Good afternoon everyone,
I am working on a project which is using HotCakes and PayZen by OSB. For the project I will be utilizing a redirect functionality similar to the way Paypal can operate. When the user checkouts they will be redirected to the payment gatway’s url and will enter their credit card information there. Upon successful authorization they will be redirected back to the client’s webpage which displays the success message and all of the other related details regarding their order.
The scenario is as follows:
1. On checkout create a form that contains information needed by the payment gateway ( here is an example).
2. When then user submits the payment by clicking on the “Pay” button alphabetize the inputs and concatenate their values with a “+” character and then add your store’s key value to the end of this concatenated string.
3. Create a signature field which holds a hash function that is used to verify the contents of the form. This is done by [b]HMAC-SHA-256[/b]ing the concatenated string previously generated
4. Client shopper is redirected to payment gateway and completes their payment. Finally, client shopper is redirected back to the original website displaying the success message etc
I download a HotCakes project template (found here:
https://hotcakescommerce....ing-Custom-Viewsets) and have built out and applied a custom view set to a test server. Looking at the index.cshtml in the CheckOut folder I notice a @using (Html.BeginHccForm()) block which creates the form.
Does the following seem like a reasonable action plan to process the payment?:
- Leave all of those fields unchanged except for the one’s relating to the credit card.
- Add my own hidden field to hold the signature.
- Pass in the action url to the BeginHccForm() method ( I’ll figure out the details during implementation because I think it accepts a HtmlHelper and an object containing “htmlAttributes”)
- Calculate hash and update signature field in form on the click of the submit button
- Redirect the user to the payment gateway site to finish transaction
I wanted to ensure that I did not head down a dead-end during implementation so I reached out to the board. As a side note, I also peaked at some of the views/code that handles the PayPal express payments but thought I’d try my plan written above first unless someone thinks otherwise.
Any suggestions, links, or criticism regarding my loose plan would be greatly appreciated. If you need any more details let me know and I’ll provide them.
Thanks,
Rashid