Magento Extension User Guide: Web Services

Transcription

Magento Extension User Guide: Web Services
Magento Extension User Guide: Web Services
This document explains how to install the official Secure Trading
extension on your Magento store.
Module version: 3.4
Published: 31 October 2014
Magento Extension User Guide: Web Services
Table of Contents
1
Introduction ...................................................................................................................................... 3
1.1
1.2
1.3
2
Process Overview ............................................................................................................................ 4
2.1
3
Compatibility ............................................................................................................................. 32
Troubleshooting ....................................................................................................................... 32
Updating the Extension ............................................................................................................ 33
Log files .................................................................................................................................... 34
Additional Notes ............................................................................................................................. 35
7.1
7.2
7.3
7.4
7.5
7.6
8
Order View ............................................................................................................................... 24
Credit Memo ............................................................................................................................. 31
Testing and Maintenance .............................................................................................................. 32
6.1
6.2
6.3
6.4
7
Payment Action Types ............................................................................................................. 18
Configure Iframe ...................................................................................................................... 22
Additional request types ........................................................................................................... 23
Managing Orders ............................................................................................................................ 24
5.1
5.2
6
Install the extension ................................................................................................................... 6
Configure the extension ............................................................................................................. 9
Make a test payment ................................................................................................................ 15
Advanced Configuration ............................................................................................................... 18
4.1
4.2
4.3
5
Overview of making a payment .................................................................................................. 4
First-Time Configuration ................................................................................................................. 5
3.1
3.2
3.3
4
Features ..................................................................................................................................... 3
Requirements ............................................................................................................................. 3
About Magento Extensions ........................................................................................................ 3
Create Web Services Username.............................................................................................. 35
Multishipping purchasing .......................................................................................................... 35
Failed payment attempt............................................................................................................ 36
PayPal support ......................................................................................................................... 36
Transaction reporting ............................................................................................................... 36
STAPI Configuration (advanced) ............................................................................................. 37
Further Information and Support ................................................................................................. 38
8.1
8.2
8.3
Secure Trading Support ........................................................................................................... 38
Secure Trading Sales ............................................................................................................... 38
Useful Documents .................................................................................................................... 38
© Secure Trading Limited 2014
31 October 2014
Page 2 / 38
Magento Extension User Guide: Web Services
1
Introduction
The Secure Trading extension written for Magento Community Edition allows you to seamlessly
integrate with Secure Trading to process payments on your online store. This document outlines
the installation, configuration, testing and interaction of the extension between Secure Trading
and Magento.
1.1
Features
The SecureTrading Magento extension supports the following features:
Magento’s one-step checkout process
Magento’s multishipping checkout process
Multi-store
Multi-currency
Customisable iframe configuration (3-D Secure only for API transactions)
3-D secure-enabled payments
Secure Trading’s Protect Plus fraud services
Secure Trading’s Account Check feature (for Payment Pages only)
Payments initiated from the Magento admin area (Mail Order / Telephone Order)
Extensive transaction reporting tools
Managing Secure Trading transaction from within the Magento admin interface
Fully supports UTF-8 character set
1.2
Requirements
You will need to consider the following steps before processing payments through Secure
Trading using our Magento extension.
1.2.1
Magento installation and PHP version
You will need to have a web server running a Magento store installation, in order to install the
Secure Trading extension. The extension has been designed and tested for use with Magento
1.7, 1.8 and 1.9 Community Edition. This version of the extension supports PHP 5.3.10 - 5.5.15.
1.2.2
Secure Trading account
In order to process transactions through Secure Trading’s servers, you will need to have an
account with us and a site reference. You are provided with a Secure Trading site reference
when you sign up and this is used to uniquely identify your account when you send any data to
Secure Trading. It should also be quoted with any correspondence with Secure Trading.
Please note that to process Mail Order/Telephone Order requests through STPP,
you must have a MOTO merchant number and you must ask Support (see section
8.1) to allow “MOTO” to be processed on your site reference.
For more information on becoming a Secure Trading merchant, please contact our Sales team
(see section 8.2). If you believe you already have a Secure Trading account, but do not know
your site reference, please contact our support team (see section 8.1).
1.3
About Magento Extensions
A Magento extension is a collection of files that are packaged together in order to alter or
extend the behaviour of Magento. Extensions do not affect core Magento code and instead
interact with Magento in several non-disruptive ways:
1. Additional files included in the extension folder will be executed within the Magento
workflow.
2. Magento event observers will listen for certain conditions and execute additional predefined operations.
© Secure Trading Limited 2014
31 October 2014
Page 3 / 38
Magento Extension User Guide: Web Services
2
Process Overview
This section of the document explains how payments are processed using the Secure Trading
extension for your Magento store.
2.1
Overview of making a payment
CUSTOMER
MAGENTO
SECURE TRADING
Step 1) The Customer
opts to make a payment
on Merchant’s Magento
store using the Secure
Trading extension.
Step 2) Customer enters
payment, billing and
delivery information and
confirms the order.
Step 3) The Magento
store generates a
request to Secure
Trading.
Step 4) Secure Trading
submits the customer’s
payment details to the
Acquiring Bank over a
secure connection.
Step 5) Secure Trading
interprets response from
the Acquiring Bank and
submits a response to
the Magento store to
confirm the result of the
transaction.
Step 6) The Magento
store displays a success
message to the
customer.
