•  Rashid
  • 51% (Neutral)
  • Newbie Topic Starter
Good afternoon everyone,

I am working on a project which is using HotCakes and PayZen by OSB. For the project I will be utilizing a redirect functionality similar to the way Paypal can operate. When the user checkouts they will be redirected to the payment gatway’s url and will enter their credit card information there. Upon successful authorization they will be redirected back to the client’s webpage which displays the success message and all of the other related details regarding their order.

The scenario is as follows:

1. On checkout create a form that contains information needed by the payment gateway ( here is an example).
<form method="POST" action="https://secure.osb.pf/vads-payment/">
<input type="hidden" name="vads_action_mode" value="INTERACTIVE" />
<input type="hidden" name="vads_amount" value="5124" />
<input type="hidden" name="vads_ctx_mode" value="TEST" />
<input type="hidden" name="vads_currency" value="953" />
<input type="hidden" name="vads_page_action" value="PAYMENT" />
<input type="hidden" name="vads_payment_config" value="SINGLE" />
<input type="hidden" name="vads_site_id" value="12345678" />
<input type="hidden" name="vads_trans_date" value="20170129130025" />
<input type="hidden" name="vads_trans_id" value="123456" />
<input type="hidden" name="vads_version" value="V2" />
<input type="hidden" name="signature" value="vSlCWjJwN8TpobRyuyKhwAlKEhlThtICZiI/rmpPK4U= " />
<input type="submit" name="pay" value="Pay"/>

2. When then user submits the payment by clicking on the “Pay” button alphabetize the inputs and concatenate their values with a “+” character and then add your store’s key value to the end of this concatenated string.

3. Create a signature field which holds a hash function that is used to verify the contents of the form. This is done by HMAC-SHA-256ing the concatenated string previously generated

4. Client shopper is redirected to payment gateway and completes their payment. Finally, client shopper is redirected back to the original website displaying the success message etc

https://hotcakescommerce...Creating-Custom-Viewsets ) and have built out and applied a custom view set to a test server. Looking at the index.cshtml in the CheckOut folder I notice a @using (Html.BeginHccForm()) block which creates the form.

Does the following seem like a reasonable action plan to process the payment?:
- Leave all of those fields unchanged except for the one’s relating to the credit card.
- Add my own hidden field to hold the signature.
- Pass in the action url to the BeginHccForm() method ( I’ll figure out the details during implementation because I think it accepts a HtmlHelper and an object containing “htmlAttributes”)
- Calculate hash and update signature field in form on the click of the submit button
- Redirect the user to the payment gateway site to finish transaction

I wanted to ensure that I did not head down a dead-end during implementation so I reached out to the board. As a side note, I also peaked at some of the views/code that handles the PayPal express payments but thought I’d try my plan written above first unless someone thinks otherwise.

Any suggestions, links, or criticism regarding my loose plan would be greatly appreciated. If you need any more details let me know and I’ll provide them.


Will Strohl
Will Strohl, Upendo Ventures
Hotcakes Cloud  | Get Support  | Code Support 
Official Cloud & Support provider for Hotcakes
  • Sign-up for the Hotcakes Community Newsletter: