Exp:resso Store comes with many different payment gateways for you to choose from. Our payment processing is based on the open source Omnipay library, which supports dozens of existing payment gateways, and is used on thousands of websites worldwide.
In general, payment gateways fall into one of two categories: external (off-site) gateways and merchant-hosted (on-site) gateways. Merchant hosted gateways allow you to collect the customer’s credit card details directly on your site, but have much stricter requirements, such as an SSL certificate for your server. You will also be subject to much more rigorous security requirements under the PCI DSS (Payment Card Industry Data Security Standard).
Payment gateways must be enabled under Store » Settings » Payment
Methods. You can then use them in your site, either by adding the
payment_method=""
parameter to the Checkout Tag or
Payment Tag, or by submitting a payment_method
form field.
Using the payment_method parameter:
{exp:store:checkout payment_method="PayPal_Express" return="store/order/ORDER_HASH"}
Under the hood, this simply adds a hidden field to your page:
<input type="hidden" name="payment_method" value="PayPal_Express" />
Using the payment_method form field:
<select name="payment_method">
<option value="Stripe">Credit Card</option>
<option value="Manual">Bank Transfer</option>
</select>
For on-site payment gateways, you will need to collect customer credit card details in your Checkout or Payment form. Below you will find a list of required parameters for each gateway. You can submit these parameters using regular HTML form inputs:
<input type="text" name="payment[card_no]" value="" />
Note that the name=""
parameter must be specified as
payment[card_no]
rather than simply card_no
. For a full example, see
the sample template under store_example/checkout3
.
If you require a payment gateway which is not yet supported, you can either develop it yourself (requires PHP experience), or we can develop it for you. If you wish to develop your own gateway, start by checking out the Omnipay library, and the store_check example extension. If you wish to receive a quote for us to develop the gateway, simply email support@exp-resso.com with the name of the gateway, and a link to (or copy of) the documentation.
payment_method="AuthorizeNet_AIM"
Authorize.Net AIM (Advanced Integration Method) is an on-site payment gateway. The following fields must be submitted:
In addition, you may submit a name field. If this is not submitted, the customer’s billing_name will be used. Other billing details from the order will also be passed through to the Authorize.Net.
payment_method="AuthorizeNet_SIM"
Authorize.Net SIM (Simple Integration Method) is an off-site payment gateway. No extra configuration is necessary.
Order billing details will be passed through to Authorize.Net to pre-fill the payment page. However, if the customer changes their billing details in Authorize.Net, these will not be pulled back through to Store.
payment_method="Buckaroo"
Buckaroo is an off-site payment gateway available in the Netherlands. This gateway allows credit card payments via Buckaroo. No extra configuration is necessary.
payment_method="Buckaroo_Ideal"
Buckaroo is an off-site payment gateway available in the Netherlands. This gateway allows iDEAL payments via Buckaroo. No extra configuration is necessary.
payment_method="Buckaroo_PayPal"
Buckaroo is an off-site payment gateway available in the Netherlands. This gateway allows PayPal payments via Buckaroo. No extra configuration is necessary.
payment_method="CardSave"
CardSave Direct/Integrated is an on-site payment gateway. The following fields must be submitted:
payment_method="Coinbase"
Coinbase is an off-site payment gateway with allows you to accept bitcoin payments. No extra configuration is necessary.
payment_method="Dummy"
The Dummy payment gateway is only to be used in demonstration and testing scenarios. Any card number ending in an even number will be authorized (e.g. ‘4242424242424242’). Any card number ending in an odd number will be declined. (e.g. ‘4111111111111111’).
The following fields must be submitted:
payment_method="Eway_Rapid"
eWay Rapid is a transparent redirect gateway. It works differently to other Store gateways, because the credit card form is hosted on your website, but it is posted to an off-site service. Because of this, the implementation process is slightly different.
On the final page of your checkout, instead of the regular {exp:store:checkout}
tag,
you must use the {exp:store:payment}
tag. This will generate the correct form to submit
the customer’s card details to eWay. Note that the input names are different to that of
other Store gateways, as they must match those specified in the
Rapid API Documentation.
