Electronic Payment with Transform and IUPayPlus

Last modified November 11, 2008

Introduction

This document describes using a special version of Transform called TransformIUPayPlus (i.e. transform w/IUPayPlus), that allows you to process web-based payment card (credit card) transactions. Using this application, users entering credit card information are immediately authorized/charged without the need to store any of the sensitive credit card information.

Prerequisites

This document assumes a general familiarity with Transform - it only describes the additional information required to enable web-based credit card processing. General information about using Transform can be found in the Web Forms with Transform 3.0: the Users' Guide

In order to use this version of Transform, you must make arrangements with the IU Office of the Treasurer. Please contact them directly for information about becoming a Web merchant.

Overview of credit card processing with TransformIUPayPlus

Normally when using Transform, you define a number of template sections (e.g. *define-variables*, *success-response*, *email-response*, etc) to control how your form information is processed. To enable credit card transactions with TransformIUPayPlus, there is an additional template section named *epayment-variables* that is used to describe various aspects of credit card processing. Among other things, the *epayment-variables* section describes:

Which of your form variables contains the total amount the user is to be charged.

The order type code set up by Treasury to identify your orders.

The name of the submit button that should send the user to a credit card entry form to complete the charging process.

Given this information, processing follows these steps:

The user completes your form that contains an appropriately defined "total amount" variable and an "order type" variable along with any other information you choose. The optional information that you could pass in are as follows: order name, order description, user choice 1-10, redirect url, redirect parameters, retries allowed.
When the user submits the form using the submit button you've defined as the "charge" button, a credit card entry form provided by the IUPayPlus system, is displayed. (Note: as a result, your own form will never have credit card entry fields.
The user enters their credit card information, the card verification code (CVC) that is at the back of the credit card if it is required, address information, and contact information, and then selects the "Continue" and "Confirm" buttons, initiating the online authorization/charging process. The form variable you specified as the "Total Amount" variable determines the amount the user is charged. This form is actually submitted to a special web server that is maintained by Nelnet Business Systems. This server communicates directly with the banking network to process the direct authorization/charging.
After credit card processing is complete, a page will be displayed to the user with the results returned by IUPayPlus. This operates exactly as it would using the standard version of Transform, except that a number of additional template variables will automatically be set that indicate the success or failure of the credit card transaction. If the "redirectURL" parameters are utilized, IUPayPlus will bypass the standard results page and send the results variables to the url specified in the .tpl file. IUPayPlus returns a unique code, called the Confirmation Number within QuikPay and Transaction ID within IUIE that uniquely identifies the transaction. This number is assigned by the application and can be used to communicate with the Treasurer's Office for research purposes or troubleshooting.

Installing TransformIUPayPlus (aka transformepcm.cgi)

TransformIUPayPlus is installed in much the same way as Transform. The one restriction is that TransformIUPay may only be used with our secure SSL Web server. See the document, Secure WWW Server for information. Essentially what this amounts to is that your form/template files must be in your wwws directory rather than your www directory, and thus all url references must use https: rather than http:.

To install TransformIUPayPlus, simply cd to your wwws directory and type /ip/tfeppf/src/cm/tfepcm_iupayplus_install (rather than the tf_install command used to install Transform). If you have no wwws directory you must create one at the same level as your www directory. This installation procedure causes the following to happen:

transformepcm.cgi, the TransformIUPayPlus application you reference in your form action statement is installed in the current directory. (Note, that like tf_install, you may execute and have transformepcm.cgi installed in as many subdirectories in your wwws directory as you like.)

Setting the Form "action =" to Point to TransformIUPayPlus

Like Transform, when using TransformIUPayPlus, you simply use "transformepcm.cgi" in your form action statement (if transformepcm.cgi is installed in the same directory as the form.) Just remember that if you use a full url to point to transformcm.cgi in an action statement, use https:, not http:. General information about setting the form action statement can be found in the standard Transform Users Guide.

The epayment-variables template section

The *epayment-variables* section is used to define variables that control various aspects of the charging process. Like other Transform commands, the commands described below must begin in the first column of the *epayment-variables* section. The commands and their functions are described below.

!epayment-mode

The !epayment-mode command is required and controls the mode of TransformIUPayPlus with respect to the IPASPF server. The allowed value is:

!epayment-mode = active

When set to "active", normal credit card processing is done, that is transactions are sent to the IUPayPLus system. This is the normal setting used when your application is in production.

