...
The end customer is directly forwarded to the "redirecturl" if provided in the PAYONE Platform response. After that, the end customer is send back to your success URL or error URL.
Remark
| UI Text Box | ||
|---|---|---|
| ||
Payment data should not come into touch with your system. This is very important with credit card data. Certification according to the PCI standard is not necessary only if the card data does not come into touch with your systems. Sensible payment data should be sent directly from the form to the client API and should not be forwarded trough your systems (see below). Any other data can be queried in preceding steps. |
Important note
| UI Text Box | ||
|---|---|---|
| ||
This mode is also known as “direct post”. The input fields are placed on the merchant payment page and not provided by PAYONE. Therefore the merchant needs to comply with PCI DSS SAQ A-EP certification. To be SAQ A compliant PAYONE recommends implementation of the PAYONE hosted-iFrame-solution. |
HTML example
<form action="https://secure.pay1.de/client-api/" method="POST"> <input type="hidden" name="portalid" value="2000000"> <input type="hidden" name="aid" value="10000"> <input type="hidden" name="mode" value="test"> <input type="hidden" name="request" value="bankaccountcheck"> <input type="hidden" name="successurl" value="http://www.yoursite.com/success.php"> <input type="hidden" name="errorurl" value="http://www.yoursite.com/error.php"> <input type="hidden" name="hash" value="70eaec2a33fa1b4674c0b1ge5e982966"> <input type="hidden" name="responsetype" value="REDIRECT"> <input type="hidden" name="language" value="en"> <input type="hidden" name="bankcountry" value="DE"> <table> <tr> <td>Account number</td> <td><input type="text" name="bankaccount"></td> </tr> <tr> <td>Sort code</td> <td><input type="text" name="bankcode"></td> </tr> </table> <input type="submit" value="Buy now!"> </form> |
...