Can anyone offer some advice on whats happening here ?
ive go the payment module configured and i go to the checkout and all goes well untill i post to hsbc
the response i get back from the cpi servlet is 'the transaction failed due to invalid data' ?
the post and data look fine to me .....
<form name="checkout_confirmation" action="https://www.cpi.hsbc.com/servlet" method="post">
<br>
<input type="hidden" name="CpiDirectResultUrl" value="https://www.thehardwareworks.co.uk/catalog/checkout_process.php">
<input type="hidden" name="CpiReturnUrl" value="https://www.thehardwareworks.co.uk/catalog/hsbc_return.php">
<input type="hidden" name="OrderDesc" value="The Hardware Works order">
<input type="hidden" name="OrderId" value="04134-093124156">
<input type="hidden" name="PurchaseAmount" value="1814">
<input type="hidden" name="PurchaseCurrency" value="826">
<input type="hidden" name="StorefrontId" value="UKxxxxxxxxGBP">
<input type="hidden" name="TimeStamp" value="1084566684000">
<input type="hidden" name="TransactionType" value="Auth">
<input type="hidden" name="MerchantData" value="286b03ed38640b8c9a1d844ddd4b6821">
<input type="hidden" name="Mode" value="P">
<input type="hidden" name="OrderHash" value="yjgF+GlhDfFpLR9IIpPUGeqTZiQ=">
<input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif" border="0" alt="Confirm Order" title=" Confirm Order ">
</form>
I've taken out the shipping and billing info, so thats obviously not the problem, and the c code is generating a hash sucessfully as shown above.
My real nagging fear is that HSBC may have supplied a duff hash key, if that is so getting them to admit could be awkward I guess.
Every time I ask them to check the hash key, they only seem to check against what there record of the hash key should be, rather than the validity of the supplied hash key itself.
i.e. If they supply a dodgy key obviously no amount of tinkering will make your're site work :o
I've been go bakc and forth to HSBC all this week and all they can say is that something in the data must be wrong, but they cannot identify anything that is currently wrong with the data I'm passing over...which is why I'm questing how often they supply dodgy hash keys.
One person on this board has complained of having a bad key, has anyone else suffered this fate or was that a one off ?