETSPP
Finland Online Bank Transfer
FinOBTPP
Indonesia ATM
IndoATMPP
Multibanco
MultibanPP
My Bank
MyBankPP
MyClear FPX
MyClearPP
Przelewy 24
P24PP
POLi
POLiPP
PostFinance
POSTFINPP
paysafecard
PSCPP
QIWI
QIWIPP
RHB Bank
RHBBankPP
SafetyPay
SafetyPPP
7-Eleven
SevenElePP
Skrill
SkrillPP
TrustPay
TrustPayPP
Apple Pay
ApplePay
B4Payment
B4Payment
Boleto
BoletoPP
CUP
CUPPP
EPS
EPS
Wechat
WechatPP
Following table lists all card brands that can be uses via the Hosted Payment Page. When submitting the value CC in parameter PayTypes all brands are displayed that are configured for a certain merchant. Selecting specific brands can be done by submitting a string of the desired brand names separated by pipe signs.
Kreditkartenmarke / Scheme Names → values for CCBrand
AirPlus
AMEX
ARGENCARD
Aura
Bancontact
CABAL
Cartes Bancaires
Maestro
CBN
CENCOSUD
ComfortCard
CUP
Dankort
DINERS
Discover
Elo
Hipercard
JCB
Laser
Maestro
MasterCard
NARANJA
RuPay
SHOPPING
TOTAL
VISA
1.2 Process of payment
To make payments via the Hosted Payment Page you send a request to following URL with HTTPS GET or HTTPS POST:
All details required for payment processing are forwarded as parameters. The parameters are encrypted with Blowfish to ensure that neither the customer nor a third party can manipulate the data.
When calling the form, the OPS decrypts the parameters and shows the HTML page with the payment methods. The customer selects the payment method and triggers the forwarding by clicking the button “Next”.
After the payment has been made the OPS redirects the customers back to a shop page via HTTPS GET (URLSuccess, URLFailure) and transmits the result of the payment as a Blowfish-encrypted parameter string to these URLs. In addition, the OPS transmits the result via HTTPS POST to the shop’s Notify page (URLNotify). The shop accepts the payment result and decrypts the data in order to inform the customer about the status.
1.3 Calling the Hosted Payment Page
Calling the Hosted Payment Page starts with the correct composition of the parameters which consist of a key and a value and which are separated by an equals sign (=):
MerchantID=Test
All parameters are assembled in a character string and separated by the character &:
Amount=100&Currency=EUR&TransID=12345
Notice: Since the characters “=” and “&” are used as separating characters, these characters cannot be transmitted as values. All values which you transmit without BlowFish-encryption must be URL-Encoded.
A correct parameter character string for the OPS contains three basic parameters: MerchantID, Len and Data. The parameters MerchantID and Len are unencrypted. Only the Data parameter is Blowfish-encrypted:
The Data parameter contains the sensitive payment details such as amount and currency. The encrypted bytes are Hex-encoded and completed to two characters from the left with a zero. Encryption is via Blowfish ECB and is available to you as source-code and components.
The Len parameter is very important for encryption because it contains the length of the unencrypted(!) character string in the Data parameter. Since the data quantity to be encrypted is increased by a multiple of 8 in the case of the Blowfish encryption, the correct length of the character string must be known for decryption. Otherwise accidental characters emerge at the end of the character string.
The parameters are transmitted via HTTPS POST or HTTPS GET. The recommended transmit method is HTTPS POST because the parameter character string in the case of GET is attached to the URL, which is limited to 2048 bytes depending on the browser.
Notice: Please note that the maximum length of a payment request is limited to 5120 characters. If you require longer strings please contact First Cash Solution Support.
The following listings show the development of a payment request. The first listing is the unencrypted parameter character string:
Notice: Please note that parameters like Language or URLBack are transmitted unencrypted. A table with all possible unencrypted parameters can be found also witihn this document.
2 1cs OPS interface
2.1 Definitions
2.1.1 Data formats
Format
Description
a
alphabetical
as
alphabetical with special characters
n
numeric
an
alphanumeric
ans
alphanumeric with special characters
ns
numeric with special characters
bool
boolean expression (true or false)
3
fixed length with 3 digits/characters
..3
variable length with maximum 3 digits/characters
enum
enumeration of allowed values
dttm
ISODateTime (YYYY-MM-DDThh:mm:ss)
2.1.2 Abbreviations
Abbreviation
Description
Comment
CND
condition
M
mandatory
If a parameter is mandatory, then it must be present
O
optional
If a parameter is optional, then it can be present, but it is not required
C
conditional
If a parameter is conditional, then there is a conditional rule which specifies whether it is mandatory or optional
Notice: Please note that the names of parameters can be returned in upper or lower case.
2.2 Parameters of the Hosted Payment Page
These parameters are mandatory for all payment methods and has to be submitted Blowfish-encrypted within the Data parameter to the Hosted Payment Page.
Notice: Please take all further parameters specifically for a payment method from the manual of that respective payment method.
The following table describes the encrypted payment request parameters:
Key
Format
CND
Description
MerchantID
ans..30
M
MerchantID, assigned by First Cash Solution. Additionally this parameter has to be passed in plain language too.
Amount
n..10
M
Amount in the smallest currency unit (e.g. EUR Cent) Please contact the helpdesk, if you want to capture amounts < 100 (smallest currency unit).
Currency
a3
M
Currency, three digits DIN / ISO 4217
MAC
an64
M
Hash Message Authentication Code (HMAC) with SHA-256 algorithm.
TransID
ans..64
M
TransactionID which should be unique for each payment
RefNr
ns..30
O
Unique reference number -> exact format depends on the available paymethods for your MerchantId. Please choose your format in that way that all paymethods are covered.
OrderDesc
ans..384
M
Description of purchased goods, unit prices etc. Please note: The first 27 characters appear on the customer-account statement. You can view the full data in the Merchant Cockpit.
UserData
ans..1024
O
If specified at request, the OPS forwards the parameter with the payment result to the shop
URLSuccess
ans..256
M
Complete URL which calls up the OPS if payment has been successful. The URL may be called up only via port 443 This URL may not contain parameters: In order to exchange values between the OPS and shop, please use the parameter UserData. -> Common notes: – We recommend to use parameter “response=encrypted” to get an encrypted response by Paygate – However, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess. Therefore ensure to check the “code”-value which indicates success/failure of the action. Only a result of “code=00000000” should be considered successful.
URLFailure
ans..256
M
Complete URL which calls up the OPS if payment has been unsuccessful. The URL may be called up only via port 443 This URL may not contain parameters: In order to exchange values between the OPS and shop, please use the parameter UserData. -> Common notes: – We recommend to use parameter “response=encrypted” to get an encrypted response by Paygate – However, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess/URLNotify. Therefore ensure to check the “code”-value which indicates success/failure of the action. Only a result of “code=00000000” should be considered successful.
Response
a7
O
Status response sent by the OPS to URLSuccess and URLFailure, should be encrypted. For this purpose, transmit Response=encrypt parameter.
URLNotify
ans..256
M
Complete URL which the OPS calls up in order to notify the shop about the payment result. The URL may be called up only via port 443 It may not contain parameters: Use the UserData parameter instead. -> Common notes: – We recommend to use parameter “response=encrypted” to get an encrypted response by Paygate – However, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess/URLNotify. Therefore ensure to check the “code”-value which indicates success/failure of the action. Only a result of “code=00000000” should be considered successful.
ExpirationDate
ans..19
O
Timestamp for the end time of the PaymentPage call, currently specified in European time (CET/DST). Time zone evaluation will be changed to UTC uniformly soon. Format: YYYY-MM-ddTHH:mm:ss
Parameters for Hosted Payment Page
Following parameters are optional and can be submitted unencrypted to the Hosted Payment Page:
Key
Format
CND
Description
Template
ans..20
O
Name of XSLT-file with your own layout for the HPP pay form.
CCTemplate
ans..20
O
Name of XSLT-file with your own layout for the credit card form. This is used only if the customer selects a credit card brand and then clicks on „Next“ button. If you don’t submit a value the responsive First Cash Solution credit card form template is displayed.
SDDTemplate
ans..20
O
Name of XSLT-file with your own layout for the direct debit form. This is used only if the customer selects direct debit as payment method and clicks on „Next“ button. If you don’t submit a value the responsive First Cash Solution direct debit form template is displayed.
Language
a2 (enum)
O
Language code: <de> German, <al> Albanian, <at> Austrian, <cz/cs> Czech, <dk> Danish, <en> English, <fi> Finish, <fr> French, <gr> Greek, <hu> Hungarian, <it> Italian, <jp> Japanese, <nl> Dutch, <no> Norwegian, <pl> Polish, <pt> Portuguese, <ro> Romanian, <ru> Russian, <es> Spanish, <se> Swedish, <sk> Slovakian, <sl> Slovenian, <tr> Turkey, <zh> Simplified Chinese. No details means the language is German. -> The supported languages may vary depending on the selected template.
URLBack
ans..256
O
Complete URL which Paygate calls in case that Cancel is clicked by the customer. The parameter “URLBack” can be sent – either as plain parameter (unencrypted) (compatibility mode) – or be part of encrypted payment request parameters (preferred mode)
PayTypes
ans..256
O
With this parameter you can override the payment methods to be displayed, i.e. you can decide within this parameter separated by pipe which of the available payment methods are displayed. Take the possible values from the column PayType within the table of payment methods given above. Example: …&PayTypes=CC|EDD|Alipay
3.0 1cs Online Payment System default templates customization
How to customize the payment page?
When the merchant decides to use the standard Computop payment page, there possibility to insert his logo and customize up to 9 specific fields (also called CustomFields) of the payment form.
CustomField1
ans..50
O
Amount and currency of the transaction
CustomField2
ans..50
O
Order’s number
CustomField3
ans..50
O
Merchant’s logo, URL of the logo. Format: .png Logo can be in any size, templates will adjust the preferred size.
CustomField4
ans..50
O
Order’s description
CustomField5
ans..50
O
Buyer’s information
CustomField6
ans..50
O
Shipping information
CustomField7
ans..50
O
Delivery information
CustomField8
ans..50
O
Name of a new field added by the merchant
CustomField9
ans..50
O
Value of a new field added by the merchant
URLBack
ans..50
O
Page to return if customer decides to cancel the payment form using “x” button in upper right corner
“Als eine der bekanntesten Opernhäuser der Welt steht die Semperoper Dresden für herausragende Kultur und Qualität.
Im Bereich der Zahlungs-abwicklung setzen wir deshalb auf die 1cs – für uns die perfekte Kombination aus persönlicher Betreuung und individuelle Beratung auf höchstem Niveau.”
Doris Schneider, Leiterin Vertrieb und Service
“Wir setzen bei Fahrrad XXL auf den verlässlichen Service der First Cash Solution und fühlen uns hier bestens aufgehoben!”
Peter Hürter, Fahrrad XXL
“Die First Cash Solution ist stets zuverlässig und bietet einen super Service durch ständige Bereitschaft uns zu helfen sowie schnelle und kompetente Antworten auf all unsere Fragen.”
Thomas Quindt, Projektleiter SOCCERBEAT GmbH
Gebühr der Kartenorganisationen:
Werden von den Kreditkartenorganisationen wie Visa oder Mastercard erhoben, sie werden auch Card Scheme Fees (CSF) genannt.
Bearbeitungsgebühr:
Wird von Deinem Zahlungsanbieter/Acquirer berechnet, in Deinem Fall von uns (1cs). Sie wird auch Acquirer Service Fee (ASF) genannt.
Interchange-Gebühr:
Wird von der kartenherausgebenden Bank bzw. Issuer in Rechnung gestellt. Sie wird auch Interchange Fee (ICF) genannt.
“Hier wird uns bei jedem Anliegen kompetent, unkompliziert und schnell geholfen! Daher können wir die First Cash Solution nur empfehlen.”
Sandra von Bargen, Hachez CHOCOVERSUM GmbH
„Die unkomplizierte schnelle Betreuung passt 100% zu uns und unserem Abrechnungssystem.“