Checkout v2 Auth
Simple & Secure
Offload the burden of hosting your own payment form and reduce your PCI scope with Forte's third-generation Checkout. Checkout's advanced features enable you to make quick and painless payments on your own site with just a few lines of code.
With Checkout you get:
- A simple integration
Start using Checkout today with customizable JavaScript that sits on top of your existing site. - Wallet storage functionality
Save customer and payment method data to make checking out fast and easy. - Up-to-date customer data
Enable customers to edit their own address and payment data to ensure you always have the correct information. - Advanced form field settings
Default Checkout’s form fields to a value, empty, or hidden for full control over the data collected. - Granular amount settings
Specify a non-editable amount to pay or a range of amounts for the customer. - Reduced cart abandonment
Ensure your customer’s trust by running the entire checkout process from your site.
NOTE: The content of this page provides the necessary steps to help you migrate from iCG iFrame to CSG Forte Checkout v2. If you wish to view more detailed documentation, you can find it here: Forte Checkout v2 Documentation
Checkout’s Pay Now button uses an HTML form POST action with a signature to create the modal window. When the customer clicks the button with coded parameters on the client side, Forte servers read the parameters and populate the modal window. The JavaScript, https://checkout.forte.net/v2/js, includes a Forte name-spaced version of jQuery so as not to conflict with other client-side jQuery code.
Before coding the Pay Now button, Each request requires at least 3 parameters: API Access ID, API Secure Key and Location ID which provide a unique identified tied to each individual account.
Account Owner
Use Forte’s Dex application to create your API credentials. For more information on creating a hash signature, see the Authentication section.
Complete the following steps to generate your API Access ID and API Secure Key:
- Log into your Dex Account.
- Search for and select the Home Organization for which you want to create the credential set. If your Home Organization is the same as your Logged-In Organization, skip this step.
- Select Developer > API Credentials from the Dex Main Menu.
- Click
. The Create API Credentials screen displays. - Enter a name for this set of API credentials in the Name Field. This field is required.
- Click
. The API Access ID and API Secure Key values display in their corresponding fields. - Click
next to the API Access ID and API Secure Key fields to record both of these newly generated values in a secure location to use in authenticating your requests.
NOTE: Once you save your API Secure Key, you will not be able to see the value again. If you forget your API Secure Key or it becomes compromised, you will have to regenerate the value in Dex.
Development Team
These parameters should be provided to the Development Team by the Owner of the Account in the Production environment. Their equivalents to you was used in the iCG iFrame are:
| Parameter | iCG Equivalent |
|---|---|
Location ID [max length=6] | SiteID [max length=4] |
API Secure Key [max length=32] | SiteKey [max length=8] |
API Access Key [max length=32] | APIKey [max length=12] |
Add the following Forte.js references to the <head> tag of your payment form.
For the test environment:
For the production environment:
Checkout uses hash signatures for authentication.
Creating a Signature
The example below displays what information your signature should contain:
HMACSHA256("api_access_id|method|version_number|total_amount|utc_time|order_number|customer_token|paymethod_token","API Secure Key")Use the following parameters when creating your hash signature:
Parameter | Description | Type | Req |
api_access_id | The organization-specific API Access ID value that you created in Dex. See the Merchant Configuration for information on creating this value. | string | R |
method | Supported types include the following: token To Save Payment Method and Generate a Token | string | R |
version_number | 2.0 | string | R |
total_amount | A string that represents the total amount of the transaction. NOTE: If you use it solely to generate a token, it should be empty.. | string | C |
utc_time | A date-time value (since 01/01/0001 00:00:00) that marks the day and time the request was sent to Checkout in ticks. Checkout will only accept utc_time values that are 20 minutes before the current time or 10 minutes after the current time. Requests expire after 10 minutes to prevent malicious users from capturing requests and resubmitting them at a later time. Checkout provides an API that returns the correct UTC time from Forte’s server. Using this server-side value prevents inadvertent expiration errors from client PCs that do not have the correct local time set. Use the following get UTC API URLs in your code to retrieve UTC ticks from Forte's servers: • https://checkout.forte.net/getUTC?callback=? //production <script> var button = $('button[api_access_id]'); $.getJSON('https://sandbox.forte.net/checkout/getUTC?callback=?').done(function (utc) { button.attr('utc_time', utc); }); </script>
<?php $curlData = (curl_exec($curlUTC)); | string | R |
order_number | A string that represents the order number associated with a transaction. | string | O |
customer_token | An alphanumeric ID used to reference a customer. Forte stores the token and its associated information. | string | O |
paymethod_token | An alphanumeric ID used to reference stored payment information (card or eCheck) for a customer. Forte stores the token and its associated information. | string | O |
R=Required O=Optional C=Conditional | |||
Create Token Sample
"44ca118ba91da47fc92995d914056dc6|token|2.0||636397036957980000|||","6cc0a410f5469e8578077f4269b6139a" Process Transaction Sample
"44ca118ba91da47fc92995d914056dc6|sale|2.0|10.00|636397036957980000|||","6cc0a410f5469e8578077f4269b6139a" The code below represents the minimal html code required to generate a payment button. If you want Checkout to capture additional information, such as a customer's billing address, you must include the additional parameters listed below.
Save Payment Method and Generate a Token
Process Payment
Button Parameters
-
Parameter | Description | Req | Type | iCG iFrame Equivalent |
method | Supported types include the following: token To Save Payment Method and Generate a Token | R | string | iFrame Configuration |
allowed_methods |
| O | string | iFrame Configuration. You can define to use ECheck or Credit Card or both options. |
hash_method | sha256signature | R | string | N/A |
version_number | 2.0 | R | string | N/A |
location_id | The location (Merchant ID) under which the transaction should be processed | R | string | SiteID |
total_amount | The value of the total_amount parameter must be greater than zero. Required for Process Payment. | O | string | amount |
tax_amount | The sales tax amount of the transaction | O | dec | salesTax |
consumer_id | A merchant-defined string used to identify the customer. [max length=15] | O | string | custId |
save_token |
| O | bool | saveTokenDisabled |
customer_token | An alphanumeric ID used to reference a customer. Checkout accepts/returns a string for this parameter. [max length=26] | O | string | N/A |
paymethod_token | An alphanumeric ID used to reference stored payment information (card or echeck) for a customer. Checkout accepts/returns a string for this parameter. [max length=26] | O | string | N/A |
sec_code | Enables merchants to pass custom SEC codes for echeck [max length=3] | O | string | entryClassCode |
entered_by | Name of the user entering the transaction. [max length=25] | O | string | N/A |
button_text | Enables the user to customize the text of the payment button. If the user does not pass a value in this parameter, Checkout reverts to the following default values according to the
| O | string | iFrame Configuration, default value "Continue" |
expire_utc | Enables the merchant to define a UTC expiration date-time value for the transaction in ticks. When expire_utc is not set, Forte Checkout handles the session timeout by warning the user every 20 mins and allowing them to extend the session, if required. As part of being ADA compliant and as a best practice, we strongly recommend that expire_utc is not used by the customer to set expiry time. When expire_utc is used by the customer, Forte Checkout will only warn the user when the session is about to expire. This is only partially ADA compliant and hence not recommended. If the customer attempts a transaction after this set time has expired, Checkout’s modal automatically closes, and he or she must generate a new Checkout form.
| O | string | N/A |
reference_id | A merchant-defined string that identifies the transaction. [max length=15] | O | string | N/A |
xdata_# | Up to nine fields (1–9) of extra data that you can associate with a schedule or a transaction. Each field can contain up to 80 characters. This data does not display on the Checkout modal window; however, the merchant can join this information to the webhook response to provide a more detailed description of the transaction. NOTE: Values within this field cannot contain double quotation characters (i.e., "text"); Forte Checkout supports single quotation characters (i.e., 'text'). If you require double quotation characters within this value, use HTML escape characters to ensure the information properly displays (e.g., [max length=255] | O | string | custom1, custom2, custom3 |
Billing Parameters | ||||
billing_name | The first and last name of the customer associated with this billing address. [max length=50] | O | string | firstName, lastName |
billing_company_name | The company name associated with the billing address. [max length=50] | O | string | company |
billing_street_line1 | The first line of the customer's billing address. [max length=35] | O | string | street1 |
billing_street_line2 | If required, the second line of the customer's billing address (e.g., Suite or Apartment number). [max length=35] | O | string | street2 |
billing_locality | The locality/city/town/village of the customer's billing address. [max length=25] | O | string | city |
billing_region | The region/state/province of the customer's billing address. [max length=10] | O | string | state |
billing_postal_code | The postal/zip code of the customer's billing address. NOTE: This field is not required for echeck payments unless you pass | O | string | zip |
billing_country | The Country code of the customer's billing address (includes military states) in ISO 3166-1 alpha-2 format. [max-length=2] | O | string | N/A |
billing_email_address | The email address associated with the customer's physical billing address. [max length=50] | O | string | |
billing_phone_number | The phone number associated with the customer's physical billing address. [max length=15] | O | string | phone |
R=Required O=Optional C=Conditional | ||||
Attributes
To make these parameters editable, required, or hidden, pass the parameter suffixed with attr and one or more of the following attributes:
Attribute | Description | Example |
edit | Makes the field editable for the customer | a. billing_name_attr="edit" |
required | Makes the field required for the customer | a. billing_postal_code_attr="required" |
hide | Hides the field from the customer; however, Checkout passes the parameter with the transaction behind the scenes. This attribute cannot be combined with the edit or required attributes. | billing_name_attr="hide" |
Forte Checkout supports Address Verification Services for credit card saleand auth transactions that occur in the United States (i.e., billing_country=US). These settings can be configured in Dex by the Admin of your organization. Merchants can choose the following AVS settings for their transactions in Forte Checkout:
- Don't perform AVS checks
- Check AVS but don't decline on mismatch
- Check AVS and decline on mismatch
For more information on configuring these settings, see Working with Card Services Settings in the Dex Merchant Help documentation (if you're a partner, click here for the Dex Partner Help documentation).
Checkout supports transactions on both tablets and mobile phones.
Checkout's callbacks contains the results of a transaction, provide real-time (synchronous), client-side notifications to you.
Callbacks provide your front-end with synchronous updates about the current state of the checkout process, which can then be relayed to the customer through the shopping cart (via a receipt display) or other applications integrated with Checkout. The button supplied to you contains a callback attribute that accepts and displays notifications for the following transaction events:
begin- This event occurs when the customer launches the payment button. You can use this event for conversion tracking data.success- This event indicates that the transaction was successful.failure- This event indicates that the transaction has failed. Inspect theresponse_coderesponse parameter for more information (e.g., you are over your monthly processing limit (U04)). See Response Codes for more information. NOTE: If you attempt an ad-hoc transaction while passing thesave_token=trueparameter and the transaction fails, Forte will not return the token in either the callback or the webhook.error- This event indicates that the request is invalid and Checkout could not be rendered. For example, triggers for this event could include a client failing to pass a valid authentication signature, an invalid total amount, or an invalid client token.abort- This event indicates that the customer canceled the checkout process by clicking on the Close button on the modal.expired- This event indicates that the customer failed to complete the transaction prior to the expiration time set by you via theexpire_utcparameter.
The table below details the response parameters that could be included in Checkout's callbacks.
Parameter | iCG Equivalent | Description | Length | Type | |
signature | signature |
| varies | string | |
subtotal_amount | N/A | The base amount used for calculating the service_fee_amount. This field is only used for convenience fee merchants. | -- | string | |
service_fee_amount | N/A | The calculated percentage of a service fee. For example, a service fee of 2.45% on a $50 purchase would yield a service_fee_amount=1.23. This field only applies to convenience fee merchants. | -- | string | |
total_amount | amount | The total amount of the transaction including the subtotal_amount and the for convenience fee merchants. | -- | string | |
tax_amount | N/A | The sales tax amount of the transaction that was passed in the button code or added in the Forte Checkout modal. | -- | string | |
version_number | N/A | The version of Checkout sending the POST message. Supported values include the following: • 2.0 | 4 | string | |
method | operation | Supported values for this parameter include the following: • sale | 8 | string | |
event | N/A |
| 7 | string | |
trace_number | transactionResponse | A unique ID returned to identify a transaction or a schedule. | 36 | string | |
utc_time | N/A | A date-time value that marks the day and time the response was sent in ticks | -- | -- | |
authorization_code | transactionResponse | A code that references the authorization of the transaction | 80 | string | |
paymethod_token | token | If created, a string ID that references stored payment method(s), such as a credit card or electronic check. | 36 | string | |
customer_token | N/A | If created, a string ID that references stored customer information. | 36 | string | |
response_code | transactionResponse | A code that represents the transaction result. For more information on these responses, see Response Codes. | 3 | string | |
response_description | N/A | A text description of the transaction result | 80 | string | |
request_id | N/A | The request ID Checkout generated for this call | 36 | string | |
hash_method | N/A | The hash method used for the response (this parameter defaults to sha256 | -- | string | |
method_used | cardType - CC accountType - ACH |
| 6 | string | |
last_4 | cardNumber - CC accountNumber - ACH | The last four numbers of a card or account number | 4 | string | |
wallet_type | N/A | This field is returned in callbacks and webhooks when the digital wallet is used for transaction. Supported values for this parameter include the following: ApplePay GooglePay | 50 | string | |
xdata_# | N/A | Returns xdata fields in callbacks and webhooks. Each field can contain up to 80 characters. | 80 | string | |
line_item_header | N/A | A brief header field that precedes the line_item data field. | |||
line_item_1-10000 | N/A | Up to 10,000 line items with up to 101 elements each that a merchant can associate with a customer's transaction. | |||
emvReceiptData | N/A | EMV data for EMV transactions. Values in this fields are used to build EMV-compatible receipts. For example: | 1500 | string | |
terminal_number | N/A | Returns the serial number of an eDynamo used for the transaction. | 25 | string | |
order_number | N/A | The order number value passed in the button parameter, order_number. | 15 | string | |
expire_month | Expires On | The expiration month of the credit card used for the transaction. | 2 | string | |
expire_year | cardExpDate | The expiration year of the credit card used for the transaction. | 4 | string | Expires On |
name_on_card | accountNamee | This field is returned in callbacks and webhooks when the button parameter show_cardholder_name field is set to true. If show_cardholder_name field is set to false, Checkout returns the billing_name value in this field. | 50 | string |
Understanding Callback Parameters
The following table provides the callback parameters for events that occur in simple sales and scheduled transactions. The successful processing of a transaction triggers success event callbacks, which contain the result of the transaction (i.e., approved transactions). When an error event triggers a callback, the Checkout window displays the error message. Since some parameters are unavailable for some responses, those parameters may not be present in the response object.
NOTE: The "Returned Parameters" column contains example hash data.
Event | Returned Parameters |
Sale Method | |
Begin | { "event":"begin", "method":"sale", "request_id":"1414edf7-2816-4968-ced2-b7d3e7156da7" } |
Success | { "event":"success", "method":"sale", "request_id":"9ea365d6-40d8-416f-ca3c-1aef43529213", "response_code":"A01", "response_description": "APPROVAL", "trace_number":"fb25a0c5-c5a5-4505-9c56-4297799aeb77", "authorization_code": "123456", "total_amount":"51.23", "avs_code": "Y", "order_number": "invoice-1234", "version_number": "2.0", "last_4": "1111", "method_used": "visa", "hash_method": "sha256", "xdata_1": "custom data number 1", "xdata_2": "custom data number 2", "billing_company_name": "Widget Factory, Inc.", "billing_street_line1": "500 W. Bethany Drive", "billing_street_line2": "Suite 200", "billing_locality": "Allen", "billing_postal_code": "75013", "billing_country": "US", "billing_email_address": "[email protected]", "billing_phone_number": "1234567890", "name_on_card": "Olivia Smith", "consumer_id": "Account-ID-4444", "reference_id": "reference ID", "line_item_header": "style,size,color", "line_item_1": "high-top,10W,red", "line_item_2": "low-top,8N,green", "line_item_3": "low-top,8N,blue", "expire_month":"12", "expire_year":"2024", "signature":"c1d704c4711595f48e1552a9af9b8ada", "utc_time": "635210889954381263"} |
Failure | { "event":"failure", "method":"sale", "request_id":"21e2d11d-bfd9-4991-ca50-16170bc21329", "response_code":"U02", "response_description": "ACCOUNT NOT APPROVED", "version_number":"2.0", "trace_number": "89748473-6eb2-483f-81af-1d787a903f5c", "subtotal_amount":"50.00", "service_fee_amount":"1.23", "total_amount":"51.23", "last_4":"2222", "method_used":"echeck", "signature":"e83dee1c9fa2067786fb53c149ebbe62", "utc_time":"635295420748992999", "hash_method":"sha256" } |
Error | { "event":"error", "msg": "Invalid total_amount: 1-9.5;5d" } |
Abort | { "event":"abort", "request_id":"46f27f88-5f00-4d0a-e1a3-d32b4f57bc12" } |
Expired | { "event":"expired", "request_id":"9ea365d6-2816-4968-e1a3-d32b4f57bc12" "expire_utc":"635295420748992999" } |
Token Method | |
Begin | { "event":"begin", "method":"token", "request_id":"1414edf7-2816-4968-ced2-b7d3e7156da7" } |
Success | { "event":"success", "customer_token":"1035622", "paymethod_token": "1077158", "method":"token", "request_id":"c29c1b64-ccbf-4124-f483-3abe3776aac6", "version_number":"2.0", "last_4":"1111", "method_used": "visa", "expire_month":"12", "expire_year":"2020", "signature": "b5f4fd7b942a2635bff01a3d6aff7c03", "utc_time":"635295449732597770", "hash_method":"sha256" } |
Failure | { "event":"failure", "method":"token", "request_id":"21e2d11d-bfd9-4991-ca50-16170bc21329", "response_code":"U02", "response_description": "ACCOUNT NOT APPROVED", "version_number":"2.0", "trace_number": "89748473-6eb2-483f-81af-1d787a903f5c", "total_amount":"5.00", "last_4":"2222", "method_used":"echeck", "signature": "e83dee1c9fa2067786fb53c149ebbe62", "utc_time":"635295420748992999", "hash_method":"sha256" } |
Error | { "event":"error", "msg":"Invalid total_amount: 1-9.5;5d" } |
Abort | { "event":"abort", "request_id":"46f27f88-5f00-4d0a-e1a3-d32b4f57bc12" } |
Capturing Callback Messages
Callback messages enable you to present the customer with real-time status information on the transaction. To do this, you must capture the message by coding the callback attribute into your button:
This button code defines that your page will use the oncallback Javascript function to capture the callback message. To display the message to the customer after a transaction, you must add JavaScript to parse e.data to an HTML place holder:
The e.data response object is a string that can be converted to a JSON object with a format that you define with Checkout’s response parameters (see Response Parameters for more information). The sample code below shows how you could use this response object to capture a callback message for customers:
The following table details potential errors you could encounter in Checkout.
Error Message |
"Routing number is invalid." |
"The parameter version_number is required." |
"Email address is invalid." |
"State is not valid." |
"Invalid authentication." |
"No allowed_method is available." |
"Invalid parameter api_access_id." |
"The browser you are using is not supported. Please download the latest version of your browser to use Checkout." |
"The parameter api_access_id is required." |
"The browser you are using is not supported. Checkout supports the latest versions of the following browsers: Internet Explorer, Firefox, Chrome, and Safari." |
"Please either disable compatibility view or upgrade your browser to proceed." |
"Scheduled transactions are not allowed for service fee merchants." |
"Invalid parameter schedule_quantity: "______." |
"Invalid parameter schedule_continuous: "______", Use true/false." |
"Invalid schedule_quantity for continuously scheduled transaction." |
"Invalid parameter schedule_frequency: "______". Use weekly, bi-weekly, monthly, bi-monthly, quarterly, semi-annually, annually. Use 0 for single future transaction." |
"Invalid schedule_quantity for one-time future scheduled transaction." |
"Invalid schedule_continuous for one-time future scheduled transaction." |
"The parameter schedule_start_date must be a future date." |
"Invalid parameter schedule_start_date: "______." |
"The total_amount passed cannot be used with a method of schedule." |
"Invalid parameter total_amount for scheduled transaction: "______." |
"The parameter utc_time is required." |
"Scheduled transactions require either setting save_token=true or passing in customer/payment token." |
"Invalid parameter save_token: "______." Use true/false." |
"Invalid parameter swipe: "______." Use true false." |
"Invalid parameter allowed_methods: "______." Use visa/mast/disc/amex/echeck." |
"Invalid total_amount for scheduled transaction." |
"No payment method is available for the scheduled transaction." |
"No payment method is available." |
"This paymethod_token is not allowed." |
"Invalid parameter hash_method: "______." Use sha256." |
"Invalid parameter method: "______." Use sale/schedule/token." |
"Invalid parameter request_id: "______." |
"The paymethod_token "______" does not exist." |
"The customer_token "______" does not exist." |
"The paymethod_token "______" is invalid: it does not belong to the customer." |
This can occur if the client blocks the following URL: checkout.forte.net. To ensure you've included this URL in your code, open the network console from the browser to verify the javascript loads correctly and check to see if you've included the following lines in the <Head> section of the html page.
Forte Checkout is not supported with Internet Explorer. Please refer to Browser Compatibility section for more information on supported browsers
Dynamic Example to Run:
Check the HTML tab to check the button definition.
Click here for the CSS details
Check the JS tab to check the signature generation and the response callback
Additional Forte Checkout Resources:
For more information, check out the following resources:
CSG Forte Checkout Java Sample
CSG Forte Checkout Workbench (C)
Need Help?:
If you need assistance with the migration, please contact our support team at [email protected].