CUSTOMER
2.1.1
MAGENTO
SECURE TRADING
Capture (Settlement)
Funds that have been authorised by your acquiring bank will generally be transferred into your
bank account within 24 hours. Secure Trading calls this process of settling funds into your
account the settlement process. Magento calls this process capturing the funds.
© Secure Trading Limited 2014
31 October 2014
Page 4 / 38
Magento Extension User Guide: Web Services
3
First-Time Configuration
Follow these three easy steps to start making payments with the extension:
STEP
1
Install the extension on your Magento store.
See section 3.1 for more information.
STEP
2
Configure the extension on your Magento store.
See section 3.2 for more information.

STEP
3
Make a test payment using the test details provided.
See section 3.3 for more information.
© Secure Trading Limited 2014
31 October 2014
Page 5 / 38
Magento Extension User Guide: Web Services
3.1
Install the extension
STEP
1
Install the extension on your Magento store.
1. Access Magento Connect to retrieve the Secure Trading payment extension from the
following URL : http://www.magentocommerce.com/magento-connect/securetrading.html
2. Sign in and click the “Install Now” button.
3. Tick the "I agree to the extension license agreement" note and click the "Get Extension
Key" button.
4. Click the "Select Key" button and copy the contents.
© Secure Trading Limited 2014
31 October 2014
Page 6 / 38
Magento Extension User Guide: Web Services
5. Sign in to your Magento admin panel, hover over “System” and then hover over “Magento
Connect” from the drop-down menu. From here, select “Magento Connect Manager”.
When prompted, enter your admin credentials to proceed to the Magento Connect
Manager.
6. Once signed in to the Magento Connect Manager, you will need to locate the section titled
“Install new Extensions” and paste the copied extension key into the text box (as seen
below).
7. Click “Install”. The installation of the extension will begin.
8. You will be shown a list of current extensions (under “Manage Existing Extensions”).
From here, you can “Cancel Installation” or “Proceed”. Click “Proceed” to install the
extension.
© Secure Trading Limited 2014
31 October 2014
Page 7 / 38
Magento Extension User Guide: Web Services
9. Once the installation has been completed, click “Refresh” under the console.
10. Please ensure the section titled “Manage Existing Extensions” has the two extensions
listed with “Package name(s)” of “Securetrading_Stpp” and “Securetrading_Multishipping”.
The extension is now installed and ready to configure.
© Secure Trading Limited 2014
31 October 2014
Page 8 / 38
Magento Extension User Guide: Web Services
3.2
Configure the extension
STEP
2
Configure the extension on your Magento store.
1. Sign in to the Magento administration area.
2. Hover over “System” from the options at the top of the page, and then click
“Configuration” from the drop-down menu.
3. On the page that loads, select “Payment Methods” on the left side menu.
© Secure Trading Limited 2014
31 October 2014
Page 9 / 38
Magento Extension User Guide: Web Services
In the “SecureTrading STPP” box, click the “Configure” button for “Secure Trading API”. This
expands to show four options:
“Basic Configuration”
“Gateway Configuration”
“Connection Configuration”
“Transaction Search Configuration”
If you cannot view Secure Trading settings in this view, please refer to section 6.2
Troubleshooting.
© Secure Trading Limited 2014
31 October 2014
Page 10 / 38
Magento Extension User Guide: Web Services
3.2.1
Basic Configuration
Click “Configure” next to “Basic Configuration” (under “Secure Trading API”). This expands to
show settings you can configure.
Ensure the “Enabled” field is set to “Yes”. You may also wish to give the payment module a
distinctive name while testing so it will stand out on the checkout page. The name and
description are both displayed in your Magento store when the customer is selecting a payment
method. These can be changed before switching to your live Secure Trading site. When you
have finished, click “Close” to collapse the list of settings.
© Secure Trading Limited 2014
31 October 2014
Page 11 / 38
Magento Extension User Guide: Web Services
3.2.2
Gateway Configuration
Click “Configure” next to “Gateway Configuration” (under “Secure Trading API”). This expands
to show settings you can configure.
3.2.2.1 Site Reference
You must enter your unique Secure Trading site reference in the “Site Reference” field.
When setting up the Magento extension for the first time, Secure Trading strongly recommends
using your test site reference (e.g. “test_site12345”). This allows you to test payments to Secure
Trading’s test bank (see section 3.3), to ensure your implementation works as expected.
When you are ready to go live, you change this to be your live site reference (e.g. “site24680”).
3.2.2.2 Payment Methods
Please select the payment methods supported by your Secure Trading account.
© Secure Trading Limited 2014
31 October 2014
Page 12 / 38
Magento Extension User Guide: Web Services
3.2.3
Connection Configuration
Your Web Services credentials are used to both process transactions for customers using your
Magento store and also to update existing transactions with changes made in the admin
interface. You will need to enter these details into the “Connection Configuration”.
Click “Configure” next to “Connection Configuration” (under “Secure Trading API”).
This expands to show a drop-down box labeled “Connection” and configuration settings for
STAPI and Web Services. From the drop-down box, select “Stpp Web Services”:
The Secure Trading extension is recommended to be used with Secure Trading
Web Services; it also supports the use of our STAPI client.

Please refer to section 7.6 for information on how to configure STAPI.
All Secure Trading documents can be found on our website.
Then, click “Configure” next to “Web Services Connections” (under “Connection
Configuration”).
This expands to show additional Web Services settings you can configure. Please fill in all fields
shown (alias and username must be the same).
If you do not already have a Web Services username and password, you can
create Web Services credentials for your site(s) by following the steps outlined in
section 7.1.
© Secure Trading Limited 2014
31 October 2014
Page 13 / 38
Magento Extension User Guide: Web Services
3.2.4
Transaction Search Configuration
The Secure Trading extension makes use of ‘crons’ to schedule background maintenance tasks
on your Magento store. This is required for:
Cancelling orders older than 24 hours that are still in the “Payment Pages” or “3D
Secure” status. These orders are most-likely abandoned and cancelling them releases
the stock reserved, allowing purchase by new customers. This runs every hour, on the
hour (at *:00).
Performing daily checks (at midnight GMT) for orders older than 7 days:
o Cancels orders that haven’t been captured.
o Closes open ‘Transactions’ (see the “Sales” > “Transactions” page in the
admin area).
3.2.4.1 Set-up a Transaction Search User
You will need to contact the Secure Trading Support team (see section 8.1) and ask to have a
new user account created for CSV downloading.
3.2.4.2 Configure the Magento Module
Click “Configure” next to “Transaction Search Configuration” (under “Secure Trading API”).
This expands to show additional Web Services settings you can configure to allow CSV files to
be downloaded from MyST into your Magento store. Please fill in all fields shown:
3.2.4.3 Configure the Cron
You must configure a cron job (e.g. by using Linux crontab or Windows Scheduled Tasks) that
performs an HTTP GET request to <root_magento_dir>/cron.php at regular intervals (Magento
recommends every 15 minutes).
Every time the cron.php file is accessed, Magento will check any tasks that need to be run, and
schedule any future tasks.
This is discussed in detail here:
http://www.magentocommerce.com/wiki/1__installation_and_configuration/how_to_setup_a_cron_job.
3.2.5
Save your settings
Always be sure to click “Save Config” when you have finished changing configuration in
order to save your preferences.
© Secure Trading Limited 2014
31 October 2014
Page 14 / 38
Magento Extension User Guide: Web Services
3.3
Make a test payment
STEP
3
Make a test payment by following the steps outlined in this section.
You must only perform the following tests when connecting to your Secure
Trading test site (must start with “test_”). Configuring your site reference is
outlined as part of step 1.
1. Add an item(s) to your cart and proceed to checkout.
2. Register/sign in as appropriate and fill out billing and shipping information.
3. If the extension has been configured correctly, it will appear as a payment option in your
store (name and description dependent on your configuration settings, see section
3.2.1). Select this option (if not already selected), and fields will be shown for entering
payment details.
© Secure Trading Limited 2014
31 October 2014
Page 15 / 38
Magento Extension User Guide: Web Services
4. Enter payment details into the fields shown and click “Next”.
The following are fake PANs you can use for testing your implementation:
Payment type
Authorisation
Decline
Security code
American Express
340000000000611
340000000000512
1234
Diners
3000000000000111
3000000000000012
123
Discover
6011000000000301
6011000000000202
123
JCB
3528000000000411
3528000000000312
123
Maestro
5000000000000611
5000000000000512
123
MasterCard
5100000000000511
5100000000000412
123
MasterCard Debit
5124990000000101
5124990000000002
123
V PAY
4370000000000061
4370000000000012
123
Visa
4111110000000211
4111110000000112
123
Visa Debit
4310720000000091
4310720000000042
123
Visa Electron
4245190000000311
4245190000000212
123
Visa Purchasing
4484000000000411
4484000000000312
123
5. Confirm your order by clicking “Place Order”.
© Secure Trading Limited 2014
31 October 2014
Page 16 / 38
Magento Extension User Guide: Web Services
6. Providing the test card details you entered were for an authorised response, you will be
shown a success message. If you entered declining test card details, an error message
will be shown, and you’ll be allowed to try different payment details.
© Secure Trading Limited 2014
31 October 2014
Page 17 / 38
Magento Extension User Guide: Web Services
4
4.1
Advanced Configuration
Payment Action Types
Secure Trading supports two payment action settings:
1. “Authorize and Capture” – Secure Trading sends a request for payment authorisation,
and the funds will be captured in a subsequent settlement run (normally within 24 hours).
See sections 4.1.1 and 4.1.2.
2. “Authorize only” – Secure Trading sends a request for payment authorisation, but the
funds will not be captured without further action from the merchant. See sections 4.1.3 and
4.1.4.
© Secure Trading Limited 2014
31 October 2014
Page 18 / 38
Magento Extension User Guide: Web Services
4.1.1
Diagram of Order Status Flow (using “Authorize & Capture” Payment Action)
The following is a diagrammatic overview of the order status flow in Magento when the
customer places an order in your store when payment action is set to “Authorize & Capture”
(described in more detail in section 4.1.2):
Step 1) Customer enters their
payment details in the Magento
store.
Step 2) The installed Magento
extension submits a request to
Secure Trading.
Step 3) Secure Trading submits a
request to the Acquiring Bank and
interprets the response returned.
IF ERROR
Customer can amend
payment details and
start again.
IF AUTHORISED
Step 4) Magento automatically
generates an invoice.
IF SUSPICIOUS
E.g. if card security code
provided by Customer returns
“Not Matched” response.
IF NOT SUSPICIOUS
Order status: “Payment Review”
Order status: “Processing”
p

IF MERCHANT
APPROVES
Invoice is in “Pending” status.
Invoice is in “Paid” status
and is sent to the Customer.
IF MERCHANT DENIES
IF MERCHANT SHIPS

Order status: “Canceled”
Order status: “Completed”
Payment cancelled by the
Merchant. Invoice is in
“Canceled” status.
Product is delivered to
Customer.

More information can be found over the page.
© Secure Trading Limited 2014
31 October 2014
Page 19 / 38
Magento Extension User Guide: Web Services
4.1.2
Description of Order Status Flow (using “Authorize and Capture” Payment Action)
After the checkout process (one-page or multishipping) hosted by your Magento store, the
customer confirms they are ready to make a payment by clicking “Place Order”. At this point,
the Secure Trading extension sends a request to Secure Trading, which then in turn sends an
authorisation request to the acquiring bank. The acquiring bank will contact the card issuer,
which will either authorise the payment or decline. If the card issuer declines the payment, the
customer will be given the opportunity to amend their details and try again if they wish to do so.
If the payment has been authorised and the order is:
Not suspicious, an invoice is automatically generated by your Magento store and the
order status is set to “Processing”. Unless you manually update or cancel the
transaction, the funds will be captured (settled) in Secure Trading’s next settlement run.
Suspicious, (e.g. if the security code entered is incorrect) the order status in Magento is
set to “Payment Review” and the generated invoice will be in a ‘pending’ status.
You can review a “Payment Review” transaction on the Order View page (see section 5.1) and
opt to cancel it using the Magento interface. Clicking the “Deny Payment” button updates the
order status to “Canceled”, preventing the funds from being captured.
Alternatively, you can approve the payment by clicking on the “Accept Payment” button on the
Order View page (see section 5.1) and allow the funds to be captured. The invoice is updated to
‘Paid’ status and the order status is updated to “Processing”.
To dispatch your product, you must manually confirm this in the Magento interface. This is
achieved by clicking “Ship” on the Order View page for the order in question (providing the
invoice has been paid). When you have done so, the order status in Magento is updated to
“Completed”.
© Secure Trading Limited 2014
31 October 2014
Page 20 / 38
Magento Extension User Guide: Web Services
4.1.3
Diagram of Order Status Flow (using “Authorize Only” Payment Action)
The following is a diagrammatic overview of the order status flow in Magento when the
customer places an order in your store (described in more detail in section 4.1.4):
Diagrammatic Overview
Step 1) Customer enters their
payment details in the Magento
store.
Step 2) The installed Magento
extension submits a request to
Secure Trading.
Step 3) Secure Trading submits a
request to the Acquiring Bank and
interprets the response returned.
IF ERROR
Customer can amend
payment details and
start again.
IF AUTHORISED
Order status: “Processing”
p
Payment authorised by the Acquiring
Bank and awaits action from
Merchant.
IF MERCHANT GENERATES INVOICE


Order status: “Processing”
Merchant opts to generate
invoice for the Customer.
IF MERCHANT SHIPS
Order status: “Completed”
Product is delivered to
Customer.
More information can be found over the page.
© Secure Trading Limited 2014
31 October 2014
Page 21 / 38
Magento Extension User Guide: Web Services
4.1.4
Description of Order Status Flow (using “Authorize Only” Payment Action)
After the checkout process (one-page or multishipping) hosted by your Magento store, the
customer confirms they are ready to make a payment by clicking “Place Order”. At this point,
the Secure Trading extension sends a request to Secure Trading, which then in turn sends an
authorisation request to the acquiring bank. The acquiring bank will contact the card issuer,
which will either authorise the payment or decline. If the card issuer declines the payment, the
customer will be given the opportunity to amend their details and try again if they wish to do so.
If the payment has been authorised, the order status in Magento is set to “Processing”.
You must manually “Invoice” or “Cancel” each payment using the Magento interface:
To deny a payment and prevent it from being captured (settled), click “Cancel” on the
Order View page for the order in question This will leave the transaction in a suspended
state within Secure Trading that will not be scheduled for capture (settlement).
To proceed with the order, generate an invoice within the Magento interface. This is
achieved by clicking “Invoice” on the Order View page. This allows the funds to be
captured in Secure Trading’s next settlement run by updating the transaction on Secure
Trading to be scheduled for capture (settlement).
To dispatch your product, you must manually confirm this within the Magento interface. This is
achieved by clicking “Ship” on the Order View page for the order in question. Once the item(s)
have been shipped, the order status in Magento is updated to “Completed”.
Please note when using Protect Plus, if the checks return a “CHALLENGE” or
“DENY” response, the order will enter “Payment Review”. Please see section
5.1.4 for information on actions that can be performed on orders in status
“Payment Review”.
4.2
Configure Iframe
By default, the extension uses iframes to redirect your customer to the card issuer’s Access
Control Server (ACS) as part of 3-D Secure. Iframes are used to display the ACS URL within
your Magento store. This is used to create a seamless user experience.
If you wish to disable iframes:
Navigate to the SecureTrading API > Basic Configuration settings within the
extension settings and set “Use iframes” to “No”.
Please be sure to click “Save Config” to save any changes made.
© Secure Trading Limited 2014
31 October 2014
Page 22 / 38
Magento Extension User Guide: Web Services
4.3
Additional request types
Secure Trading allows you to perform additional requests when processing transactions to help
reduce fraud and chargebacks:
4.3.1
Risk Decision (Protect Plus)
The purpose of Risk Decision requests is to minimise fraud by analysing customer details and
highlighting possible fraudulent activity by using Secure Trading’s Protect Plus system. This is
to assist you in making a decision of whether or not to process a customer’s transaction, based
on the perceived level of risk.
This is achieved by checking the industry’s largest negative database and also searching for
suspicious patterns in user activity. The system uses neural-based fraud assessments that can
be configured specifically for your account and is constantly updating the fraud checks used to
combat new risks.
Based on the decision returned by the Protect Plus system a customer that is deemed as
suspicious can be prevented from processing a payment.
4.3.2
3-D Secure
3-D Secure is a protocol designed to reduce fraud and Chargebacks during e-commerce
Internet transactions. Cardholders are asked to identify themselves at the point of sale before
the purchase can be completed. This usually means entering a PIN or other password after
entering their credit card details.
In the event of a dispute with the transaction at a later date, the card issuer will usually take
responsibility of the Chargeback instead of the merchant. The liability issues involved with 3-D
Secure transactions are out of the scope of this document. For a detailed indication of the
liabilities involved, contact your bank.
Please note that only certain payment types support 3-D Secure.
4.3.3
Configuration
To enable the aforementioned additional requests on your Secure Trading account:
Enable the requests on your Secure Trading account by contacting Secure Trading
support (see section 8.1).
Enable the requests in your Magento configuration settings by navigating to
Secure Trading API > Gateway Configuration and switching the “Use 3D Secure”
and/or “Use Risk Decision” options to “Yes”.
© Secure Trading Limited 2014
31 October 2014
Page 23 / 38
Magento Extension User Guide: Web Services
5
Managing Orders
The Secure Trading extension provides full integration with your Magento store. You are able to
manage your orders using the Magento admin interface and any actions taken will instruct
Secure Trading to update transaction(s), as required.
Please note that Secure Trading strongly recommends using the Magento admin
interface when managing orders processed by your store.
The purpose of this section of the document is to outline the expected behaviour of Secure
Trading’s extension for Magento when performing default Magento actions on orders processed
by your store. These actions are core Magento functions. For up-to-date information on
Magento features, please refer to Magento’s website.
5.1
Order View
On the Magento Order View page, Secure Trading populates additional fields containing
relevant information about the processed payment.
© Secure Trading Limited 2014
31 October 2014
Page 24 / 38
Magento Extension User Guide: Web Services
5.1.1
Multishipping Tab
By clicking the “Related Multishipping Orders” from the left side menu (when a customer used
multishipping), you will be able to see all other orders that are in the same multishipping
transaction.
5.1.2
Payment Information
Secure Trading will populate the following fields in the “Payment Information” box:
Field
“Account Type
Description”
“Transaction
Reference”
“Security Response
Address”
“Security Response
Postcode”
“Security Response
Security Code”
“Fraud Control
Shield Status Code”
“Payment Type”
“Last 4 Card Digits”
“3D Enrolled”
“3D Status”
“Order was placed
using”
© Secure Trading Limited 2014
Comment
“ECOM” – E-commerce transaction performed by the
customer.
“MOTO” – Mail Order Telephone Order performed in the
Magento admin interface.
Unique reference assigned by Secure Trading to reference the
payment.
The result of the Address Verification System (AVS) and security
code checks on the house number, postcode and card security
code provided by the customer (see the AVS & CVV2 document):
“Matched” - Billing details matches those on record.
“Not Matched” - Billing details don’t match those on record.
“Not Checked” - Billing details not checked.
“Not Given” - Billing details missing.
Results from the Protect Plus checks performed on the customer’s
details:
(If configured. See section 4.3.1 for further information)
“ACCEPT” – The details are not deemed suspicious.
“CHALLENGE” – Further investigation is recommended.
“DENY” – The details are suspicious and a transaction
should not be performed.
The payment method used by the customer. e.g. “VISA”
The last four digits of the card used by the customer. e.g. “1111”
(If configured. See section 4.3.2 for further information)
“Y” – Card is enrolled in 3-D Secure.
“N” – Card is not enrolled in 3-D Secure.
“U” – Unable to determine if card is enrolled in 3-D Secure.
(If configured. See section 4.3.2 for further information)
“Y” – Customer authenticated by the card issuer.
“A” – An authentication attempt occurred but could not be
completed.
“U” – Unable to perform authentication.
“N” – Customer not authenticated.
The currency the customer used to process the payment.
e.g. “GBP”
31 October 2014
Page 25 / 38
Magento Extension User Guide: Web Services
Clicking the “View in MyST” hyperlink will open MyST in a new tab/window. After signing in to
MyST, you will be displayed the corresponding single transaction view page for the transaction
reference associated with the order shown on the Order View page.

For more info on viewing transaction information using MyST, please refer to the
MyST User Guide
All Secure Trading documents can be found on our website.
5.1.3
Orders Not Invoiced (Authorize Only)
This section only applies to merchants using “Authorize Only” payment action status.
(See section 4.1.3)
Please note that if you wish to process the order you must issue the invoice
within 7 days of the payment being authorised. After this time period, Secure
Trading will automatically cancel the transaction as the authorisation code will
have expired.
© Secure Trading Limited 2014
31 October 2014
Page 26 / 38
Magento Extension User Guide: Web Services
Orders that are yet to be invoiced (default behavior when Payment Action is set to “Authorize
Only” for a successfully processed transaction) will have the following actions that can be
performed:
Action button
“Edit”
“Cancel”
“Send Email”
“Hold”
“Unhold”
“Invoice”
“Credit Memo”
“Ship”
“Reorder”
Comment
Click “Edit” to change details of an order.
For non-invoiced orders, this procedure cancels the order and creates a
new offline (MOTO) order with the modified details you provide. Secure
Trading sends a new request to the card issuer for authorisation with the
payment details you provide.
Click “Cancel” to cancel an order.
