Developer's Guide

Table Of Contents

Secure Token

Integrating the Secure Token Without the Hosted Checkout Pages: Transparent Redirect

28 31 July 2012 Gateway Developer Guide and Reference

NOTE: The secure token is valid for 30 minutes, and you can only use it one time. If you

attempt to use the token after the time limit has expired, your transaction will fail with

Result value 7, “Secure Token Expired.” If you attempt to reuse the token, you receive

an error.

1. Set SECURETOKENID to a unique alphanumeric value up to 36 characters in length.

SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5

2. Set CREATESECURETOKEN to the value Y to request that Payflow gateway return a token.

CREATESECURETOKEN=Y

Secure Token Example

The following is an example of a request parameter string that creates a secure token.

TRXTYPE=A&BILLTOSTREET=123 Main St.&BILLTOZIP=95131&AMT=23.45&CURRENCY=USD&

INVNUM=INV12345&PONUM=PO9876&CREATESECURETOKEN=Y&SECURETOKENID=9a9ea8208de1

413abc3d60c86cb1f4c5

The Gateway server returns SECURETOKEN and SECURETOKENID in the response. A tag

follows the SECURETOKEN to indicate the length of the token value returned.

RESULT=0&RESPMSG=Approved&SECURETOKEN[25]=Fj+1AFUWft0+I0CUFOKh5WA==&SECURET

OKENID=9a9ea8208de1413abc3d60c86cb1f4c5

Integrating the Secure Token Without the Hosted Checkout

Pages: Transparent Redirect

To use your own checkout pages while complying with PCI guidelines (sending the

customer’s sensitive data directly to the Gateway server), pass all parameters that you need to

process the transaction except for sensitive payment details such as the credit card number,

expiration date, and check number. For details on sending transactions, see “Submitting Credit

Card Transactions” on page 47.

In addition, pass the following 3 Payflow parameters in your request. The first 2 parameters