HCO Integration Guide
Hosted Checkout (HCO) allows you to securely accept E-commerce payments by redirecting your customers to E-xact's hosted payment page. This keeps your system out of PCI scope while giving you access to fraud prevention and diverse payment methods.
š Getting Started
To initiate a checkout, your application must generate an HTML form and submit an HTTP POST request to one of the following endpoints:
- Live Environment:
https://checkout.e-xact.com/payment - Sandbox/Demo Environment:
https://rpm.demo.e-xact.com/payment
Essential Form Fields
At a minimum, your POST request must include the following hidden fields. If any are missing or invalid, the customer will see an error.
| Field | Description |
|---|---|
x_login | Your unique Payment Page ID (found in your E-xact dashboard). |
x_amount | The total amount to charge (e.g., 12.50). |
x_fp_sequence | A random or sequential invoice number used to make the hash unique. |
x_fp_timestamp | UTC timestamp in seconds since the Unix epoch. |
x_fp_hash | Security signature verifying the request (see below). |
x_show_form | Must be set to PAYMENT_FORM. |
š Hash Calculation (x_fp_hash)
x_fp_hash)The x_fp_hash parameter ensures that the payment request originated from your server and was not tampered with.
The hash is generated using either HMAC-SHA1, or HMAC-MD5 based on a string combining your transaction variables and your Transaction Key (found in your E-xact Dashboard under Payment Pages > Security).
Standard Hash String Format
Concatenate your values in the following exact order, separated by a caret (^):
x_login^x_fp_sequence^x_fp_timestamp^x_amount^x_currency_code
Example Code (Python) - HMAC-SHA1
import hmac
import hashlib
import time
# Credentials and transaction details
transaction_key = b'YOUR_TRANSACTION_KEY'
login_id = 'YOUR_PAYMENT_PAGE_ID'
sequence = '123456' # Unique order/sequence ID
timestamp = str(int(time.time()))
amount = '25.00'
currency = 'USD' # or CAD
# Construct the data string exactly as required by the API
data_string = f"{login_id}^{sequence}^{timestamp}^{amount}^{currency}"
# Generate the HMAC-SHA1 Hash
x_fp_hash = hmac.new(
transaction_key,
data_string.encode('utf-8'),
hashlib.sha1
).hexdigest()
print(f"x_fp_hash: {x_fp_hash}")Example Code (Node.js) - HMAC-MD5
const crypto = require('crypto');
const transactionKey = 'YOUR_TRANSACTION_KEY';
const loginId = 'YOUR_PAYMENT_PAGE_ID';
const sequence = '123456'; // Unique order/sequence ID
const timestamp = Math.floor(Date.now() / 1000).toString();
const amount = '25.00';
const currency = 'USD'; // or CAD
// Construct the string
const dataString = `${loginId}^${sequence}^${timestamp}^${amount}^${currency}`;
// Generate HMAC-MD5 Hash
const x_fp_hash = crypto.createHmac('md5', transactionKey).update(dataString).digest('hex');
console.log(x_fp_hash);
Built-in Hash CalculatorHaving trouble getting your hash to match? Log in to your E-xact account and navigate to Payment Pages > Hash Calculator. From there you can input raw variables to see exactly what hash E-xact is expecting, making debugging easy.
Transaction and Display Fields
Processing Fields
| Field Name | Expected Value / Format | Description |
|---|---|---|
x_test_request | TRUE / FALSE | Optional: Process payment in test mode. Case-sensitive. |
x_type | AUTH_CAPTURE / AUTH_ONLY / AUTH_TOKEN / PURCHASE_TOKEN | Defines the type of transaction being processed. |
Receipt Page Fields
| Field Name | Expected Value / Format | Description |
|---|---|---|
x_receipt_link_method | LINK / GET / POST / AUTO-GET / AUTO-POST | Specifies the type of link made back to the merchant's website. Case-sensitive. |
x_receipt_link_text | Any text | Hyperlinked text or submit button value. With GET or POST a form is generated with hidden fields that contain the result of the processed transaction. If empty, the default value is "Return to Merchant...". |
x_receipt_link_url | Valid URL | Target of the hyperlinked text or action for HTML GET/POST. If empty or not a valid URL, the default value from the Payment Pages interface is taken. |
Fields Common to Payment Collection and Receipt Page
| Field Name | Expected Value / Format | Description |
|---|---|---|
x_email_customer | TRUE / FALSE | Determines if a confirmation email should be sent to the customer; the default is set in the Payment Pages interface. |
x_merchant_email | Valid email address | Email address to which the merchant's copy of the customer confirmation email should be sent. |
Transaction Data & Recurring Billing Fields
| Field Name | Expected Value / Format | Description |
|---|---|---|
x_currency_code | USD / CAD | Currency of the transaction. Case sensitive. |
x_recurring_billing | TRUE / FALSE | To enable Recurring functionality through Payment Pages, this must be set to TRUE. |
x_recurring_billing_end_date | YYYY-MM-DD | Optional: Sets a custom end date for Recurring payments (otherwise it will be inherited from the Plan default). |
Order and Customer Detail Fields
Order Information Fields
| Field Name | Description |
|---|---|
x_cust_id | Unique identifier for the customer associated with the transaction. (Not validated; not displayed to the customer). |
x_invoice_num | Invoice number associated with the transaction. |
x_customer_tax_id | Tax ID of the customer. (Not validated; not displayed to the customer). |
x_line_item | Itemized order information. |
x_po_num | Purchase order number. Truncated to the first 20 characters and becomes part of the transaction. |
x_description | Description of the transaction. (Not validated; not displayed to the customer). |
x_reference_3 | Additional reference data. Maximum length of 30 characters. Becomes part of the transaction but does not appear on the receipt. |
Customer Name, Billing, and Shipping Address Fields
| Field Category | Included Fields |
|---|---|
| Billing Address | x_first_name, x_last_name, x_company, x_address, x_city, x_state, x_zip, x_country, x_phone, x_fax |
| Shipping Address | x_ship_to_first_name, x_ship_to_last_name, x_ship_to_company, x_ship_to_address, x_ship_to_city, x_ship_to_state, x_ship_to_zip, x_ship_to_country |
Additional Customer Data & Amount Fields
| Field Name | Expected Value / Format | Description |
|---|---|---|
x_customer_ip | IP Address | IP address of the customer. |
x_email | Valid email address | Email address to which the customer's copy of the confirmation email is sent. (No email will be sent if the address fails standard format checks). |
x_tax | Non-negative Number | The tax in dollars. |
x_tax_exempt | TRUE / FALSE | Indicates if the transaction is tax-exempt. |
x_freight | Non-negative Number | Freight charge in dollars. |
x_duty | Non-negative Number | Duty in dollars. |
Updated about 1 month ago