HSBC CPI Payment Gateway Integration
I had a very interesting project this week, to integrate the HSBC online payment gateway into a custom built shopping store. I have never done this before and I admitted as much to my clients but I was adamant on learning it so I took up the project. The clients were very understanding and decided to go with me.
As always, I started off completely blank. I didn’t know where to begin really till I found an OsCommerce module for integrating HSBC gateway into an OsC store. After going through the code I was still quite lost because I couldn’t get the hash checking to work. No matter what I did or how many times I read the CPI specification, I couldn’t get it to work, something was wrong. It doesn’t help that HSBC provides no way of testing their payment method without a valid StoreFrontID and a HashKey.
This is where Webmaster World comes in. It’s a wonderful place that i’ve been visiting for a while not and i’m sure most of you know about it. This thread on WBM was really useful. On page 8 a user named Telumehtar provides the solution for generating OrderHash, a solution which unlike the HSBC CPI guide solutions, actually works. Telumehtar or John owns this site and is a professional web designer. He has also provided proper working libs for the HSBC gateway here. He was very helpful throughout the project in answering my little, and most of the time stupid, queries. Using his libraries I was finally able to generate proper OrderHash to test with.
Before I go any further here’s a little constructive criticism of the HSBC system. It’s painfully “secret”. There is no way of knowing what you’re doing wrong because HSBC doesn’t send you any decent error information. If your OrderHash itself is wrong, HSBC doesn’t say so, it simply disregards your transaction. It wouldn’t hurt to add an error code, it can’t possible be difficult. Secondly, the system only allows https or secure pages to postback and return too. Because of this, I had to go buy a Turbo SSL certificate off GoDaddy and then a hosting account off HostGator, who are by far the most helpful hosts i’ve encountered to even test my application. Last but possibly the most important point, not all of us are on good hosts like HostGator who will installs libs for us. How about providing a Zend or Ioncude encoded file with the implementation of the OrderHash…
The only real problem that I ran into was with the OrderHash, the rest of it is pretty straightforward and works just like the Paypal IPN. You post information to HSBC with a OrderHash. HSBC checks the validity of your information by generating it’s own OrderHash from your account access key and the data you posted. If the keys match your order is accepted. Upon payment completion/cancellation HSBC posts the details of the transaction to you with another OrderHash. Confirm that the transaction data is valid and you’re done.
There is absolutely no documentation to help you if you run into problems though. Your best bet is that thread on WBM but that’s about it.
If you’re looking for someone to integrate the solution into your site, contact me for a quote, my information is on the contact page.