Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save catriname/ea71ecbeacca10f7d3c9b38729d8b9d5 to your computer and use it in GitHub Desktop.
Save catriname/ea71ecbeacca10f7d3c9b38729d8b9d5 to your computer and use it in GitHub Desktop.
PayTrace Client Side Encryption (PHP / IIS)
<!-- This is the PayTrace End-to-End Encryption library: -->
<script src=""></script>
// set the key from an AJAX call
paytrace.setKeyAjax('/public_key.pem') ;// set the key from an AJAX call (in this case via a relative URL)
$(document).ready( function(){
//To prevent the default action of the submit
// Do your validation and if all validations are met,
// Next is to submit the form with paytrace.submitEncrypted.
if ($("#ccNumber").val() && $("#ccCSC").val()) {
//if all validations are met, submit the form to Paytrace library for encyption.
alert("CCNumber and CSC number are required ! ");
$(document).ready( function(){
$.post($(this).attr('action'), $(this).serialize(), function(json) {
}, 'json');
return false;
<form name="DemoForm" id="DemoForm" action="checkoutResponse.php" method="post">
<label>Company Name:</label>
<input id="name" name="name" class="form-control" type="text" value="<?php echo $name ?>" />
<label>Address Line 1: </label>
<input id="street_address" name="street_address" class="form-control" type="text" value="<?php echo $addr1 ?>" />
<label>Address Line 2:</label>
<input id="street_address2" name="street_address2" class="form-control" type="text" value="<?php echo $addr2 ?>" />
<input id="city" name="city" type="text" class="form-control" value="<?php echo $city ?>" />
<input id="state" name="state" type="text" class="form-control" value="<?php echo $state ?>" />
<input id="zip" name="zip" type="text" class="form-control" value="<?php echo $zip ?>" />
<input id="country" name="country" type="hidden" class="form-control" value="US" />
<label>Payment Amount:</label>
<input id="amount" type="text" readonly name="amount" value="<?php echo $amount ?>" />">
<label>First Name:</label>
<input type="text" name="firstName" id="firstName" class="form-control" />
<label>Last Name:</label>
<input type="text" name="lastName" id="lastName" class="form-control" />
<label>Credit Card Number:</label>
<input id="ccNumber" type="text" class="form-control pt-encrypt" name="ccNumber" placeholder="Credit card number" />
<label>Expiration Month</label>
<select name="expiration_month" id="expiration_month" class="form-control">
<label>Expiration Year</label>
<select name="expiration_year" id="expiration_year" class="form-control">
<option> <?php echo date("Y")?> </option>
<option> <?php echo date("Y")+1 ?> </option>
<option> <?php echo date("Y")+2 ?> </option>
<option> <?php echo date("Y")+3 ?> </option>
<option> <?php echo date("Y")+4 ?> </option>
<option> <?php echo date("Y")+5 ?> </option>
<option> <?php echo date("Y")+6 ?> </option>
<option> <?php echo date("Y")+7 ?> </option>
<option> <?php echo date("Y")+8 ?> </option>
<option> <?php echo date("Y")+9 ?> </option>
<option> <?php echo date("Y")+10 ?> </option>
<option> <?php echo date("Y")+11 ?> </option>
<option> <?php echo date("Y")+12 ?> </option>
<option> <?php echo date("Y")+13 ?> </option>
<option> <?php echo date("Y")+14 ?> </option>
<option> <?php echo date("Y")+15 ?> </option>
<option> <?php echo date("Y")+16 ?> </option>
<option> <?php echo date("Y")+17 ?> </option>
<option> <?php echo date("Y")+18 ?> </option>
<option> <?php echo date("Y")+19 ?> </option>
<option> <?php echo date("Y")+20 ?> </option>
<label>Security code:</label>
<input id="ccCSC" type="text" class="form-control pt-encrypt" name="ccCSC" placeholder="Card security code" />
<input type="submit" id="enterPayment" value="Submit Your Payment" name="commit" />
<script src="/js/jquery.cardswipe.js"></script>
<script type="text/javascript">
// Called by plugin on a successful scan.
var complete = function (data) {
// Is it a payment card?
if (data.type == "generic")
// Copy data fields to form
$("#expiration_year").val("20" + data.expYear);
// Event handler for scanstart.cardswipe.
var scanstart = function () {
// Event handler for scanend.cardswipe.
var scanend = function () {
// Event handler for success.cardswipe. Displays returned data in a dialog
var success = function (event, data) {
// Iterate properties of parsed data
for (var key in data) {
if (data.hasOwnProperty(key)) {
var text = key + ': ' + data[key];
$("#properties").append('<div class="property">' + text + '</div>');
var failure = function () {
// Initialize the plugin with default parser and callbacks.
// Set debug to true to watch the characters get captured and the state machine transitions
// in the javascript console. This requires a browser that supports the console.log function.
// Set firstLineOnly to true to invoke the parser after scanning the first line. This will speed up the
// time from the start of the scan to invoking your success callback.
firstLineOnly: true,
success: complete,
parsers: ["visa", "amex", "mastercard", "discover", "generic"],
debug: false
// Bind event listeners to the document
.on("scanstart.cardswipe", scanstart)
.on("scanend.cardswipe", scanend)
.on("success.cardswipe", success)
.on("failure.cardswipe", failure)
include 'PhpApiSettings.php';
include 'Utilities.php';
include 'Json.php';
//call a function of Utilities.php to generate oAuth token
//This sample code doesn't use any 0Auth Library
$oauth_result = oAuthTokenGenerator();
//call a function of Utilities.php to verify if there is any error with OAuth token.
$oauth_moveforward = isFoundOAuthTokenError($oauth_result);
//If IsFoundOAuthTokenError results True, means no error
//next is to move forward for the actual request
//Decode the Raw Json response.
