Ogone is one of the biggest payment providers in Europe. They are being used by many websites, but if you start working with them you’ll be in for a big surprise.
Their API is poor to say the least. Their support is very basic, since none of them have a technical background, which could be useful since their product is being implemented in a lot of applications.
In this post I’m going to help you implement Ogone subscriptions in your .net application. With this implementation you won’t be leaving your application once.
Besides having a Ogone (test) account, you’ll be needing the following options too:
|DirectLink (new payments)
|One Page Checkout
|Fraud Detection Module Advanced Checklist (FDMAc) – optional
||0.3 % (min €0.05) (+ €0.03 / 3DS)
|Batch – default option
|User Manager up to 2 users – default option
Configuration – Payment methods
First you’ll need to configure all the payment methods you want to use with your Ogone.
You’ll be going through some paperwork, but when that’s done the boring part is over.
Configuration – User
By default you’ll already have one user. Otherwise you wouldn’t have been able to log on at all. Now we’re going to add a new one.
Everything can be filled in like you wish, except to following:
- Profile: Admin
- Special user for API (no access to admin.): checked
This will create a user which will only have access through the API functions of Ogone. You won’t be able to login with him or anything.
Configuration – Technical information – Security
Make sure that the ‘Hashing algorithm’ is set to ‘SHA-1’ and that ‘Character encoding’ is set to ‘Use the character encoding expected with the initial transaction request (depending on the URL called)’.
Configuration – Technical information – Data and Origin
Here you have some work to do. Start by looking up the IP-address of your web-application. This has to be filled in the section ‘Checks for Ogone DirectLink and Ogone Batch (Automatic)’ at ‘IP address’. You may enter several IP addresses, separated by “;”.
Next fill in your ‘SHA-IN pass phrase’. This phrase or word will be used by Ogone and your application to correctly secure your SHA-algorithm for transactions to Ogone.
Configuration – Technical information – Transaction feedback
This section has nothing to do with creating a subscription. These settings are used when Ogone wants to send your website data about a transaction. So this part can be skipped if not needed.
Example: A user has paid his monthly subscription. Ogone posts the result to your website.
Now if you do need it. Go to ‘All transaction submission modes’. Here you’ll enter a ‘SHA-OUT pass phrase’ which will be used, just like the SHA-In phrase, to secure your communication with Ogone.
Now at ‘HTTP request for status changes’ you’ll have to enter the URL where Ogone needs to send his data to. On that URL you’ll have to listen and process the data send by Ogone.
Configuration – Advanced – Subscription – Global parameters
Here you can configure some settings that are used when a subscription is going bad. You can set how many times the authorization can be retried and what happens when that number has been reached. This can be filled in the suit your own needs.
Configuration – Advanced – Fraud detection (optional)
If you haven’t turned on the option ‘Fraud Detection Module Advanced Checklist (FDMAc)’ you can skip this part.
In this section you can configure Fraud Detection. You can set what should be done when the entered CVC or address is incorrect or block users by IP address or… There are a lot of options. You should see for yourself what better suite your needs.
This is what I did:
- When CVC is incorrect: Block
- When address is incorrect (only with AMEX): Block
I didn’t have anything else blocked.
This concludes the Ogone setup on their website. Now we’ll continue with implementing it in your .Net application.