!epayment-mode = simulate

When set to "simulate", your TransformEP application will connect to Nelnet's test IUPayPlus server. This is the normal setting when you are testing your application. Set !epayment-mode = active when you are ready to begin processing payments in production.

!payment-total-amount

The !payment-total-amount command is required and is used to "tell" TransformIUPayPlus which of your form variables will contain the total amount to be charged. The general form of this command is:

!payment-total-amount = [amount]

where in this case, the form variable "amount" would contain the total amount the user is to be charged. As is normal for Transform, the variable name is provided surrounded by square brackets.

Important note: TransformEP is very picky about the format of the amount. The amount must be of the form 0.00, that is dollars, a period and cents. Often users will not enter amounts in exactly this format. If you are not computing your own amounts (e.g. via Javascript), this can be a problem. An example below provides a couple of alternatives for testing your amount variable including some Javascript that may be used to check/convert user supplied amounts to the appropriate format.

!payment-button-name

The !payment-button-name command is required and is used to define the name of the submit button that when selected by the user, will cause the credit card entry form to be displayed (resulting in the display of the credit card entry form). The general form if this command is:

!payment-button-name = [pay]

where in this case, the form variable "pay" is the name of the submit button form variable.

Note: More often than not, submit buttons defined in html forms have no "name" attribute. That is most html form developers define submit buttons like so:

<input type = submit value = "Submit button label">

This type of submit button coding will not work with TransformIUPayPlus. In order to to set the !payment-button-name appropriately, you must also include a name = attribute when coding your html submit button. For example,

<input type = submit name = "pay" value = "Submit button label">

In this case, this submit button has a name attribute ("pay") as well as the value button label. It is the name attribute that must be provided to the !payment-button-name command.

Why must I supply a name for the submit button?

Transform/TransformIUPayPlus allows the development of applications that may use multiple forms and/or review-like functions. Thus, you may need the ability to have multiple submit buttons to control these various processes. In order to retain this flexibility and give absolute control over when the credit card input form is displayed, you must use !payment-button-name to specify which submit button initiates the charging process.

!payment-orderType

The !payment-orderType command is required and is used to pass in the order type set up by IU Treasury. For example

!payment-orderType = BL~TREA~test

Optional Payment Parameters that can be passed into IUPayPlus

The !payment-orderName command is optional and is used to pass in the name of the order or the name of the payer. For example

!payment-orderName = [name]

The !payment-orderDescription command is optional and is used to pass in the description of the order. For example

!payment-orderDescription = [description]

The !payment-userChoiceN command (where N represents the numbers 1-10) is optional and is used to pass in up to ten user choice fields. For example

!payment-userChoice1 = [choice1]

The !payment-redirectURL command is optional and is used to pass in the url that the payer's browser will be directed to after the payment is submitted. For example

!payment-redirectURL = [redirectURL]

The !payment-redirectURLParms command is optional and is used to pass in a comma delimited list of the parameters that will be passed in the redirectURL query string. For example

!payment-redirectURLParms = [redirectParms]

Please refer to Appendix A for the list of available redirect parameters.

The !payment-redirectURLRetries command is optional and is used to sets the number of retries you will allow the payer to attempt if the first payment attempt was not successful. For example

!payment-redirectURLRetries = 1

The !payment-email command is optional and is used to pass in the email address of the person making the payment. For example

!payment-email = [addr]

Examples of using TransformIUPayPlus

Below are a few actual examples of TransformIUPayPlus. These examples have been kept as simple as possible and are meant to demonstrate just those commands that are used to enable credit card transactions. By themselves, these examples are incomplete. For example, these examples provide no means of logging transactions that would obviously be important in a real setting. The assumption here is that the user is familar with standard Transform usage that would allow whatever additional functions are required.

A simple donation example

Below is a very simple (non-functional) form that might be used with TransformIUPayPlus

A Donation Form

Here's the source code for this form:

<h3>A Donation Form</h3>

<form  method = "POST" action =
"https://www.indiana.edu/~your_user_name/transformepcm.cgi">
<p>
Enter your name:<br>
<input name="name" size = 40>
<p>
<p>
Enter the amount you'd like to donate:<br>
<input name="amount" size=20 >
<p>
<input type="submit" name = charge
value="Go to the credit card entry form">
</form>

Note that the submit button has been assigned a name - in this case "charge".

Now examine a minimal electronic payment enabled TransformIUPayPlus template file that might be used to process this form. Bolded items are those that are specific to TransformIUPayPlus or non-typical and important to the charging process.

# Begin the *epayment-variables* section.
# Here we've set !epayment-mode to active.
# The !payment-total-amount variable is set to [amount],
# the name of the amount input field on our form.
# The !payment-button-name variable is set to [charge],
# the name of our submit button.
*epayment-variables*
!epayment-mode = active
!payment-orderType = BL~TREA~test
!payment-total-amount = [amount]
!payment-button-name = [charge]

# Begin the *define-variables* section.
# This is only used to set !force-error-if
*define-variables*

*success-response*

*error-response*
<html>
<head>
<title>There has been an error!</title></head>
<body>
<h3>The following error occurred:</h3><br>
[IPAS_error_message]<br>
<h3>The error code was:</h3> [IPAS_error_code]<br>
</body>
</html>

#####   end template file

You may try a live version of this form and template to see how it operates.

To summarize, the example above shows:

How the required *epayment-variables* are used to describe to TransformIUPayPlus the mode, the amount, and the charge button's name. Please note that *success-response* and *error-response* are required to satisfy the editing reqirements of TransformEP. These sections are non-functional with IUPayPlus and will be removed in the next release.

While the template above would work, its hardly a complete example. Let's examine some of the problems with this template and then the additional Transform commands that can be used to correct these problems. The following example makes extensive use of the conditional branching capabilities of Transform as well as !carry-forward to create hidden variables for a chained form. If you have not used these features, you should review the Advanced Use section of the Transform's Users Guide.

Problems with the template above:

What about required variables? Normally the *error-response* section is used to provide errors about required variables. In the example below, we'll show the same template file, with the *error-response*, to handle required variables.
As mentioned above, TransformEP is very particular about the format of the amount variable - it must be of the form 0.00. This is best dealt with in the form itself via Javascript and/or with a test in the template file. If not handled immediately, users will not see any amount error until they have gone to the credit card entry page and submitted this form. As a result, users would have to use the Back button twice to get back to your form to correct any error. The example below adds tests in the template file for the amount variable. A more general Javascript solution is shown later.
In the following example, bolded lines indicate new lines added in this example.

*epayment-variables*
!epayment-mode = active
!payment-orderType = BL~TREA~test
!payment-total-amount = [amount]
!payment-button-name = [charge]

*define-variables*
# Make both "name" and "amount" required variables.
[req-name]
[req-amount]


# Add a !force-error-if that tests to be sure the
# amount entered by the user is in the correct format.
# This regular expression test simply says: does the
# amount variable begin with one or more digits, 
# followed by a period and ends with two digits.
!force-error-if not [amount] =~ /^\d+\.\d\d$/


# Here's a silly *success-response*.
*success-response*

<h2>Thank you for your donation</h2>

Your name: [name]<br>
The amount your have been charged: <b>$[amount]</b><p>



# Here is a standard error response. 
# This *error-response* will be used
# if the user didn't complete all required variables
# or if the test on the amount variable fails.
# Note that required variables processing is done
# before the user is sent to the credit card entry
# form. 
*error-response*

<h2>Error - this is the first error-response</h2>

# Test the amount field and print an error message
# if it has an incorrect format.
!print-if not [amount] =~ /^\d+\.\d\d$/

The amount you entered: <b>[amount]</b>
has an incorrect format.<br>
The amount must include
dollars and cents (e.g. 10.00).<p>
!end-print-if

# This section tests for the presence of other required
# variables and prints a message if they are missing.
# Here only [name] is tested for - others could be added
# depending on your form.
!print-if not [name] 
The name field on the form is required.<p>
!end-print-if

Use the Back button on your browser to return to the form.
<p>


#####   end template file

You may try this form/template to see how it differs from the previous example. In trying this example, note what happens if 'name' is omitted or the amount is in the incorrect format.

Now for one final refinement - some Javascript that checks/corrects the amount field. This example uses exactly the same template file as the previous example. The only difference is the Javascript added to the form. You may try this form to see how this Javascripts checks and/or modifies the amount entered by the user. This is only one example of the way Javascript might be used to check the amount value. Depending on your application, you may want to use Javascript to compute a total amount.