$json = jsonDecode($oauth_result['temp_json_response']);
//set Authentication value based on the successful oAuth response.
//Add a space between 'Bearer' and access _token
$oauth_token = sprintf("Bearer %s",$json['access_token']);
// Build the transaction
//end of main script
function buildTransaction($oauth_token){
// Build the request data
$request_data = buildRequestData();
//call to make the actual request
$result = processTransaction($oauth_token,$request_data, URL_KEYED_SALE );
/*echo "<br>json_response : " . $result['json_response'];
echo "<BR>curl_error : ".$result['curl_error'];
echo "<br>http_status_code :". $result['http_status_code'];
//check the result
function buildRequestData(){
//you can assign the values from any input source fields instead of hard coded values.
$request_data = array(
"amount" => $_POST['amount'],
"credit_card" => array(
"encrypted_number" => $_POST['ccNumber'],
"expiration_month" => $_POST['expiration_month'],
"expiration_year" => $_POST['expiration_year']
"encrypted_csc" => $_POST['ccCSC'],
"billing_address" => array(
"name" => $_POST['name'],
"street_address" => $_POST['street_address'],
"street_address2" => $_POST['street_address2'],
"city" => $_POST['city'],
"state" => $_POST['state'],
"zip" => $_POST['zip'],
"country" => $_POST['country']
$request_data = json_encode($request_data);
//optional : Display the Jason response - this may be helpful during initial testing.
echo "<h5>";
echo "<BR><BR></h5>";
return $request_data ;
//This function is to verify the Transaction result
function verifyTransactionResult($trans_result){
//Handle curl level error, ExitOnCurlError
if($trans_result['curl_error'] ){
echo "<img src = '/img/xmark.png'>";
echo "<br>Error occcured : ";
echo '<br>curl error with Transaction request: ' . $trans_result['curl_error'] ;
//If we reach here, we have been able to communicate with the service,
//next is decode the json response and then review Http Status code, response_code and success of the response
$json = jsonDecode($trans_result['temp_json_response']);
if($trans_result['http_status_code'] != 200){
if($json['success'] === false){
echo "<img src = '/img/xmark.png'>";
//echo "<br><br>Transaction Error occurred : ";
//Optional : display Http status code and message
//Optional :to display raw json response
echo "<H1>Payment : FAILED !</h1>";
//to display individual keys of unsuccessful Transaction Json response
displayKeyedTransactionError($json) ;
else {
//In case of some other error occurred, next is to just utilize the http code and message.
echo "<img src = '/img/xmark.png'>";
echo "<br><br> Request Error occurred !" ;
// Optional : to display raw json response - this may be helpful with initial testing.
// Do your code when Response is available and based on the response_code.
// Please refer PayTrace-Error page for possible errors and Response Codes
// For transation successfully approved
if($json['success']== true && $json['response_code'] == 101){
echo "<img src = '/img/checkmark.png'>";
//echo "<br><br>Keyed sale : Success !";
//to display individual keys of successful OAuth Json response
//Do you code here for any additional verification such as - Avs-response and CSC_response as needed.
//Please refer PayTrace-Error page for possible errors and Response Codes
//success = true and response_code == 103 approved but voided because of CSC did not match.
//This function displays keyed transaction successful response.
function displayKeyedTransactionResponse($json_string){
//optional : Display the output
//echo "<br><br> Keyed Sale Response : ";
//since php interprets boolean value as 1 for true and 0 for false when accessed.
echo "<br>PAYMENT : ";
echo $json_string['success'] ? 'SUCCESS' : 'FAILED';
//echo "<br>response_code : ".$json_string['response_code'] ;
echo "<br>status_message : ".$json_string['status_message'] ;
echo "<br>transaction_id : ".$json_string['transaction_id'] ;
echo "<br>approval_code : ".$json_string['approval_code'] ;
//echo "<br>approval_message : ".$json_string['approval_message'] ;
//echo "<br>avs_response : ".$json_string['avs_response'] ;
//echo "<br>csc_response : ".$json_string['csc_response'] ;
//echo "<br>external_transaction_id: ".$json_string['external_transaction_id'] ;
echo "<br>masked_card_number : ".$json_string['masked_card_number'] ;
//This function displays keyed transaction error response.
function displayKeyedTransactionError($json_string){
//optional : Display the output
//echo "<br><br> Keyed Sale Response : ";
//since php interprets boolean value as 1 for true and 0 for false when accessed.
echo "<br>success : ";
echo $json_string['success'] ? 'true' : 'false';
echo "<br>response_code : ".$json_string['response_code'] ;
echo "<br>status_message : ".$json_string['status_message'] ;
//echo "<br>external_transaction_id: ".$json_string['external_transaction_id'] ;
echo "<br>masked_card_number : ".$json_string['masked_card_number'] ;
//to check the actual API errors and get the individual error keys
//echo "<br>API Errors : " ;
foreach($json_string['errors'] as $error =>$no_of_errors )
//Do you code here as an action based on the particular error number
//you can access the error key with $error in the loop as shown below.
echo "<br>". $error;
// to access the error message in array assosicated with each key.
foreach($no_of_errors as $item)
//Optional - error message with each individual error key.
echo " " . $item ;
This is a quick for-developers-only guide of how to everything working from PHP (Windows native) to PayTrace’s API. I chose the Client Side Encryption as being our first time out, I am trying to duck some PCI compliance (Client Side Encryption is less strict). This assumes you know PHP, JS, JQuery, a little of what an API does, enough to paste some JSON together and of course your HTML, CSS, etc. You’re a developer, you have all the code provided open source, but this is a quick A-B-C of how I got it working on Windows (IIS7) and hurdles I ran into.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment