Introduction
Integrating a secure and reliable payment gateway is essential for e-commerce businesses. Lloyds Bank's Cardnet® Hosted Payment Page solution, Connect, offers a secure way to process transactions. Customers are redirected to a Lloyds-hosted page to complete their transactions and then return to your website. Here’s how you can set it up, integrate it with PHP, and make it a seamless experience for your users.
Features of Lloyds Cardnet Hosted Payment Page
The Hosted Payment Page provided by Lloyds Cardnet has several benefits:
Customization: Personalize the payment page with your business logo and colors.
PCI DSS Compliance: Cardnet handles PCI DSS and 3D Secure compliance.
Real-time Reporting: Access customer analytics 24/7 through Cardnet’s reporting dashboard.
Proverbs 11:1
Setting Up Your Hosted Payment Page
Before diving into the code, it's essential to set up your merchant account with Lloyds Cardnet. Here are the main points to remember:
Merchant Account Creation: Businesses must set up a merchant acquiring an account with Cardnet. This process can take 7-10 working days.
Integration Timeline: Connecting the hosted payment page to a website generally takes 2-4 weeks, depending on the site's complexity.
Funding Time: Funds are typically transferred in 3-5 working days, with a faster 2-day option available for a fee.
Integration Code Walkthrough
In this guide, we'll walk through the PHP code that integrates Lloyds' Hosted Payment Page with your website, ensuring a smooth and secure checkout experience for your customers.
Step 1: Setting Up Basic Configuration
Begin by configuring the essential fields based on your account details and requirements. The following PHP code defines transaction properties such as Store ID, timezone, transaction type, and more.
$storeId = "store_id"; // Unique identifier for your store
$timezone = "Europe/London"; // Timezone setting
$txntype = "sale"; // Transaction type (e.g., sale)
$chargetotal = "13.00"; // Amount to charge
$currency = "826"; // ISO 4217 currency code (826 for GBP)
$txndatetime = gmdate("Y:m:d-H:i:s"); // Transaction datetime in UTC
$responseSuccessURL = "https://example.com/success.php"; // Success redirect URL
$responseFailURL = "https://example.com/failure.php"; // Failure redirect URL
$checkoutoption = "combinedpage"; // Checkout option
$hash_algorithm = "HMACSHA256"; // Hashing algorithm for secure transactions
Note:This setup ensures that your transaction is configured according to Lloyds' requirements.
Step 2: Creating the Concatenated String
Next, create a concatenated string from these values. This string will be hashed to maintain security. Here’s how it’s built:
// Concatenate the required fields to create a single string for hashing
$stringToHash = $chargetotal . "|" . $checkoutoption . "|" . $currency . "|" .
$hash_algorithm . "|" . $responseFailURL . "|" . $responseSuccessURL . "|" .
$storeId . "|" . $timezone . "|" . $txndatetime . "|" . $txntype;
echo "Concatenated String: " . $stringToHash . "<br>";
Note:The concatenated string is critical for creating a hash that will verify the transaction's integrity.
Step 3: Generating the Hash
To ensure the transaction’s security, use the hash_hmac() function with the SHA-256 algorithm. This generates a hashed version of the concatenated string using your shared secret, which is essential for secure transactions.
// Secret key for hashing (from your secure configuration)
$sharedSecret = "shared_secret";
// Generate the hash using SHA-256 algorithm and encode it in base64
$hash = hash_hmac('sha256', $stringToHash, $sharedSecret, true);
$hashOutput = base64_encode($hash);
echo "Generated Hash: " . $hashOutput . "<br>";
Note:This hash will be sent along with your form data to verify that the transaction details haven't been tampered with.
Step 4: Building the HTML Form
Now, create the HTML form that will send this data to Lloyds' payment gateway. This form includes the hashed value (hashExtended) and other transaction details. When the user submits the form, they’ll be directed to the Lloyds-hosted payment page.
<form method="post" action="https://test.ipg-online.com/connect/gateway/processing">
<p><label for="storename">Store ID:</label>
<input type="text" name="storename" value="<?php echo $storeId; ?>" /></p>
<p><label for="timezone">Timezone:</label>
<input type="text" name="timezone" value="<?php echo $timezone; ?>" /></p>
<p><label for="txntype">Transaction Type:</label>
<input type="text" name="txntype" value="<?php echo $txntype; ?>" /></p>
<p><label for="chargetotal">Transaction Amount:</label>
<input type="text" name="chargetotal" value="<?php echo $chargetotal; ?>" /></p>
<p><label for="currency">Currency (ISO4217):</label>
<input type="text" name="currency" value="<?php echo $currency; ?>" /></p>
<p><label for="txndatetime">Transaction DateTime:</label>
<input type="text" name="txndatetime" value="<?php echo $txndatetime; ?>" /></p>
<p><label for="responseSuccessURL">Response Success URL:</label>
<input type="text" name="responseSuccessURL" value="<?php echo $responseSuccessURL; ?>" /></p>
<p><label for="responseFailURL">Response Fail URL:</label>
<input type="text" name="responseFailURL" value="<?php echo $responseFailURL; ?>" /></p>
<p><label for="hashExtended">Hash Extended:</label>
<input type="text" name="hashExtended" value="<?php echo $hashOutput; ?>" readonly="readonly" /></p>
<p><label for="hash_algorithm">Hash Algorithm:</label>
<input type="text" name="hash_algorithm" value="<?php echo $hash_algorithm; ?>" readonly="readonly" /></p>
<p><label for="checkoutoption">Checkout Option:</label>
<input type="text" name="checkoutoption" value="<?php echo $checkoutoption; ?>" /></p>
<input type="submit" value="Submit">
</form>
Note:This form is automatically populated with PHP values, ensuring each transaction's details are securely embedded.
Happy coding, and cheers to a successful integration!
Github Link for code
Top comments (0)