Below are links to the source for the final form and template file:

The form source code containing the Javascript. Note the OnChange addition for the amount field and the OnSubmit in the form tag.

The template source code

Appendix A
Redirect URL Parameters

Attribute Name	Description
transactionType	1 - Credit Card Payment 2 - Credit Card Refund 3 - eCheck Payment
transactionStatus	If Transaction Type field value is 1 or 2 (credit card payment/refund): 1 - Accepted credit card payment/refund (successful) 2 - Rejected credit card payment/refund (declined) 3 - Error credit card payment/refund (error) 4 - Unknown credit card payment/refund (unknown) If Transaction Type field value is 3 (eCheck payment): 5 - Accepted eCheck payment (successful) 6 - Posted eCheck payment (successful) 7 - Returned eCheck payment (failed) 8 - NOC eCheck payment (successful)
transactionId	Unique identifier generated by QuikPAY at the time of the transaction, often referred to as Confirmation Number.
originalTransactionId	The original payment transaction id if the transaction is a credit card refund.
transactionTotalAmount	Actual transaction total amount, the sum of values of Order Amount and Order Fee fields.
transactionDate	Date when the transaction was captured by QuikPAY in YYYYMMDDHHMM format.
transactionAcountType	The type of account used to make the payment: e.g. "VISA", "DISCOVER", "CHECKING", "SAVINGS"
transactionEffectiveDate	Business day that the transaction belongs to in YYYYMMDDHHMM format. The hours and minutes, HHMM, will always be 0000 for the Transaction Effective Date.
transactionDescription	Description of the transaction.
transactionResultDate	Date that the transaction was processed in YYYYMMDDHHMM format. If Transaction Status field value is 7 or 8, this will be the date that QuikPAY was notified of the result by the NACHA network.
transactionResultEffectiveDate	Business day that the result of the transaction would be effective in YYYYMMDDHHMM format. The hours and minutes, HHMM, will always be 0000 for the Transaction Result Effective Date. If Transaction Status field value is 7 or 8, this will be the date that NACHA network generated the result.
transactionResultCode	if Transaction Status field value is 1 - credit card authorization code if Transaction Status field value is 2 - credit card rejection code if Transaction Status field value is 3 or 4 - credit card processing error code if Transaction Status field value is 5 or 6 - blank if Transaction Status field value is 7 - NACHA return code if Transaction Status field value is 8 - NACHA change code
transactionResultMessage	Detailed message describing the result of the transaction
orderNumber	The account being paid or the unique identifier of the order
orderType	Account Type being paid
orderName	Name of the order
orderDescription	Description of the order
orderAmount	The amount the user wished to pay originally
orderFee	Add-on fee if any, often referred to as convenience fee
orderAmountDue	The amount due on the order
orderDueDate	Due date of the order in YYYYMMDDHHMM format
orderBalance	The balance on the order
orderCurrentStatusBalance	The balance that is obtained from Current Account Status (if the client has this feature implented)
orderCurrentStatusAmountDue	The amount due that is obtained from Current Account Status (if the client has this feature implemented)
payerType	Type of the payer. Example: "university_campus_payer".
payerIdentifier	The unique identifier for the user within the institution. This is typically a student ID.
payerFullName	Full name of the payer. Example: "John Smith"
actualPayerType	Type of the actual payer. It may be the same as PayerType field. Other example: "university_campus_authorized".
actualPayerIdentifier	The unique identifier for the actual payer.
actualPayerFullName	Full name of the actual payer.
accountHolderName	The name on the checking or savings account for eCheck transaction or the name on the credit card for credit card.
streetOne	Street line 1
streetTwo	Street line 2
city	City
state	State
zip	Zip Code
country	Country
daytimePhone	Daytime phone number
eveningPhone	Evening phone number
email	email address that the user entered on the payment form
userChoice1	Optional field 1.
userChoice2	Optional field 2.
userChoice3	Optional field 3.
userChoice4	Optional field 4.
userChoice5	Optional field 5.
userChoice6	Optional field 6.
userChoice7	Optional field 7.
userChoice8	Optional field 8.
userChoice9	Optional field 9.
userChoice10	Optional field 10.