Preparation
As a Merchant, if you want to use SCI you will need to perform the following steps before you can start working with SCI on your web site:
You need to create SCI store entry in your EuroGoldCash account. The proper way to do it is to login to your EuroGoldCash account and select "Add New" in Merchant Tools menu. Your SCI will not work properly if you do not follow these steps.
Setup your store for proper work with EuroGoldCash SCI. You will need to specify the following:
Store name. This is the name of your store that SCI will use when transmitting payment request form.
Security word. This parameter is used by authentication system when SCI transfers data to Merchant's web site.
Success URL. This is the URL address where the Buyer will be redirected by SCI upon successful payment execution. Usually, this page will notify the Buyer that payment has been processed successfully. URL can contain query string parameters, e.g. "http://www.merchant.com/success.php?a=b".
You may omit this parameter and/or specify it in payment details form.
Success URL HTTP method. As a method of redirection to Merchant's success page, Merchant can use one of the following:
- POST — payment success form is redirected to Merchant's success page via HTTP POST request.
- GET — payment success form is redirected to Merchant's success page via HTTP GET request.
Please note, that this field is required if you use egc_success_url.
Fail URL. This is the URL address of a web page that the Buyer will be redirected to by SCI, when he cancels his payment or when his payment has failed. Usually, this page informs the Buyer that payment has not been completed or has been cancelled. URL can contain query string parameters, e.g. "http://www.merchant.com/fail.html?a=b".
You may omit this parameter and/or specify it in payment details form.
Fail URL HTTP method. As a method of redirect to Merchant's fail page, Merchant can use one of the following:
- POST — payment success form is redirected to Merchant's success page via HTTP POST request.
- GET — payment success form is redirected to Merchant's success page via HTTP GET request.
Please note, that this field is required if you use egc_fail_url.
Status URL. This is the web page address on Merchant's server, where SCI sends payment status form. This form is transmitted in the background while Buyer is on SCI web site. URL can contain query string parameters, e.g. "http://www.merchant.com/status.php?a=b".
This parameter is optional. You may, however, need to specify this parameter if you intend to process payment information further just like in Love Money and record it in the database.
This parameter can also be specified in payment details form.
Status URL HTTP method. As a method of data transmit, Merchant can use of the following:
- POST — payment success form is redirected to Merchant's success page via HTTP POST request.
- GET — payment success form is redirected to Merchant's success page via HTTP GET request.
Please note, that this field is required if you use egc_status_url.
Verification of SCI server's data
Merchant's web site receives data forms from SCI server. To verify data received in Success Form and Status Form, those forms include special hidden fields egc_transactionhash, that contain HASH strings concatenated from the form parameters. Verification via egc_transactionhash
egc_encrypted field contains HASH string concatenated from the following parameters:
- Merchant's account (egc_acc)
- Buyer's account (egc_acc_from)
- Merchant's store name (egc_store)
- Payment amount (egc_amnt)
- Payment currency (egc_currency)
- Transaction ID (egc_transaction)
- Store's security word
To verify data you will need to perform the following:
- By concatenating information you will receive a string that looks like: egc_acc:egc_acc_from:egc_store:egc_amnt:egc_currency:egc_transaction:secret word. You will need to use form data contained in hidden fields and security word to successfully complete this step.
- You then will need to HASH this string via SHA256
- Compare the received HASH string with the string contained in hidden field egc_transactionhash. Both strings should be identical. If they are not, you CAN NOT TRUST any information received from server
Let's study the example of creating the HASH string with the following data contained in hidden fields:
- egc_acc = E1234567
- egc_acc_from = E7654321
- egc_store = MyStore
- egc_amnt = 12.34
- egc_currency = 1
- egc_transaction = 194530079
For this example, we will use the following security word: MySecWord123.
