Knowledge Base

Get help for payment solutions. Search our articles or browse by category below.

5.1.1 XML Payments

The following is a simple example of a payment via an XML POST:

<?xml version="1.0" encoding="UTF-8"?>

For testing, this XML is posted to:

A response for this transaction would be:

<?xml version="1.0" encoding="UTF-8"?>

Payment request fields description:


Field Name Required Description
ORDERID Y A unique identifier for the order created by the merchant. (Max 12 Characters).
TERMINALID Y A Terminal ID provided by Worldnet . NB-Please contact Worldnet to be issued with a test terminal ID.
AMOUNT Y The amount of the transaction as a 2 digit decimal or an Integer value for JPY amounts.
TRACKDATA N Track 2 data should be present for a swiped cardholder present (CHP) transaction. If this is present then TERMINALTYPE should be set to 3 and TRANSACTIONTYPE should be set to 0.
CARDNUMBER N The payment card number, required if TRACKDATA is not being sent.
CARDTYPE Y See section 3.2 above.
CARDEXPIRY N 4 digit expiry field (MMYY), required if TRACKDATA is not being sent and not using a SecureCard.
CARDHOLDERNAME N The name of the card holder, required if TRACKDATA is not being sent and not using a SecureCard. It should be as displayed on the front of the card.
HASH Y An MD5 HASH. See Note 1 below.
CURRENCY Y A 3 character currency code of the transaction. ISO 4217 Currency Code.
FOREIGNCURRENCY INFORMATION N Tag contains Dynamic Currency Conversion information. It has to be present in the eDCC enabled transactions. See XML Payments with eDCC.
TERMINALTYPE Y The type of terminal:
1 - MOTO (Mail Order/Telephone Order)
2 - eCommerce
3 - Cardholder Present.
0 - Cardholder Present (CHP) transaction
4 - MOTO (Mail Order/Telephone Order)
7 - eCommerce
Recurring Payment Flagging:
2 - Specify that this transaction is recurring. This must be accompanied by the RECURRINGTXNREF field or have special permission granted by the Gateway. Not all processors support this transaction type and consultation with the integration team should be carried out prior to configuring recurring payment flagging.
For First Data Latvia terminal MOTO transactions:
4 - Telephone Order
9 - Mail Order
If sending XID & CAVV from non Worldnet MPI on an eCommerce transaction use:
0 - not applicable
1 - Single transaction
2 - Recurring transaction
3 - Installment payment
4 - Unknown classification
5 - Fully authenticated transaction 3D Secure transaction
6 - The merchant attempted to authenticate the cardholder, but the cardholder cannot or does not participate in 3D Secure.
7 - Transaction when payment data was transmitted using SSL encryption, or Channel Encrypted
8 - Transaction in the clear, or Non Secure
AUTOREADY N Y or N - If this is set to Y Worldnet will automatically set the transaction to READY in the batch. If set to N then the transaction will go to a PENDING status. If not present the terminal default will be used.
EMAIL N Cardholders e-mail address. If populated the cardholder will be sent an email receipt. This can be overridden by Self Care Terminal Setup settings “Disable Cardholder Receipt”.
CVV N The security code entered by the card holder.
ISSUENO N The issue no. of the card (Solo).
ADDRESS1 N The first address field for AVS.
ADDRESS2 N The second address field for AVS.
POSTCODE N The postcode (required) for AVS. Also required for MaxMind MinFraud fraud scoring.
DESCRIPTION N A description of the transaction.
XID N The XID for a 3D Secure transaction.
CAVV N The CAVV for a 3D Secure transaction.
MPIREF N 3d-Secure Worldnet Transaction Reference supplied in Worldnet MPI transactions.
MOBILENUMBER N Used for SMS receipts. International format, numeric only.
DEVICEID N The unique identifier string for a connecting device. Mandatory for non-server based devices such as handheld devices/cash register etc.
PHONE N Card Holder Phone Number stored against transaction. International format, numeric only.
CITY N Required for MaxMind MinFraud fraud scoring.
REGION N Required for MaxMind MinFraud fraud scoring. See MaxMind definition of this field as it is forwarded to them without modification.
COUNTRY N ISO 3166-1-alpha-2 code. Required for MaxMind MinFraud fraud scoring.
IPADDRESS N Recommended inclusion. Useful for tracking customers. Functionality will expand in the future. Required for MaxMind MinFraud fraud scoring.
SIGNATURE N Optional field if processing Cardholder Present (CHP) transactions using the TRACKDATA field. For format see Appendix B.
CUSTOMFIELD N Should also use the “NAME” XML attribute to assign the name of the custom field. See section 3.4 for more info.
RECURRINGTXNREF N Should be set to the value of a UNIQREREF returned in a Payment response for a matching card. TRANSACTIONTYPE should be set to 2.

The following fields are returned in the response:


Field Name Description
UNIQUEREF Generated reference that should be stored for tracking and remote XML refunding.
RESPONSECODE A or D or R (Approved or Declined or Referral).
RESPONSETEXT The text of the authorization.
APPROVALCODE Six digit AuthCode.
BANKRESPONSECODE Only sent on TSYS terminals. The TSYS response code returned in the authorisation response.
AUTHORIZEDAMOUNT Only sent for specific acquirers. Partial amount authorised for some transactions.
DATETIME The time of the transaction created by the bank. Format: YYYY-MM-DDTHH:MM:SS. Note that this is intentionally in a different format to the request timestamp to highlight the fact that it is a different time.
AVSRESPONSE The result of the AVS check. See Appendix A for more information.
CVVRESPONSE The result of the CVV check. See Appendix A for more information.
PROCESSINGTERMINAL If the transaction was performed on a “routing terminal” then this is populated with processing terminal ID that the system selected to process the transaction.
HASH An MD5 HASH. See Note 2 below.


1. The MD5 HASH is generated using the following as an input string:


For multi-currency Terminal IDs (see section 3.3 above) this should be:


2. The MD5 HASH is generated using the following as an input string:


For multi-currency Terminal IDs (see section 3.3 above) this should be:


The DATETIME is the time returned by the bank for the transaction.

Many code examples on how to generate an MD5 HASH can be found in the Internet. For assistance, please contact Worldnet.

Error handling

If there is an error processing the transaction, the error string is returned in an XML message with the simple tags:

Copyright © 2017 Worldnet Knowledge Base | Powered by DokuWiki
developer/integrator_guide/5._xml_integration/5.1._request_types/5.1.1._xml_payments.txt · Last modified: 2016/07/26 13:04 (external edit)