Payment Gateway - Pre-payment authorisation

Hi all,

I hope someone can help me out. I'm trying to build a Payment Gateway for BPoint (Commonwealth Bank Australia), this requires running what they call a pre-payment authentication to get a token that then gets used for the redirect. So I would need to send data (the purchase amount, invoice id etc) to get a token back which I then send again to handle the redirect. I can't find any payment methods that have to do this, I just cannot work out for the life of me how I could go about this easily. Any thoughts / comments would be much appreciated, or more importantly if anyone has already built a gateway for BPoint let me know as I'd be interested in purchasing.

View Replies: View Best Answer
Mainio replied on at Permalink Best Answer Reply
Haven't built one particularly for BPoint but I have built similar gateways that require either pre-authentication or post-authentication.

It depends on which step the authentication needs to happen but if it's prior to sending the user to the gateway, you'll need to do the authentication in the "form" method where you initialize the variables for the form.

If it needs to happen after the user has given some details on the payment form (not usually required), you'll need to post the actual payment form into an action within your payment method controller. Then, handle the pre-authentication there and redirect the user to the payment gateway (if it does not require a POST request as I would assume not in this case).

And if you need post-authentication, this can happen in the return action where the user is returned to from the gateway.
McArtney82 replied on at Permalink Reply
Thanks for the fast response. So it's a prepayment one, so in the form function I could do a CURL command to get my token then store it in $fields for the submission that enables the redirect right? Do you have any code examples of what you've done for prepayment authorisation?
Mainio replied on at Permalink Reply
Yes, that's pretty much what you should do. I'm not sure whether you should redirect the user straight away because some payment API terms might require the user to do the action to move to the gateway. Of course, you could even do a POST request automatically for the user by posting the form, but this might be against the terms of the payment service (depends on the service).

That's different for each API, so I don't think any code examples here would be relevant. And the CURL request is pretty straight forward, and you can find plenty of examples for that already from Google.

If you need an overall example implementation, here's one I found from GitHub, especially for BPoint:

But that's ruby so I don't know how useful it is for you but still, you can take a look what is done there if you need a reference implementation. It's also MIT, so you can use it as you wish.
McArtney82 replied on at Permalink Reply
Awesome, thank you so much. I think I can handle it from here!