sigmaprojects/gist:a8bbbe745805101c4a0211fd6aa5719d

## gistfile1.txt
<cfscript>
    // the nonce can be any unique identifier -- guids and timestamps work well
    nonce = uniqid();

    // a standard unix timestamp. a request must be received within 60s
    // of its timestamp header.
    timestamp = now(); // but get the seconds, I forget what it is... now().getTime()?

    // setting up the request data itself
    verb = "POST";
    cUrl = "https://api-cert.sagepayments.com/bankcard/v1/charges?type=Sale";
    requestData = [
        // this is a pretty minimalistic example...
        // complete reference material is available on the dev portal.
        "Ecommerce" => [
            "OrderNumber" => "Invoice " . rand(0, 1000),
            "Amounts" => [
                "Total" => "1.00"
            ],
            "CardData" => [
                "Number" => "5454545454545454",
                "Expiration" => "1019"
            ]
        ]
    ];
    // convert to json for transport
    payload = serializeJson(requestData);
    // the request is authorized via an HMAC header that we generate by
    // concatenating certain info, and then hashing it using our client key
    toBeHashed = verb & cUrl & payload & merchantCredentials["ID"] & nonce & timestamp;
    hmac = getHmac(toBeHashed, developerCredentials["KEY"]);
    // ok, let's make the request! cURL is always an option, of course,
    // but i find that file_get_contents is a bit more intuitive.

    $context = stream_context_create($config);
    $result = file_get_contents($url, false, $context);
    $response = json_decode($result);

    cfhttp(method=VERB, charset="utf-8", url=cUrl, result="result") {
      cfhttpparam(name="clientId", type="header", value=developerCredentials["ID"]);
      cfhttpparam(name="merchantId", type="header", value=merchantCredentials["ID"]);
      cfhttpparam(name="merchantKey", type="header", value=merchantCredentials["KEY"]);
      cfhttpparam(name="nonce", type="header", value=nonce);
      cfhttpparam(name="timestamp", type="header", value=timestamp);
      cfhttpparam(name="authorization", type="header", value=hmac);
	  cfhttpparam(name="content-type", type="header", value="application/json");
	  cfhttpparam(type="body", value=payload);
    }

    writedump(result)
</cfscript>
	<cfscript>
	// the nonce can be any unique identifier -- guids and timestamps work well
	nonce = uniqid();

	// a standard unix timestamp. a request must be received within 60s
	// of its timestamp header.
	timestamp = now(); // but get the seconds, I forget what it is... now().getTime()?

	// setting up the request data itself
	verb = "POST";
	cUrl = "https://api-cert.sagepayments.com/bankcard/v1/charges?type=Sale";
	requestData = [
	// this is a pretty minimalistic example...
	// complete reference material is available on the dev portal.
	"Ecommerce" => [
	"OrderNumber" => "Invoice " . rand(0, 1000),
	"Amounts" => [
	"Total" => "1.00"
	],
	"CardData" => [
	"Number" => "5454545454545454",
	"Expiration" => "1019"
	]
	]
	];
	// convert to json for transport
	payload = serializeJson(requestData);
	// the request is authorized via an HMAC header that we generate by
	// concatenating certain info, and then hashing it using our client key
	toBeHashed = verb & cUrl & payload & merchantCredentials["ID"] & nonce & timestamp;
	hmac = getHmac(toBeHashed, developerCredentials["KEY"]);
	// ok, let's make the request! cURL is always an option, of course,
	// but i find that file_get_contents is a bit more intuitive.

	$context = stream_context_create($config);
	$result = file_get_contents($url, false, $context);
	$response = json_decode($result);

	cfhttp(method=VERB, charset="utf-8", url=cUrl, result="result") {
	cfhttpparam(name="clientId", type="header", value=developerCredentials["ID"]);
	cfhttpparam(name="merchantId", type="header", value=merchantCredentials["ID"]);
	cfhttpparam(name="merchantKey", type="header", value=merchantCredentials["KEY"]);
	cfhttpparam(name="nonce", type="header", value=nonce);
	cfhttpparam(name="timestamp", type="header", value=timestamp);
	cfhttpparam(name="authorization", type="header", value=hmac);
	cfhttpparam(name="content-type", type="header", value="application/json");
	cfhttpparam(type="body", value=payload);
	}

	writedump(result)
	</cfscript>