This marks the order as “Canceled” in the Magento interface. Cancelled
orders cannot be resumed using the Magento interface; in such a
scenario, you will need to process a new order.
Note 1: Any partial captures that are registered within Magento for an
order before it is manually cancelled will still proceed for settlement.
Once cancelled no further funds can be accepted from the order.
Note 2: It is still possible for credit memo’s to be performed on any
existing invoices generated for an order that is in a ‘Canceled’ state.
Click “Send Email” to send an email to the customer.
By default, the email is sent to the customer’s user account email address.
When on the order details page, this will send an order confirmation
email if one was not sent initially.
When on the invoice details page, this will send an invoice confirmation.
When on the credit memo page, this will send a credit memo
confirmation.
When clicked on the shipping page, this will send a shipping
confirmation.
Click “Hold” to put an order on hold.
This prevents subsequent actions such as shipping the product or
refunding the order without explicitly “unholding” the order first. Putting an
order on hold will not prevent funds from being captured by the acquiring
bank, if this has been previously authorised.
Click “Unhold” to take an order off hold status.
This allows you to perform other actions on the order, such as
modification or cancellation, generating an invoice or shipping the product.
Click “Invoice” to generate an invoice for the order and proceed with
the payment.
Performing this action will allow funds to be captured by the acquiring
bank (usually occurs within 24 hours). Once an invoice has been
generated for an order, it is not possible to cancel it. Instead, you will need
process a “Credit Memo” (refund).
For information on “Credit Memo” please see section 5.2.
Click “Ship” to dispatch the product to the customer.
This is unrelated to the state of the payment and can be performed at any
time after an order has been generated. We strongly recommend waiting
for funds to be captured by your acquiring bank before shipping.
Click “Reorder” to create a new order using details of the order
being viewed.
You will be presented with a form pre-filled with details of the order,
allowing you to process an additional order with the same or different
details depending on your requirements.
© Secure Trading Limited 2014
31 October 2014
Page 27 / 38
Magento Extension User Guide: Web Services
5.1.4
“Payment Review” Orders
When an order is in “Payment Review” status, this is because a transaction has met certain predefined criteria that have led Secure Trading to suspend payment until you have manually
reviewed the transaction. By default, this occurs for Authorize and Capture orders when the
customer has entered an invalid CVV2 (security code on the customer’s card) or any time a
Protect Plus (if enabled) returns a “CHALLENGE” or “DENY” response.
Please note that if you wish to process the order you must issue the invoice
within 7 days of the payment being authorised. After this time period, Secure
Trading will automatically cancel the transaction as the authorisation code will
have expired.
© Secure Trading Limited 2014
31 October 2014
Page 28 / 38
Magento Extension User Guide: Web Services
Action button
“Send Email”
Comment
Click “Send Email” to send an email to the customer.
By default, the email is sent to the customer’s user account email address.
When on the order details page, this will send an order confirmation email
if one was not sent initially.
When on the invoice details page, this will send an invoice confirmation.
When on the credit memo page, this will send a credit memo confirmation.
When clicked on the shipping page, this will send a shipping confirmation.
This will instruct Secure Trading to accept the payment.
“Accept
Payment”
If already invoiced (Authorize and Capture): Selecting this option will
allow the funds to be captured by the acquiring bank and will set the order
status to “Processing”.
“Deny
Payment”
If not invoiced (Authorize Only): Selecting this option will allow you to
invoice the order and will set the order status to “Processing”.
This will instruct Secure Trading to prevent the funds from being captured
by the acquiring bank. This will set the order status to “Canceled”.
5.1.5
Invoiced Orders
© Secure Trading Limited 2014
31 October 2014
Page 29 / 38
Magento Extension User Guide: Web Services
All orders that have been invoiced will have the following actions that can be performed:
Action button
“Edit”
“Send Email”
“Credit Memo”
“Hold”
“Unhold”
“Ship”
“Reorder”
Comment
Click “Edit” to change details of an order.
For invoiced orders, this procedure creates a new order with the modified
details you provide. Secure Trading sends a new request to the card
issuer for authorisation with the payment details you provide.
Note: The original order and transaction will still be processed unless you
opt to override the order.
Click “Send Email” to send an email to the customer.
By default, the email is sent to the customer’s user account email address.
When on the order details page, this will send an order confirmation
email if one was not sent initially.
When on the invoice details page, this will send an invoice confirmation.
When on the credit memo page, this will send a credit memo
confirmation.
When clicked on the shipping page, this will send a shipping
confirmation.
For information on “Credit Memo” see section 5.2.
Click “Hold” to put an order on hold.
This prevents subsequent actions such as shipping the product or
refunding the order without explicitly “unholding” the order first. Putting an
order on hold will not prevent funds from being captured by the acquiring
bank, if this has been previously authorised.
Click “Unhold” to take an order off hold status.
This allows you to perform other actions, such as shipping the product or
refunding the order.
Click “Ship” to dispatch the product to the customer.
This is unrelated to the state of the payment and can be performed at any
time after an order has been generated. We strongly recommend waiting
for funds to be captured by your acquiring bank before shipping.
Click “Reorder” to create a new order using details of the order
being viewed.
You will be presented with a form pre-filled with details of the order,
allowing you to process an additional order with the same or different
details depending on your requirements.
