Hosted Payment Page

You’re just a few steps away from integrating our Hosted Payment Page (HPP), offering your customers an intuitive checkout experience and a choice of payment methods.

Why will you love this solution?

Secure

Let us worry about PCI DSS SAQ A (that’s Payment Card Industry Data Security Standard Self-Assessment Questionnaire A, in case you wondered). You get the shoppers, we got your security.

Dynamic

There’s no need to reinvent the design wheel. Our dynamic templates adapt to your display requirements for device and screen size.

Personal

Make your Acquired HPP as handsome as the rest of your site. Upload HTML, CSS, JavaScript, image, and font files to our secure environment and watch magic happen.

Let's get started.

Configuration

TYour unique HPP gets created in the Merchant section of the Acquired portal. To build or upload an HPP for a specific merchant ID (MID), go to Merchant > Company & MID > Create. Not sure if you’re in the right place? Take a look at the screenshot below:

Acquired Merchants List

It’s that easy. Now it’s time to customise your payment page. We’ve added a default template to the dashboard to get you started. Download and if you need some help, take a look here.

Endpoints

Access the API for your HPP using these endpoints:

Security

This is where we tell you about the security checks in place to ensure that transactions submitted to Acquired by our merchants can be confirmed as genuine requests.

Verified Referring URL

Merchants redirect their customers to their HPP using a referring URL. We only accept requests from referring URLs whitelisted within the portal, so make sure you go to Merchant > Company & MID > HPP > Edit and let us know you’re legit.

Don't forget you must have at least one referring URL confirmed for the production environment. Referring URLs must always begin with https://.

Encrypted Tokens

We use encrypted tokens to assess the integrity of each merchant’s transaction data. If data does not pass our integrity check because the token is missing or mismatches the transaction data, we decline the transaction request. Merchant sites must submit a unique token to our API with every transaction request. Follow these steps to start generating your encrypted tokens:

  1. Sort transaction parameters - excluding your company key - alphabetically and then concatenate. Here is an example:

    amount . company_id . company_mid_id . currency_code_iso3 . merchant_order_id . transaction_type
    //100.001331025GBP20170619111AUTH_CAPTURE
    

    Take a look at Request Parameters, we’ve listed all the parameters to include with each transaction request.

  2. SHA256 encrypt the resulting string:

    0722b76a63d0b7adde39b13119e4dfd5aa7bd0d91885d55597af334a055c4cd0
    
  3. 3. Append your company key to the string generated in step two, and SHA256 encrypt again

    0722b76a63d0b7adde39b13119e4dfd5aa7bd0d91885d55597af334a055c4cd0hashcode
    
    934149504e39101f5cfad6ec3e971978890a057373ac3237e0dd150dd491d3d3
    

    Please contact support@acquired.com to receive the company hash value.


Here is a sample of code to generate an encrypted token [IN LANGUAGE]:

{
"timestamp" : "20170612200234",
"company_id" : "133",
"company_pass" : " password ",
"company_mid_id" : " ",
"vt" : " ",
"useragent" : " ",
"request_hash" : "f0a18260b08a0bfacb.....",
" transaction " : {
  "merchant_order_id" : "20170612200234",
  "transaction_type" : "AUTH_ONLY",
  "subscription_type" : " ",
  "amount" : "100 ",
  "currency_code_iso3" : "GBP",
  "merchant_customer_id" : "100000087",
  "merchant_custom_1" : "C1",
  "merchant_custom_2" : " C2 ",
  "merchant_custom_3" : "C3" 
  }
}
XML Code goes here...
<?php
$amount = "100.00"; 
$company_id = "133";
$company_mid_id = "1025";
$currency_code_iso3 = "GBP"
$merchant_order_id = "20160907_111"; 
$transaction_type = "AUTH_ONLY";
$company_hash = "hashcode";

$tmp = $amount . $company_id . $company_mid_id . $currency_code_iso3 . $merchant_order_id . $transaction_type . ""; 

//$tmp = 100.001331025GBP20160907_111AUTH_ONLY;

$tmp2 = hash ("256" , $tmp);

//$tmp2 = b9646f814518a42e74f0a5cc2438881ec4dfc7f6f7ce39471e13a5a1c262c262;

$tmp3 = $tmp2 . $mid_hash . "";

//$tmp3 = b9646f814518a42e74f0a5cc2438881ec4dfc7f6f7ce39471e13a5a1c262c262hashcode;

$hash = hash ("256" , $tmp3);

$hash = "6da23f6be1a2ea1d2a7687c6a84d0d7e3213c56915f9768bc5f74d5e6f968775";

?>

END OF COPY - Request

A form with hidden html fields containing the customer order data must be integrated into the merchants referral page, i.e. the final page on the merchant's website prior to redirecting the customer to the Acquired environment. This order data is then submitted via a POST to Acquired, the payment page is then loaded and the customer will be prompted to enter their sensitive cardholder data. Please see the example below:

Request Parameters

Although there are limited mandatory fields required in order to process a HPP transaction, we recommend supplying additional information as part of the request in order to fulfil additional security checks such as AVS (where available).

Parameter Format Length Description
company_id
Required
int 1-4 API Company ID issued by Acquired to the merchant.
company_mid_id
Required
int 1-11 API MID ID issued by Acquired to the merchant.
hash
Required
string 65 Security hash value. Please see here.
vt boolean 1 Additional parameter to flag a transaction as MOTO. Should be included if process payments over the phone or via an IVR solution.
merchant_order_id
Required
string 1-50 The unique ID used by the merchant to identify the transaction.
transaction_type
Required
string 1-20 The transaction type being performed.
currency_code_iso3
Required
string 3 The ISO 4217 3-digit currency code of the currency used in the transaction.
amount
Required
int 1-11 The amount of the transaction.
is_tds
3D-Secure
boolean 1 Flag to enable 3-D Secure authentication check.
merchant_customer_id string 0-50 The unique customer ID used by the merchant to identify the customer.
merchant_custom_1 string 0-50 Merchant custom data.

For merchants categorised as MCC 6012, the customer_lname, customer_dob and billing_zipcode parameters must be submitted in the request to comply with Scheme Mandates. If you are unsure of your MCC classification please contact support@acquired.com.