Accept a new card payment

Use and modify the sample scripts to generate a secure payment form for your websites so that you can submit payment requests. Use notifications sent to your merchant POST URL to understand payment outcomes.

The PHP example below demonstrates the required fields for the request.

1. To start the sample application run the payment_form.php provided in the sample PHP script.

2. POST to the URLs:

   • Test: https://testsecureacceptance.cybersource.com/pay

   • Production: https://secureacceptance.cybersource.com/pay

   <form id="payment_confirmation" action=" https://testsecureacceptance.cybersource.com/pay" method="post" />
   

3. Include the following schema in your form.

   Field	Description	Data type	Example
   access_key	Required for authentication. Generated through Enterprise Business Center portal.	Alphanumeric String (32)	2ad5c980feb838f1b3ec8b4477bb959e
   profile_id	Identifies the profile to use with each transaction. Generated through Enterprise Business Center portal.	-	D599681B-023C-4C3C-BF38-B42BF474F990&
   transaction_uuid	Unique merchant generated order reference or tracking number for each transaction. Enter unique number.	Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (40)	61f1d92624938&
   signed_field_names	A comma-separated list of request fields that are signed. This field is used to generate a signature that is used to verify the content of the transaction to protect it from tampering.	AlphaNumeric Variable	access_key, profile_id, transaction_uuid, signed_field_names
   unsigned_field_names	A comma-separated list of request fields that are not signed.	-	signed_date_time, locale, transaction_type, reference_number, amount, currency, bill_to_surname, bill_to_forename, bill_to_address_line1, bill_to_address_postal_code, bill_to_address_countr, bill_to_email, bill_to_address_city, override_custom_cancel_page, override_custom_receipt_page, override_backoffice_post_url, payer_authetication_transaction_mode.
   amount	Total amount for the payment, including major and minor components separated by decimal.	String (15)	100.01
   currency	Used for the order ISO Currency Code.	Alpha String (3)	GBP
   locale	Used to present fields in English	Alpha String (5)	en
   reference_number	Unique merchant generated order reference or tracking number for each transaction (Enter Unique Number).	Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (50)	1643239719138
   signed_date_time	The date and time that the signature was generated. Used to detect duplicates. Must be in UTC Date & Time separated by 'T'. Format: YYYY-MM-DDThh:mm:ssZ	ISO 8601 Date	2020-08-11T22:47:57Z
   transaction_type	Used to instruct the sale/authorization.	String (enumerated) Possible values: sale - recommended authorization - you must capture your funds for settlement	sale
   partner_solution_id	Will be allocated to each partner that refers merchants to Worldpay. Not necessary for a direct integration.	String (100)	-
   bill_to_surname	Customer's last name. This name must be the same as the name on the card.	Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (60)	Appleseed
   bill_to_forename	Customer's first name. This name must be the same as the name on the card.	Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (60)	John
   bill_to_email	Customer's email address, including the full domain name.	Email String (255)	john.appleseed@email.com
   bill_to_address_line1	First line of the billing address.	String (60)	22 York Road
   bill_to_address_city	City in the billing address.	String (50)	Guildford
   bill_to_address_postal_code	Postcode in the billing address.	Alphanumeric including ! "#$%&'()*+,-./:;=?@^_~ - (10)	GU1 2AB
   bill_to_address_country	ISO Country Code	Alpha String (2)	GB
   payer_authentication_transaction_mode	Identifies the channel from which the transaction originates. Use 'S' for e-Commerce.	String (1)	S
   override_backoffice_post_url	Your POST URL to which Cybersource payment responses will be sent. URL must be HTTPS and support TLS 1.2 or later.	URL String (255)	https://www.notifications.worldpay.com
   override_custom_cancel_page	Your cancel page URL to which a customer who cancels the page will be redirected. URL must be HTTPS and support TLS 1.2 or later.	URL String (255)	https://www.cancel.worldpay.com
   override_custom_receipt_page	Your receipt page URL to which a customer whose payment is authorized will be redirected. URL must be HTTPS and support TLS 1.2 or later.	URL String (255)	https://www.success.worldpay.com
   card_cvn	Card verification number (also called Card verification value or Card secure code). Typically 3 digits, but 4 digits for AMEX.	Numeric String (4)	123
   processingInformation.commerceIndicator	Optional field used to indicate the type of transaction. By default this field indicates an eCommerce checkout. Set this field to "MOTO" if you are taking MOTO payments. This transaction type must be used with the MOTO MID provided.	String	MOTO

4. Enter the following test details to complete a test transaction.

   Field	Value
   Visa	Visa
   Card Number	REMOVED
   Expiry Month	12
   Expiry Year	2024
   Security Code	123

Payment response notifications will be sent to the POST URL specified in the override_backoffice_ post_url field of your request.

They will reference the transaction_uuid.

Response schema

The response notifications will follow the schema given below:

To ensure the integrity of the response fields, a signature is included in the response. This signature is generated using the same secret_key value that was used to generate the request signature.