Knowledge Base

Get help for payment solutions. Search our articles or browse by category below.

4.1 Hosted Payment Page

The Hosted Payment Page (fig. 1) is built to allow merchants to easily integrate with the Worldnet system for processing one-off payments.

Using this system, the cardholders are redirected to the Worldnet payment page once they have made the decision to buy. All payment details are collected by Worldnet to be sent to the bank server once the submit button is pressed. The payment is then processed by Worldnet and the cardholder is redirected to the merchant's receipt page. Worldnet will also handle 3D Secure and eDCC offerings if they are appropriate and configured for that Terminal ID.

The above is accomplished by means of a simple HTML form post with a number of defined form fields (below). The following is the Worldnet test payment page URL:

The live URL will be provided once merchant testing is completed.

The following table describes the form fields to be posted:


Field Name Required Description
TERMINALID Y A TERMINALID provided by Worldnet
ORDERID Y A unique identifier for the order created by the merchant. (Max 24 Characters)
CURRENCY Y A 3 character currency code of the transaction. ISO 4217 Currency Code.
AMOUNT Y The amount of the transaction as a 2 digit decimal or an integer value for JPY amounts.
HASH Y An MD5 HASH. See note 1 below.
CARDHOLDERNAME N This will pre-populate the Cardholder Name field on the payment page. This will be editable on the payment page. It should be as displayed on the front of the card.
AUTOREADY N Y or N. Automatically set the transaction to Ready in the batch. If not present, the terminal default will be used.
DESCRIPTION N A description of the transaction
EMAIL N An email address to send a confirmation email to. Normally this is cardholder email address.
RECEIPTPAGEURL N This is the URL of the page on your site that will display the result of the transaction. If sent this will override the terminal setting in the Self Care.
VALIDATIONURL N This will overwrite the default Background validation URL and will display an error if this feature is not enabled and sent. Highly recommended.See section 4.4
TERMINALTYPE N 1 or 2 (default). Defines whether the transaction is to be processed as Mail Order/Telephone Order (1) or eCommerce (2 or not sent). Mail Order transactions can have a separate payment Page Layout.
TRANSACTIONTYPE N 4 = Normal Mail order/Telephone Oder trans (Mail Order for first Data Latvia), 5 = 3DS fully authenticated trans, 6 = 3DS attempted trans, 7 = Normal eCommerce trans, 9 = telephone Order (First Data Latvia only)
ADDRESS1 N Will pre-populate the ADDRESS1 field on the Hosted Payment Page if there is also a valid POSTCODE sent and AVS is enabled for the terminal. Handling of display is managed by Worldnet and can be to display read only, display editable or to hide them on form.
ADDRESS2 N The same handling as ADDRESS1.
POSTCODE N If sent then AVS data will be populated. Also required for MaxMind MinFraud fraud scoring. See section 4.2.
CITY N Required for MaxMind MinFraud fraud scoring. See section 4.2.
REGION N Required for MaxMin MinFraud fraud scoring. See MaxMin definition of this field as it is forwarded to them without modification. See section 4.2.
COUNTRY N ISO 3166-1-alpha-2 code. required for MaxMin MinFraud fraud scoring. See section 4.2.
PHONE N Customer phone number, to be stored against transaction. International format and numeric.
PAYMENTTYPE N Set to “CUP_SECUREPAY” in order to forward directly to China Union Pay.
AnyOtherCustomField N Any other fields sent in the request will be treated as a custom field (see section 3.4). It will be returned to the Receipt and Validation URLs also. Note that this is subject to the max length of a HTTP GET request which we would conservatively recommend considering to be 2000 characters.


1. The MD5 HASH is generated using the following as an input string:


For multi-currency Terminal IDs (see section 3.3 above) this should be:


The following HTML shows the minimum required to initiate a transaction.

		<form action="" method="post">
			<input type="hidden" name="TERMINALID" value="6491002" />
			<input type="hidden" name="ORDERID" value="3281" />
			<input type="hidden" name="CURRENCY" value="EUR" />
			<input type="hidden" name="AMOUNT" value="10.00" />
			<input type="hidden" name="DATETIME" value="15-3-2006:10:43:01:673" />
			<input type="hidden" name="HASH" value="dd77fde79d1039d6b39e20d748211530" />
			<input type="submit" value="Pay Now" />

The URL where WorldNet will send transaction processing results is set on the Terminal Setup screen (Receipt Page URL field). The following fields are returned in the response:


Field Name Description
ORDERID The original order ID of the transaction.
APPROVALCODE Six digit AuthCode.
RESPONSECODE “A” (APPROVED/ AUTHORIZED/ ACCEPTED, respectively), “E” (ACCEPTED for later processing, but result currently unknown - specifically for China Union Pay), “D” (DECLINED), “R” (REFERRED, also considered as PICKUP)\\“C” (PICKUP, also known as Referral A or Referral B), and for more details, look at Transaction Responses.
RESPONSETEXT The text of the authorization.
DATETIME The time of the transaction created by the bank. Format: YYYY-MM-DDTHH:MM:SS
AVSRESPONSE The result of the AVS check. See Appendix A for more information.
CVVRESPONSE The result of the CVV check. See Appendix A for more information.
UNIQUEREF Generated reference that should be stored for tracking and remote XML refunding.
EMAIL If sent we will return this value.
PHONE If sent we will return this value.
COUNTRY If sent we will return this value.
CARDNUMBER The card number (obfuscated) that was used for the transaction.
HASH An MD5 HASH. See Note 1 below.
FRAUDREVIEWSCORE Number between -100 (highest risk) and +100 (lowest risk). See Note 2 below.
FRAUDREVIEWREASONCODE Empty String, or a list of comma separated reasons of why this transaction is a risk. See Note 2 below.
Any other field Any other fields sent in the request will also be included in the response sent to the Receipt Page URL.


1. The MD5 HASH is generated using the following as an input string:


Many code examples on how to generate an MD5 HASH can be found on the Internet. For assistance, Please contact Worldnet.

2. This field is associate with the feature “Threat Metrix”, and to be used must be enabled for your Gateway. Also, the Terminal used for processing the request needs to be enabled for ThreatMetrix feature so your response contains these fields.

3. If a transaction is returned with “FRAUDREVIEWSTATUS” as “REVIEW”, this transaction can be changed - manually (using the new report feature) or the using the transaction update XML gateway service - to “APPROVE” or “REJECT”.

4. Transactions returned with “FRAUDREVIEWSTATUS” as “REVIEW” are not going to be settled until the transaction status is changed (as defined on Note 3). See Transaction Status Updates page for more details on how to use the transaction update XML gateway service to change the transaction returned as “REVIEW” to “REJECT” or “APPROVE”.

Copyright © 2018 Worldnet Knowledge Base | Powered by DokuWiki
developer/integrator_guide/4._payment_page_and_pre-auths/4.1._hosted_payment_page.txt · Last modified: 2018/02/22 17:47 by tleite