Creating and submitting the form are critical steps in the merchant integration for a Hosted Payment Session model. The fields in the payer-facing form, including card details and other additional information, are submitted directly to the Hosted Payment Session Service using HTTPS POST.
The payment form can contain any of the fields described in the Form Fields Reference section plus any additional fields you wish to use to request information from the payer.
A sample HTML payment form that collects all card details is shown below:
<form action="https://paymentgateway.commbank.com.au/form/<session_id>" method="post">
<input type="hidden" name="gatewayReturnURL" value="http://www.example.com/example"/>
Card Number: <input type="text" name="gatewayCardNumber" value="" size="16" maxlength="30"/>
Card Expiry Month: <input type="text" name="gatewayCardExpiryDateMonth" value="" size="2" maxlength="2"/>
Card Expiry Year: <input type="text" name="gatewayCardExpiryDateYear" value="" size="4" maxlength="4"/>
Card Security Code: <input type="text" name="gatewayCardSecurityCode" value="" size="4" maxlength="4"/>
<input type="hidden" name="gatewayRedirectDisplayBackgroundColor" value="#808000"/>
<input type="hidden" name="gatewayRedirectDisplayTitle" value="Check Your Submitted Payment Details"/>
<input type="hidden" name="gatewayRedirectDisplayContinueButtonText" value="Click to Continue"/>
<input type="submit" value="Continue"/>
</form>
Where:
<session_id> = e.g. SESSION000112345678901234567890 - The session identifier received when the payment session was created in the Create Session step.http://www.example.com/example - The page on your website where the payer should be redirected.
The payer's data will be POSTed to this address after the
Hosted Payment Session Service has updated the session and applied validation / masking to the original values.Open your payment form in a browser. With formatting, it should look something like this:
The payment form must be submitted using HTTPS POST as shown in the form above. The POST is submitted directly to the Hosted Payment Session Service.
You may not want to collect all card details using Hosted Payment Session. For example, you may only want to collect Card Security Code so it may be used in combination with a previously stored card (see Tokenization).
A sample HTML payment form that collects only Card Security Code is shown below:
<form action="https://paymentgateway.commbank.com.au/form/<session_id>" method="post">
<input type="hidden" name="gatewayReturnURL" value="http://www.example.com/example"/>
Card Security Code: <input type="text" name="gatewayCardSecurityCode" value="" size="4" maxlength="4"/>
<input type="hidden" name="gatewayRedirectDisplayBackgroundColor" value="#808000"/>
<input type="hidden" name="gatewayRedirectDisplayTitle" value="Check Your Submitted Payment Details"/>
<input type="hidden" name="gatewayRedirectDisplayContinueButtonText" value="Click to Continue"/>
<input type="submit" value="Continue"/>
</form>
name attribute,
or set the name to something other than "submit".
Do Not Use
<input type="submit" name="submit" value="Continue"/>
Use
<input type="submit" value="Continue"/>