Best Practices

In this section:

Transaction Process

The following section reviews the transaction processes and provides implementation guidelines and examples to process, format, and send transactions using XML API, processBatch.do and accountxml.do.

  • All code samples provided in this document are examples and should not be used for live transactions.

  • Only the minimum required fields, as well as recommended fields are shown in this section. Additional fields may be passed at transaction run time. Required fields are based on the merchant account configuration within Converge. For best possible transaction rates, Elavon recommends passing as much information as possible. For an extensive list of available HTML/XML value pair input fields, refer to the Supported Transaction Input Fields section.

    • Converge allows you to set up custom defined fields and define them as required or optional. You need to consider the following when using any custom defined fields:
    • Only 25 fields can be set up for any given terminal, each field can be up to 999 alphanumeric characters long, and no special characters should be used.
    • You are not allowed to pass any sensitive data, including but not limited to PAN data such as full card number, expiration date, social security numbers, track data, or CID/CVV2 data from a credit card into a custom field.
  • The integrated application should not store or print the track data, CVV2, CVC2, or CID data from the back or front of credit cards.

  • Use XML API for XML formatted request in the following transactions:

    • Credit card transactions
    • Debit card transactions
    • EBT transactions
    • Gift card transactions
    • Electronic check transactions
    • PINless debit transactions
    • Cash tender transactions
    • Card manager transactions
    • End of Day transactions
    • Account Admin transactions
    • Cash Advance transactions
  • Use processBatch.do for key value pairs formatted request in Batch Import transactions.

  • Use accountxml.do for XML formatted request in Account Admin transactions.

important

New API Parameters:

  • We will occasionally add new API parameters in Converge’s responses and Export Scripts (webhooks). We urge you to build flexibility into your integrated application so that when a new API parameter is received in the response, it is ignored by your application until you decide to take action on the new parameter.

POST vs GET

HTTP Requests include two types: POST and GET. HTTP POST requests supply additional data from the client (browser) to the server in the message body. In contrast, GET requests include all required data in the URL. Because the GET Method data is stored in the URL, GET Method request become susceptible to risk and fraud. Secure data can be accidentally stored and bookmarked and accessed by bad actors. Elavon recommends that all Merchants stop using the GET Method immediately.

What is POST

POST is a method that is supported by HTTP and depicts that a web server accepts the data included in the body of the message. POST is often used by World Wide Web to send user generated data to the web server or when you upload file.

Some notes on POST requests:

  • They are never cached.
  • They do not remain in the browser history.
  • They cannot be bookmarked.
  • They have no restrictions on data length.

An example of POST method :

  <?php
  $curl = curl init();
  curl setopt array($curl, array(
  CURLOPT_URL => 'https: //api.demo.convergepay.com/VirtualMerchantDemo/processxml.do',
  CURLOPT RETURNTRANSFER => true,
  CURLOPT ENCODING => '',
  CURLOPT MAXREDIRS => 10,
  CURLOPT TIMEOUT => 0,
  CURLOPT FOLLOWLOCATION => true,
  CURLOPT HTTP VERSION => CURL _HTTP_VERSION_1_1,
  CURLOPT CUSTOMREOUEST => 'POST',
  CURLOPT POSTFIELDS => 'xmldata=
  <txn>
    <ssl_merchant_id>my_merchant_id</ssl_merchant_id>
    <ssl_user_id>my_user_id</ssl_user_id>
    <ssl_pin>my_pin</ssl_pin>
    <ssl_transaction_type>ccsale</ssl_transaction_type>
    <ssl_card_number>cardnumber</ssl_card_number>
    <ssl_exp_date>MMYY</ssl_exp_date>
    <ssl_amount>amount</ssl_amount>
    <ssl_vendor_id>vendorid</ssl_vendor_id>
</txn>',
CURLOPT HTTPHEADER => array(
'Content-Type: application/x-www-form-urlencoded'
),
));
$response = curl exec ($curl);
curl close($curl);
echo $response;
?>

What is GET

GET method is used to append form data to the URL in name or value pair. The GET method cannot be used for passing sensitive information like usernames and passwords. GET is less secure compared to POST because data sent is part of the URL, which means it’s saved in browser history, and in server logs as plaintext.

For additional information or questions, please contact Elavon Software Technical Support.