© Secure Trading Limited 2014
31 October 2014
Page 30 / 38
Magento Extension User Guide: Web Services
5.2
Credit Memo
There are two types of Credit Memos that can be issued for an order:
1. Offline Credit Memos
2. Online Credit Memos
5.2.1
Offline Credit Memos
Offline credit memos will not update the transaction on the Secure Trading system and will only
generate the credit memo within Magento. Offline credit memos are issued when a refund is
performed when clicking the “Refund Offline” button.
Clicking “Credit Memo” from the Order View page will lead to issuing an offline credit memo.
5.2.2
Online Credit Memos
Online credit memos will update the transaction on the Secure Trading system and will also
generate a credit memo within Magento.
To generate an online credit memo, please follow the following steps:
Step 1 - From within the Magento Administration portal select from the menu:
Sales > Orders
Step 2 - Choose an Order (by clicking on the order).
Step 3 - Select Invoice from the left side menu on the Order View page.
Step 4 - Choose an Invoice (by clicking on an invoice).
Step 5 - click the “Credit Memo” button.
Step 6 - click the “Refund” button.
Alternatively you could access the invoice, by navigating to Sales > Invoice and continuing from
Step 4 mentioned above.
Note: Clicking the “Refund Offline” button when issuing a credit memo will generate an offline
credit memo which will NOT update the transaction on Secure Trading's systems.
5.2.3
Credit Memo behavior
The following behaviour is observed when issuing a credit memo for the following conditions:
Condition 1: For full refunds where funds have not been captured
Secure Trading will cancel the order and the authorised funds will be released back to the
customer’s account.
Condition 2: For full refunds where funds have been captured
Secure Trading will initiate a refund for the full amount.
Condition 3: For partial refunds where funds have not been captured
Secure Trading will reduce the amount that will be captured by the acquiring bank, as required.
The remainder of the reserved funds will be released to the customer’s bank account.
Condition 4: For partial refunds where funds have been captured
Secure Trading will initiate a partial refund for the specified amount.
© Secure Trading Limited 2014
31 October 2014
Page 31 / 38
Magento Extension User Guide: Web Services
6
Testing and Maintenance
Magento is written in PHP and runs on an HTTP webserver. Secure Trading’s typical testing
environment is a LAMP (Ubuntu OS) or WAMP (Windows OS) stack. Due to the enormous
variety of possible environments that may run this module, (each webserver has its own
peculiarities and has its own set of PHP version distributions) we recommend that each
installation or upgrade is thoroughly tested on a staging system before being deployed to
production.
Once the module is deployed to the stage system, we recommend running test cases with a
similar workload as is expected on the production system. As with all test systems, we
recommend that you replicate the production system in terms of hardware and software setups
to eliminate any possible anomalies. After the module is deployed to a production system, we
recommend that all available log files are monitored and if any unexpected behaviour is
detected, appropriate personnel should be alerted immediately.
All production system changes should adhere to a strict change-control process to
reduce the likelihood of release issues.
6.1
Compatibility
Secure Trading has tested the Magento extension with a default installation of Magento. We
cannot guarantee the behaviour if any core code has been modified or if any additional modules
have been enabled.
Any functionality not described within this document is not guaranteed to exhibit the expected
behaviour. If you have any queries on Magento features not covered in this document and
whether the SecureTrading extension supports them, please contact Secure Trading Support
(section 8.1).
6.2
Troubleshooting
Symptom(s)
Suggested solution(s)
Ensure you have installed the extension correctly, by
following the instructions outlined in section 3.1.
Payment module not displaying
within
“System” > “Configuration” >
“Payment Methods”
If this does not resolve the problem, please change the
file permissions / CHMOD settings of the extension
(temporarily) to 777. This will give it full access to READ,
WRITE and EXECUTE.
Ensure the file permissions are set
securely before going live (at least
“755”).
Cannot see the checkout when
you have enabled API checkout.
© Secure Trading Limited 2014
Please ensure you have selected at least one payment
type from “Gateway Configuration” in the configuration
settings (“System” > “Configuration” > “Payment
Methods”).
31 October 2014
Page 32 / 38
Magento Extension User Guide: Web Services
6.3
Updating the Extension
As part of maintaining and improving the Magento extension, Secure Trading will release
updates, periodically. As such, Secure Trading recommends regularly checking the Magento
Connect Manager for new versions of the extension.
All new versions of the extension will also be available on the Magento Connect website, at the
following URL:
http://www.magentocommerce.com/magento-connect/securetrading.html
Click “Follow this extension” to receive notifications when the extension is updated.
Secure Trading recommends against uninstalling the old version of the
extension and installing the new version in its place.
6.3.1
Back-Up Your System
Before updating the extension, please make a full back-up of the existing extension files
installed on your system, including your database. Magento provides tools to assist you:
Go to “System” > “Tools” > “Backups”.
Back-up files are compressed using the .gz format and are stored in the var/backups
directory in your Magento file system.
6.3.2
Test Update on your Staging System
Secure Trading recommends first installing the extension update on your staging system, before
deploying the new version of the extension on your live system.
Please perform the following on your staging system, using your test site reference:
Process a number of transactions on your staging system using the existing
configuration.
Upgrade to the new extension.
Update transactions that you processed before the extension was upgraded (to ensure
correct behaviour).
Process a number of new transactions on your staging system, using the upgraded
extension.
Update the new transactions (to ensure correct behaviour).
© Secure Trading Limited 2014
31 October 2014
Page 33 / 38
Magento Extension User Guide: Web Services
6.4
Log files
It is good practice to monitor your logs regularly.