Concatenation of data: E1234567:E7654321:MyStore:12.34:1:194530079:MySecWord123
HASH SHA256 from compiled data:
2B194E58447FF1283762E2A90BA2C3A7FE4CE2F90D431AF05E44CF1D8014A8C7
Fields Description
| HTML form field |
Format |
Description |
| egc_acc |
Text string in a form of xnnnnnnn up to 8 characters in length, where nnnnnnn is an account number, and x is an account type |
Merchant's account number |
| egc_acc_from |
Text string in a form of xnnnnnnn up to 8 characters in length, where nnnnnnn is an account number, and x is an account type |
Buyer's account number. This field is optional, but if it exists the Buyer will not be able to make a payment from any other account. |
| egc_store |
Text field, up to 50 characters in length (varchar(50)) |
Name of the Merchant's store. |
| egc_amnt |
Fraction with up to 4 digits in denominator, comma (.) as a separator (.) |
Amount to be transferred to Merchant's account. This field is optional, but if it exists the Buyer will not be able to change payment amount. |
| egc_currency |
Currency. number one of the following:
1 for USD
2 for EUR
3 for GG
4 for GBP
|
Currency type preferred. This field is optional. |
| egc_comments |
String of text, up to 200 characters long varchar(200) |
Memo that Merchant may want to include along with payment. This field is optional. If this field is specified Buyer can not edit any information in it, but can add his own comments. |
| egc_success_url |
String of text |
URL address of payment successful page at the Merchant's web site.
This field is not required. Also it can be specified in SCI store settings in your account.
|
| egc_success_url_method |
Success URL redirect HTTP method.
Specified via one of the following:
1 for GET
2 for POST
|
Payment successful page redirect HTTP method.
This field is not required. It can be specified in SCI store settings in your account.
|
| egc_fail_url |
String of text |
URL address of payment failed page at the Merchant's web site.
This field is not required. Also it can be specified in SCI store settings in your account.
|
| egc_fail_url_method |
Fail URL redirect HTTP method.
Specified via one of the following:
1 for GET
2 for POST
|
Payment failed page redirect HTTP method.
This field is not required. It can be specified in SCI store settings in your account.
|
| egc_status_url |
String of text |
URL address of payment status page at the Merchant's web site.
This field is not required. Also it can be specified in SCI store settings in your account.
|
| egc_transaction |
String of text, 9 chars |
Number of the commited transaction (batch number). You may use this number to check it in history. |
| egc_timestamp |
time and date |
|
| Baggage fields |
Up to 12 text strings, with 60 characters in length each |
Baggage fields are set by the Merchant. These fields are not processed by SCI, but are included in all payment forms that SCI sends to the Merchant's web site. Baggage fields allow Merchant to attach more information to the transfer. Invoice number, product code, Buyer's account at Merchant's web site are all good examples of information that may be specified in additional fields. Only first 60 characters of each field will be displayed. Every baggage field's name must start from "bf_" to separate it from environmental fields.
|
Example
We will use the following parameters and settings for the examples listed below:
SCI mode set to advanced mode
Merchant's web site address - www.merchant.com
Merchant's EuroGoldCash account number E1234567
Merchant has created a store called "MyStore" in his EuroGoldCash SCI settings, with the following settings:
Security Word - MySecWord123
Success URL of Merchant's web site - www.merchant.com/success.html
Fail URL of Merchant's web site - www.merchant.com/fail.html
https://sci.eurogoldcash.com?egc_acc=E1234567&egc_store=MyStore&egc_amnt=12&egc_currency=1&egc_success_url=http://www.merchant.com/success.html&egc_success_url_method=1&egc_fail_url=http://www.merchant.com/fail.html&egc_fail_url_method=1
All these fields may be also transferred using POST, the code will be following:
<form method="GET" action="https://sci.eurogoldcash.com">
<input type="hidden" name="egc_acc" value="E1234567">
<input type="hidden" name="egc_store" value="MyStore">
<input type="hidden" name="egc_amnt" value="12">
<input type="hidden" name="egc_currency" value="1">
<input type="hidden" name="egc_success_url" value="http://www.merchant.com/success.html">
<input type="hidden" name="egc_success_url_method" value="1">
<input type="hidden" name="egc_fail_url" value="http://www.merchant.com/fail.html">
<input type="hidden" name="egc_fail_url_method" value="1">
<input type="hidden" name="bf_tracking_info" value="1234567890">
<input type="hidden" name="bf_merchants_data" value="qwertyui">
</form>
Success Response
When you successfully completed transaction you will be redirected to page you mentioned in a query or in SCI settings. Priority is given to what is specified in query, paired with the transfer method.
Along with the redirection to this page, next fields will be transmitted to it (by selected transmission method) : egc_acc, egc_amnt, egc_fee, egc_currency, egc_store, egc_transaction, egc_timestamp. You may use this data to check transactions and inform the user.
Fail Response
Fail response is simiar to Success Response but does not have egc_transaction field.
In order to ensure correct work of SCI please make sure cookies are enabled in your browser.