When Hosted Payment Session Service processes your form, it responds with another form.
The response form is POSTed by the payer's web browser to the URL specified by the gatewayReturnURL field in your request.
You will need to provide a page at this URL to process the POST from the payer's web browser. This page should be able to process any of the fields that you included in your payment form and an overall form response field.
Hosted Payment Session Service returns an overall response field in addition to all of the fields specified in your request.
You should check the value in the 'gatewayFormResponse' field to check if your Form POST was successful.
For error codes, see Handling Payment Form Errors.
If the overall response field indicates there are field errors, then you should check each response field for errors.
A field in error will have an error code prefixed to the value supplied by the payer. You should interpret the error code and present an appropriate error response form to the payer so that they can correct the value and resubmit.
The resubmitted payment form should POST back to Hosted Payment Session Service so your session can be updated with the corrected details.
For error codes, see Handling Payment Form Errors.
Hosted Payment Session
Service returns the card number and card security code masked with the x character. You can present these masked values to the payer in the error response form so that they only need to edit these
fields if they are invalid. If the payer does not modify the masked value, then
Hosted Payment Session Service will use the same value it received
on the previous form submission.
If you prefer an alternate masking format, then use any combination the characters X, x,
or * to mask the field before you present it.
When you have verified that the overall response field indicates there are no errors, then you can continue to the next step.