PDA

View Full Version : HSBC XML API Integration

Toni
9th March 2008, 22:38
Can anyone please point me in the right direction on how to fix my issue with this HSBC XML API please? Basically when try to complete a transaction I get the following errors:

In I.E putting osCOmmerce debug mode on, I get:

The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.


--------------------------------------------------------------------------------

Invalid at the top level of the document. Error processing resource 'https://www.mydomain.com/catalog/hsbc_api_process...

Array
^


Using a Curl Test Script I get:

Array
(
[url] => https://www.secure-epayments.apixml.hsbc.com/
[content_type] => text/xml
[http_code] => 200
[header_size] => 106
[request_size] => 93
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.528268
[namelookup_time] => 0.317458
[connect_time] => 0.347301
[pretransfer_time] => 0.495673
[size_upload] => 0
[size_download] => 835
[speed_download] => 1580
[speed_upload] => 0
[download_content_length] => 835
[upload_content_length] => 0
[starttransfer_time] => 0.52688
[redirect_time] => 0
)

Errors: 0

HTTP/1.1 200 OK Server: CCE_XMLIC/1.0 Connection: close Content-Type: text/xml Content-Length: 835 6 16 Merchant CcxXmlInput.A CcxXmlInput 1 793 CcxXmlInstance.cpp 20:00:41Nov 6 2006 8 6 The HTTP method received is not valid. Only POST is accepted. EOF

In FireFox I get:

Array ( [0] => [1] => [2] => 1.0 [3] => [4] => OrderFormDoc [5] => [6] => USERNAME [7] => PASSWORD [8] => 364 [9] => [10] => [11] => Payment [12] => [13] => [14] => Y [15] => [16] => ..............@msn.com [17] => [18] => [19] => ewrr [20] => ..........@msn.com [21] =>
[22] => erw ewr [23] => EREWdewqDE [24] => R [25] => rewe [26] => wre [27] => reEWQE [28] => 12 [29] =>
[30] => [31] => [32] => [33] => [34] => 1 [35] => 345 [36] => 02/16 [37] => 4444333322221111 [38] => 1 [39] => [40] => [41] => [42] => [43] => Auth [44] => my domain : Online Wines, Champagnes, Sparkling, Port, Sherry, Madeira | Spirits & Liqueurs [45] => [46] => [47] => 650 [48] => [49] => [50] => [51] => [52] => [53] => ) 1.0 OrderFormDoc 47d231ff-de86-3003-002b-0003bac62f71 Payment 6 16 Merchant Director Director 3 876 CcxInput.cpp 19:43:05Nov 6 2006 7 6 Insufficient permissions to perform requested operation.
rewe 12 erw ewr reEWQE wre EREWdewqDE R
............@msn.com ewrr .........@msn.com 1 345 02/16 4444333322221111 1 Y Auth 364 USERNAME PASSWORD 1205088161073 1205088161088
ID =
MAXSEV = 6
ACTION =
CCRETURNMSG =
FRAUDRESULT =
CCERRCODE =
ORDERID =
TRANSACTIONID =
TRANSACTIONSTATUS =
AUTHCODE =

Warning: Cannot modify header information - headers already sent by (output started at ....../public_html/catalog/hsbc_api_process.php:224) in ............./public_html/catalog/includes/functions/general.php on line 33


Any suggestion would be of great help.

Thanks
alexjudd
17th April 2008, 16:40
Hi Toni

It looks like you either don't have the right permissions setup on your HSBC account or similar as the two errors you are getting

CcxInput.cpp 19:43:05Nov 6 2006 7 6 Insufficient permissions to perform requested operation.

CcxXmlInstance.cpp 20:00:41Nov 6 2006 8 6 The HTTP method received is not valid. Only POST is accepted. EOF

I'd check with HSBC that you account is enabled for direct HSBC XML API access (not the other types) and also changing the options in hsbc_api_process.php to be less strict

$disable_curl_ssl_check = true; // Set to true (no quotes)
// if you are having problems connecting to the protx servers
$use_more_accurate_order_id = true; // May not work for everyone (depending upon database permission
// Set to false to use less accurate method

If you want us to debug it for you get in touch at alex at skywire dot co dot uk and we can help out for a small fee or even a few bottles :-)
Alex
suba
31st March 2009, 06:43
you have data with special character [44] => my domain : Online Wines, Champagnes, Sparkling, Port, Sherry, Madeira | Spirits & Liqueurs.

please do not pass any special character like "&" sign in the data
tonybushell-2008
7th April 2009, 13:38
Hi all,

I have been trying to integrate with HSBC via the XML API using asp.net vb, I have the correct username, password and client id and HSBC have confirmed that the account is setup to accept orders through the api, but I keep getting the response "Insufficient permissions to perform requested operation." in my xml that comes back from HSBC.

Anyone have clue as to why this is still failing?
suba
7th April 2009, 14:02
Can you please attach the request XML here please. so that everyone can find the issue easily. I have fixed the same issue by avoiding the special characters in the request XML.
tonybushell-2008
7th April 2009, 14:12
Sorry about that, request xml as follows, obviously I have removed sensitive info.


<?xml version="1.0" encoding="UTF-8" ?>
<EngineDocList>
<DocVersion DataType="String">1.0</DocVersion>

<EngineDoc>
<ContentType DataType="String">OrderFormDoc</ContentType>

<User>
<Name DataType="String">xxx</Name>

<Password DataType="String">xxx</Password>

<ClientId DataType="S32">xxx</ClientId>

</User>


<Instructions>
<Pipeline DataType="String">Payment</Pipeline>

</Instructions>


<OrderFormDoc>
<Id DataType="String">TESTXD01</Id>

<Mode DataType="String">Y</Mode>

<Consumer>
<PaymentMech>
<Type DataType="String">CreditCard</Type>

<CreditCard>
<Number DataType="String">123456789</Number>

<Expires DataType="ExpirationDate" Locale="826">10/10</Expires>

<Cvv2Val DataType="String">123</Cvv2Val>

<Cvv2Indicator DataType="String">1</Cvv2Indicator>

</CreditCard>


</PaymentMech>


<BillTo>
<Location>
<Address>
<Name DataType="String">MR Tony Bushell</Name>

<StateProv DataType="String">Kent</StateProv>

<Street1 DataType="String" />

<Street2 DataType="String">Something Road</Street2>

<City DataType="String">Canterbury</City>

<PostalCode DataType="String">CT2 7LZ</PostalCode>

<Country DataType="String">826</Country>

</Address>


</Location>


</BillTo>


<ShipTo>
<Location>
<Address>
<Name DataType="String">MR A BUSHELL</Name>

<Street1 DataType="String" />

<Street2 DataType="String">Something Road</Street2>

<Country DataType="String">826</Country>

</Address>


</Location>


</ShipTo>


</Consumer>


<Transaction>
<Type>Auth</Type>

<CurrentTotals>
<Totals>
<Total DataType="Money" Currency="826">0</Total>

</Totals>


</CurrentTotals>


<PayerSecurityLevel DataType="S32" />

<PayerAuthenticationCode DataType="String" />

<PayerTxnId DataType="String" />

<CardholderPresentCode DataType="S32" />

</Transaction>


</OrderFormDoc>


</EngineDoc>


</EngineDocList>
suba
7th April 2009, 14:45
Try this "<Type DataType="String">Auth</Type>" instead of "<Type >Auth</Type" and update totals too. It should not be zero i think
tonybushell-2008
7th April 2009, 15:13
Try this "<Type DataType="String">Auth</Type>" instead of "<Type >Auth</Type" and update totals too. It should not be zero i think

Suba, many thanks for that. I have updated the request xml with the details and ensured a valid amount has gone through 19200 but still the same response I'm afraid.
tonybushell-2008
7th April 2009, 15:20
Suba, I have replaced my request xml with the example that HSBC provide, and just replaced the account parameters. still the same response with the shortened following:

<?xml version="1.0" encoding="UTF-8" ?>
<EngineDocList>
<DocVersion DataType="String">1.0</DocVersion>
<EngineDoc>
<ContentType DataType="String">OrderFormDoc</ContentType>
<User>
<ClientId DataType="S32">xxx</ClientId>
<Name DataType="String">xxx</Name>
<!-- Name is case sensitive -->
<Password DataType="String">xxx</Password>
<!-- Password is case sensitive -->
</User>
<Instructions>
<Pipeline DataType="String">Payment</Pipeline>
<!-- Set Pipeline to Payment to benefit from HSBC fraud rule protection, see the guide for alternate values -->
</Instructions>
<OrderFormDoc>
<Id DataType="String">TESTXD01</Id>
<!-- Id is optional, but if supplied must be a unique value -->
<Mode DataType="String">Y</Mode>
<!-- Set Mode to P (Production) for REAL transactions, see the guide for alternate values -->
<Consumer>
<PaymentMech>
<Type DataType="String">CreditCard</Type>
<!-- Type is always set to CreditCard -->
<CreditCard>
<Number DataType="String">123456789</Number>
<Expires DataType="ExpirationDate" Locale="826">10/10</Expires>
<!-- Expires with Locale 826 represents mm/yy format -->
</CreditCard>
</PaymentMech>
</Consumer>
<Transaction>
<Type DataType="String">Auth</Type>
<CurrentTotals>
<Totals>
<Total DataType="Money" Currency="826">13500</Total>
<!-- Total with Currency 826 represents values in pence -->
</Totals>
</CurrentTotals>
</Transaction>
</OrderFormDoc>
</EngineDoc>
</EngineDocList>
suba
8th April 2009, 06:47
Try this code, i have integrated with PHP with my login details, Its approved on transaction. For every transaction the ID "TESTXD01" should be unique and I have given "PaymentNoFraud" pipeline
<?php

$xml_content = '<?xml version="1.0" encoding="UTF-8" ?>
<EngineDocList>
<DocVersion DataType="String">1.0</DocVersion>
<EngineDoc>
<ContentType DataType="String">OrderFormDoc</ContentType>
<User>
<ClientId DataType="S32">XXXXX</ClientId>
<Name DataType="String">XXXXX</Name>
<Password DataType="String">XXXXX</Password>
<Email DataType="String">your email id</Email>
</User>
<Instructions>
<Pipeline DataType="String">PaymentNoFraud</Pipeline>
</Instructions>
<OrderFormDoc>
<Id DataType="String">TESTXD01</Id>
<Mode DataType="String">Y</Mode>
<Consumer>
<PaymentMech>
<Type DataType="String">CreditCard</Type>
<CreditCard>
<Number DataType="String">4111111111111111</Number>
<Expires DataType="ExpirationDate" Locale="826">10/10</Expires>
</CreditCard>
</PaymentMech>
</Consumer>
<Transaction>
<Type DataType="String">Auth</Type>
<CurrentTotals>
<Totals>
<Total DataType="Money" Currency="826">13500</Total>
</Totals>
</CurrentTotals>
</Transaction>
</OrderFormDoc>
</EngineDoc>
</EngineDocList>';
echo $xml_content;

$ch = curl_init();
$url = "secured hsbc url";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_content);
$data = curl_exec($ch);
curl_close ($ch);

echo "<pre>";
print_r($data);
echo "</pre>";

?>
tonybushell-2008
8th April 2009, 09:39
Suba, many thanks for this, I do still receive the same response though, with this I have requested from the financial manager of the client to double check username and passwords for case sensitive information.
tonybushell-2008
8th April 2009, 11:25
Suba, I can't thank you enough for your help.

I have just spoken with the HSBC ePayments team and they have setup a test store for me to test the integration, upon quick fire testing I am receiving different results as expected now, so I guess it was down to incorrect client details.

Many thanks.