Here is a complete example of what the final page of your checkout should look like:
{exp:store:payment payment_method="Eway_Rapid" return="store/order/ORDER_HASH"}
<input name="EWAY_CARDNAME" value="" />
<input name="EWAY_CARDNUMBER" value="" />
<select name="EWAY_CARDEXPIRYMONTH" />
<option value=""></option>
{exp_month_options}
</select>
<select name="EWAY_CARDEXPIRYYEAR" />
<option value=""></option>
{exp_year_options}
</select>
<input name="EWAY_CARDCVN" value="" />
{/exp:store:payment}
payment_method="FirstData_Connect"
First Data Connect is an off-site payment gateway. No extra configuration is necessary.
payment_method="GoCardless"
GoCardless is an off-site payment gateway. No extra configuration is necessary.
payment_method="Manual"
The manual payment gateway serves a special purpose in Store. When you need to accept cheque or bank deposit payments, you should use the manual payment gateway. The gateway simply authorizes all payments, allowing the order to proceed. You may then manually mark the payment as “captured” in the Store control panel when payment is received.
If you wish to have more than one manual payment gateway available to your customers, you can create additional gateways using the extension hooks. For an example, see the store_check extension.
payment_method="Migs_ThreeParty"
MIGS (MasterCard Internet Gateway Service) 3-Party is an off-site payment gateway. MIGS is a white label service, and is generally offered by your bank under a different name. Known services using MIGS include:
No extra configuration is necessary.
payment_method="Migs_TwoParty"
MIGS (MasterCard Internet Gateway Service) 2-Party is an on-site payment gateway. See MIGS 3-Party above for a list of known banks using this service.
The following fields must be submitted:
payment_method="Mollie"
Mollie is an off-site payment gateway available in the Netherlands, which supports iDEAL. No extra configuration is necessary.
payment_method="Netaxept"
Netaxept is an off-site payment gateway available in Norway. No extra configuration is necessary.
payment_method="NetBanx"
NetBanx is an on-site payment gateway. The following fields must be submitted:
payment_method="PayFast"
PayFast is an off-site payment gateway. No extra configuration is necessary.
payment_method="Payflow_Pro"
Payflow is an on-site payment gateway, which is run by PayPal, but allows you to use a regular merchant account. The following fields must be submitted:
payment_method="PaymentExpress_PxPay"
PaymentExpress (DPS) PxPay is an off-site payment gateway. It is also sometimes (inconsistently) referred to as PxAccess. No extra configuration is necessary.
payment_method="PaymentExpress_PxPost"
PaymentExpress (DPS) PxPost is an on-site payment gateway. The following fields must be submitted:
payment_method="PayPal_Express"
PayPal Express Checkout is an off-site payment gateway. PayPal is probably the most well-known and easy to set up payment gateway.
PayPal Express Checkout requires an API Username, Password, and Signature. These are different from your PayPal account details. You can obtain your API details by logging in to your PayPal account, and clicking Profile > My Selling Tools > API Access > Request/View API Credentials > Request API Signature.
payment_method="PayPal_Pro"
PayPal Website Payments Pro is an on-site payment gateway. The following fields must be submitted:
payment_method="Pin"
Pin is an on-site payment gateway. The following fields must be submitted:
Alternatively, you may use Pin.js to generate a client-side card token,
and reduce PCI compliance requirements on your server. The card token
should be submitted as a hidden input with name="payment[token]"
. For more
information, see the Pin.js documentation.
payment_method="SagePay_Direct"
Sage Pay Direct is an on-site payment gateway. The following fields must be submitted:
payment_method="SagePay_Server"
Sage Pay Server is an off-site payment gateway. No extra configuration is necessary.
payment_method="SecurePay_DirectPost"
SecurePay Direct Post is a transparent redirect gateway. It works differently to other Store gateways, because the credit card form is hosted on your website, but it is posted to an off-site service. Because of this, the implementation process is slightly different.
On the final page of your checkout, instead of the regular {exp:store:checkout}
tag,
you must use the {exp:store:payment}
tag. This will generate the correct form to submit
the customer’s card details to SecurePay. Note that the input names are different to that of
other Store gateways, as they must match those specified in the
Direct Post API Documentation.
Here is a complete example of what the final page of your checkout should look like:
{exp:store:payment payment_method="SecurePay_DirectPost" return="store/order/ORDER_HASH"}
<input name="EPS_CARDNUMBER" value="" />
<select name="EPS_EXPIRYMONTH" />
<option value=""></option>
{exp_month_options}
</select>
<select name="EPS_EXPIRYYEAR" />
<option value=""></option>
{exp_year_options}
</select>
<input name="EPS_CCV" value="" />
{/exp:store:payment}
payment_method="Stripe"
Stripe is an on-site payment gateway. However, it is much easier to set up than most on-site payment gateways, because it uses Javascript to convert credit card details into a secure token, before sending data to your server. This means that you don’t have to worry about the usual PCI DSS requirements for handling sensitive credit card details, since they are never sent to your server.
Because the card details are not submitted to your server, you should
not give them name=""
parameters. Instead, you should create form
inputs with data-stripe
attributes so that the Stripe javascript library can find them:
<input type="text" value="" data-stripe="number" />
<input type="text" value="" data-stripe="name" />
<select data-stripe="exp-month">
<option value=""></option>
{exp_month_options}
</select>
<select data-stripe="exp-year">
<option value=""></option>
{exp_year_options}
</select>
<input type="text" size="4" value="" data-stripe="cvc" />
You must also create a hidden form input to hold the Stripe card token:
<input type="hidden" id="payment_token" name="payment[token]" value="" />
Stripe requires some extra Javascript to be added to your Checkout or Payment form. For more information, please see the Stripe Documentation. A simple example is shown below:
$(function() {
$.getScript('https://js.stripe.com/v2/', function() {
Stripe.setPublishableKey('YOUR_PUBLISHABLE_KEY_HERE');
});
/* Ensure your checkout submit button has id="checkout_submit" */
$checkout_submit = $("#checkout_submit").click(function() {
/* Only handle requests for Stripe gateway */
if (this.form.elements["payment_method"].value == "Stripe") {
/* Temporarily disable the checkout submit button */
$checkout_submit.attr('disabled', true);
/* Create a Stripe card token */
Stripe.card.createToken($(this.form), stripeResponseHandler);
/* We don't want to submit the form yet */
return false;
}
});
/* This function is triggered once Stripe has generated the token */
function stripeResponseHandler(status, response) {
/* Re-enable the checkout submit button */
$checkout_submit.attr('disabled', false);
/* Check whether we have a valid credit card */
if (response.error) {
alert(response.error.message);
} else {
/* Set the card token and submit the checkout form */
$("#payment_token").val(response.id);
$checkout_submit.off("click").click();
}
}
});
payment_method="TargetPay_Directebanking"
TargetPay is an off-site payment gateway. This gateway allows you to use TargetPay to process DIRECTebanking payments. No extra configuration is necessary.
payment_method="TargetPay_Ideal"
TargetPay is an off-site payment gateway. This gateway allows you to use TargetPay to process iDEAL payments. No extra configuration is necessary.
payment_method="TargetPay_Mrcash"
TargetPay is an off-site payment gateway. This gateway allows you to use TargetPay to process Mr Cash payments. No extra configuration is necessary.
payment_method="TwoCheckout"
2Checkout is an off-site payment gateway. No extra configuration is necessary.
payment_method="Ogone_Ecommerce"
payment_method="WorldPay"
WorldPay is an off-site payment gateway. There are several configuration changes you must make in your WorldPay Merchant Admin Interface before it will work correctly:
<wpdisplay item=MC_callback>
If you do not set a Payment Response password and MD5 secret, your WorldPay gateway will not be secure, and it will be possible to submit fake payments on your site.