Accept a new card payment

Use and modify the sample scripts to generate a secure payment form for your websites so that you can submit payment requests. Use notifications sent to your merchant POST URL to understand payment outcomes.

The PHP example below demonstrates the required fields for the request.

  1. To start the sample application run the payment_form.php provided in the sample PHP script.

  2. POST to the URLs:

    • Test: https://testsecureacceptance.cybersource.com/pay

    • Production: https://secureacceptance.cybersource.com/pay

    <form id="payment_confirmation" action=" https://testsecureacceptance.cybersource.com/pay" method="post" />
    
  3. Include the following schema in your form.

    FieldDescriptionData typeExample
    access_keyRequired for authentication. Generated through Enterprise Business Center portal.Alphanumeric String (32)2ad5c980feb838f1b3ec8b4477bb959e
    profile_idIdentifies the profile to use with each transaction. Generated through Enterprise Business Center portal.-D599681B-023C-4C3C-BF38-B42BF474F990&
    transaction_uuidUnique merchant generated order reference or tracking number for each transaction. Enter unique number.Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (40)61f1d92624938&
    signed_field_namesA comma-separated list of request fields that are signed. This field is used to generate a signature that is used to verify the content of the transaction to protect it from tampering.AlphaNumeric Variableaccess_key, profile_id, transaction_uuid, signed_field_names
    unsigned_field_namesA comma-separated list of request fields that are not signed.-signed_date_time, locale, transaction_type, reference_number, amount, currency, bill_to_surname, bill_to_forename, bill_to_address_line1, bill_to_address_postal_code, bill_to_address_countr, bill_to_email, bill_to_address_city, override_custom_cancel_page, override_custom_receipt_page, override_backoffice_post_url, payer_authetication_transaction_mode.
    amountTotal amount for the payment, including major and minor components separated by decimal.String (15)100.01
    currencyUsed for the order ISO Currency Code.Alpha String (3)GBP
    localeUsed to present fields in EnglishAlpha String (5)en
    reference_numberUnique merchant generated order reference or tracking number for each transaction (Enter Unique Number).Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (50)1643239719138
    signed_date_timeThe date and time that the signature was generated. Used to detect duplicates. Must be in UTC Date & Time separated by 'T'.
    Format: YYYY-MM-DDThh:mm:ssZ
    ISO 8601 Date2020-08-11T22:47:57Z
    transaction_typeUsed to instruct the sale/authorization.String (enumerated)
    Possible values:
    • sale - recommended
    • authorization - you must capture your funds for settlement
    sale
    partner_solution_idWill be allocated to each partner that refers merchants to Worldpay.
    Not necessary for a direct integration.
    String (100)-
    bill_to_surnameCustomer's last name. This name must be the same as the name on the card.Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (60)Appleseed
    bill_to_forenameCustomer's first name. This name must be the same as the name on the card.Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (60)John
    bill_to_emailCustomer's email address, including the full domain name.Email String (255)john.appleseed@email.com
    bill_to_address_line1First line of the billing address.String (60)22 York Road
    bill_to_address_cityCity in the billing address.String (50)Guildford
    bill_to_address_postal_codePostcode in the billing address.Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (10)GU1 2AB
    bill_to_address_countryISO Country CodeAlpha String (2)GB
    payer_authentication_transaction_modeIdentifies the channel from which the transaction originates.
    Use 'S' for e-Commerce.
    String (1)S
    override_backoffice_post_urlYour POST URL to which Cybersource payment responses will be sent.
    URL must be HTTPS and support TLS 1.2 or later.
    URL String (255)https://www.notifications.worldpay.com
    override_custom_cancel_pageYour cancel page URL to which a customer who cancels the page will be redirected.
    URL must be HTTPS and support TLS 1.2 or later.
    URL String (255)https://www.cancel.worldpay.com
    override_custom_receipt_pageYour receipt page URL to which a customer whose payment is authorized will be redirected.
    URL must be HTTPS and support TLS 1.2 or later.
    URL String (255)https://www.success.worldpay.com
    card_cvnCard verification number (also called Card verification value or Card secure code).
    Typically 3 digits, but 4 digits for AMEX.
    Numeric String (4)123
    processingInformation.commerceIndicatorOptional field used to indicate the type of transaction. By default this field indicates an eCommerce checkout.

    Set this field to "MOTO" if you are taking MOTO payments. This transaction type must be used with the MOTO MID provided.
    StringMOTO
  4. Enter the following test details to complete a test transaction.

    FieldValue
    VisaVisa
    Card NumberREMOVED
    Expiry Month12
    Expiry Year2024
    Security Code123

Payment response notifications will be sent to the POST URL specified in the override_backoffice_ post_url field of your request.

They will reference the transaction_uuid.

Response schema

The response notifications will follow the schema given below:

NameDescriptionData typeExample
decisionThe result of your request. Possible values:
  • ACCEPT
  • DECLINE
  • REVIEW
  • ERROR
  • CANCEL
String (7)Accept
reason_codeNumeric value corresponding to the result of the payment card transaction request. Refer to reason code table for the description.String (5)204
req_transaction_uuidUnique merchant-generated identifier that you included in the payment request.Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (40)61f1d92624938&
transaction_idThe transaction identifier returned from the payment gateway that you will use for managing payments via the REST API.String (26)-
signatureThe Base64 signature returned by the server.String (44)-
payer_authentication_validate_resultRaw authentication data received from the card issuing bank that indicates whether authentication was successful and whether liability shift occurred. This field contains one of these values:
  • -1: Invalid PARes.
  • 0: Successful validation.
  • 1: Cardholder is not participating, but the attempt to authenticate was recorded.
  • 6: Issuer unable to perform authentication.
  • 9: Cardholder did not complete authentication.
String (255)0
payer_authentication_reason_codeNumeric value corresponding to the result of the payer authentication request.String (5)476
payment_tokenIdentifier for the payment details. The payment token retrieves the card data, billing information and shipping information from the payment repository.String (26)3529893314302230000000

To ensure the integrity of the response fields, a signature is included in the response. This signature is generated using the same secret_key value that was used to generate the request signature.