To enable logging, ensure that this is enabled within Magento in the following location:
“System” > “Configuration” > “Developer” > “Log Settings”
Two SecureTrading log files will be created:
<Magento Directory>/var/log/securetrading.log
<Magento Directory>/var/log/securetrading_api.log
Logs all interactions between the
Magento extension and STPP (Secure
Trading Payment Platform).
Logs all errors processed through the
Secure Trading API, except for error
codes 0 (success), 30000 (invalid field)
and 70000 (declined).
In addition, exceptions will be recorded in the following:
<Magento Directory>/var/reports/*
or
<Magento Directory>/var/log/exception.log
as per normal Magento behaviour.
© Secure Trading Limited 2014
31 October 2014
Page 34 / 38
Magento Extension User Guide: Web Services
7
7.1
Additional Notes
Create Web Services Username
In order to use Web Services on your Secure Trading account, a user account with the role of
“Webservices” must be assigned to your site(s) using MyST.
To create a new user account you must have an account with the role “Site Admin”. Sign in to
MyST and click “Add new username” from the left side menu. Enter a unique and memorable
username and password for the user and ensure the role you assign the user is “Webservices”.
Then click “Save”.

For more info on managing users on your Secure Trading site, please refer to the
MyST User Guide
All Secure Trading documents can be found on our website.
After you have configured the Web Services credentials in MyST, you need to assign these to
your Magento extension. Please refer to section 3.2.3 for instructions on how to do this.
7.2
Multishipping purchasing
The Secure Trading extension supports multishipping; the ability for the customer to order a
number of products at once and have them delivered to more than one address. Please note:
An ‘order’ represents one or more products being delivered to a single address.
Therefore, multishipping consists of a single transaction used to fund multiple orders.
Please note that cancelling an invoice by clicking the “Cancel” button on an
invoice page will only affect your order in Magento (status changes to
“Processing”), and will not change the state of the payment on Secure Trading’s
systems.
To cancel a payment, you must either click “Cancel” or “Deny Payment” at the
top of the order view.
Only the delivery address of the first order is recorded in Secure Trading’s systems.
For multishipping orders in status “Payment Review”, accepting any order will ALWAYS
accept all associated orders (even if any of the invoices have previously been
cancelled), and the customer will pay the full authorisation amount.
Likewise, denying any order in a multishipping purchase will ALWAYS deny the other
associated orders, and the funds will not be captured.
If you would like to only accept part of a multi-shipping purchase, you must accept all
the orders by clicking the “Accept Payment” button in the order view and manually
refund the order you wish to cancel (by using credit memo).
© Secure Trading Limited 2014
31 October 2014
Page 35 / 38
Magento Extension User Guide: Web Services
7.3
Failed payment attempt
When a payment attempt fails at the checkout, the attempt will not be logged in the order
history (in “Sales” > “Orders”). To view details of failed payments (e.g. declines), please refer to
your logs (see section 6.4).
7.4
PayPal support
PayPal is not supported as a selectable payment type within this extension.
7.5
Transaction reporting
In addition to the transactions being reported within the core Transaction screen “Sales” >
“Transactions”, the extension adds a Secure Trading customized Transaction page called “ST
Transactions”. Hover over “Sales” in the options along the top of the page and click “ST
Transactions” to view all ST successful transactions logged within Magento. Alternatively, click
the “ST Transactions” tab on the left side menu when viewing a single order to list all directly
related transactions.
Transactions are only shown in the transaction page following successful orders.
(e.g. declined transactions are not shown).
© Secure Trading Limited 2014
31 October 2014
Page 36 / 38
Magento Extension User Guide: Web Services
7.6
STAPI Configuration (advanced)
An alternative to using Web Services with the Magento extension is by installing the STAPI
client (provided by Secure Trading) on your server.
Information on configuring the client can be found in the STAPI User Guide.
After configuring the client, you will need to navigate to the Secure Trading’s extension
configuration settings in Magento and fill in all the fields under “ST API Configuration” (further
information on the fields are displayed when you hover the cursor over the tooltips, depicted by
question marks).
Please ensure “Connection” is set to “Stpp ST API” before saving your settings.
Please note that the value required for “ST API Alias” field when configuring
STAPI (as shown below) is usually the same as your unique Secure Trading site
reference.
© Secure Trading Limited 2014
31 October 2014
Page 37 / 38
Magento Extension User Guide: Web Services
8
Further Information and Support
This section provides useful information with regards to documentation and support for your
Secure Trading solution.
8.1
Secure Trading Support
If you require any assistance, please contact Secure Trading support.
When contacting our Support department you should search the
www/app/code/local/SecureTrading/PPages/lib/ directory for a logs/log.txt file.
If this file exists then please submit it with your initial support request.
Please also send us any server access/error logs along with as much information as you can
to assist us in troubleshooting your problem.
Method
Telephone
Fax
Email
Website
8.2
Details
+44 (0) 1248 672 050
+44 (0) 1248 672 099
support@securetrading.com
http://www.securetrading.com/support/support.html
Secure Trading Sales
If you do not have an account with Secure Trading, please contact our sales team and they will
inform you of the benefits of a Secure Trading account.
Method
Telephone
Telephone (Int’l)
Fax
Email
Website
8.3
Details
0800 028 9151
+44 (0) 1248 672 070
+44 (0) 1248 672 079
sales@securetrading.com
http://www.securetrading.com
Useful Documents
Additional documentation regarding Secure Trading’s system can be found on our website
(http://www.securetrading.com/support). Alternatively, please contact our Support team as
outlined above.
© Secure Trading Limited 2014
31 October 2014
Page 38 / 38