FlexWin (Method 1)
- Return pages
As mentioned previously, the user can exit FlexWin one of two ways:
- The customer returns to "accepturl" once the payment is approved.
- The customer cancels the payment, and is returned to "cancelurl".
Note: The security updates of recent browsers has necessitated, that the shop's accept/cancel page is shown in the popup window. From there you may have an optional link (or autoloader) to the originating window. This is done by naming the calling window and using this name as a link target on the accept/cancel page.
Payment approved (accepturl)
Upon returning to accepturl, the customer will normally expect a receipt to be displayed. We therefore recommend you use the accepturl option for generating a customer receipt. Aside from the standard port 80, accepturl may also use port 20080. The following parameters are returned to the accepturl:
Parameter | Description |
transact | Transaction number — integer of 7 to 9 digits. |
[paytype] | The type of payment the customer has used for this particular payment. The payment type is returned as a string. Paytype is only returned if you have activated "return of all values" in your DIBS Admin (under installation + return values). |
[acquirer] | The acquirer used for the specific trasaction. See also our list of valid values for acquirer. |
[suspect] | Is returned if the built-in fraud protection evaluates the specific transaction as a possible fraud. |
[fee] | When calcfee is used, the calculated fee is returned so it can be shown on the receipt. |
[severity] | An integer value, which is returned if fraud control has noted the transaction as a potential fraud, and fraud protection is activated in the administration interface. The higher the amount, the more questionable the transaction. We generally recommend a closer scrutiny of transactions with a severity value greater than 5. |
[cardnomask] | Contains the last four digits of the creditcard number with the other digits masked as X'es. This parameter is enabled in DIBS Admin. |
[merchant, amount...] | All parameters sent to start.pml are returned to accepturl. |
[?x=4&y=2...] | Any extra parameters you send to accepturl, cancelurl or callbackurl, are returned again. Reserved words cannot be used as CGI parameters (see list of reserved words). Please note, that if many parameters are declared via DIBS, browsers use various maximum lengths for query strings (e.g. 2083 characters for Internet Explorer), potentially truncating the parameter list. |
Payment cancelled (cancelurl)
As is the case with the accepturl, a post is made to the ”cancelurl” page with all previous parameters sent to the DIBS FlexWin. CGI-parameters sent to the cancelurl are also returned (?x=1&y=4). Again, aside from the standard port 80, cancelurl may also use port 20080. Note: Reserved words cannot be used as declared cgi-parameters (see list of reserved words).
Automatic call-back (callbackurl)
There is a potential risk of the customer not following the link to the receipt and subsequently never seeing one. If the shop system is set up so that orders are stored in the database simultaneously with the receipt being displayed to the customer, the order may in fact escape registration within the shop’s own system. This would be rather unfortunate, since a payment is authorized with DIBS, the customer believes DIBS has authorized the payment, and the customer believes that the order has been carried out, yet the shop’s system has no knowledge of any such order.
To avoid such an occurrence, DIBS automatically enables the approved page to call a script in the shop’s system without involving the customer in the procedure. As is the case with the receipt page, this script must inform the shop’s order system, that the order has been carried out, and send an order confirmation to the customer, if required. It can also serve as an MD5 key control to ensure that the customer himself does not call the script, resulting in the shop interpreting the order status as “carried out”.
In order to activate the automatic call-back, a call-back URL must be passed to FlexWin. This is done through the callbackurl parameter. The URL is then automatically called when the approval page is displayed. The call is created as a post, and all parameters are sent to start.pml. CGI parameters sent along to callbackurl (?x=1&y=4), transact, and the MD5-encryption key can be sent along (the same parameters that are returned via accepturl are always sent along). As with accepturl and cancelurl, callbackurl may also use port 20080.
Note: Reserved words cannot be used as declared cgi-parameters (see list of reserved words). If the callback script depends on cookies or a session ID, these must also be sent along to FlexWin in the http_cookie parameter. The value of this variable must be of the form: name1=value1; name2=value2...
If you wish to transfer all declared cookies, the content of the HTTP_COOKIE variable can be used, containing all the cookies in the correct format. Below are a few examples of how to do this in ASP, PHP4 and JavaScript.
ASP:
<input type="hidden" name="HTTP_COOKIE" value=
"<%=Request.ServerVariables("HTTP_COOKIE") %>" />
PHP4:
<input type="hidden" name="HTTP_COOKIE" value="<?= getenv
("HTTP_COOKIE"); ?>" />
or
printf('<input type="hidden" name="HTTP_COOKIE" value="%s">',
getenv("HTTP_COOKIE"));
JavaScript:
<script type="text/javascript">
<!--
document.writeln('<input type="hidden" name="HTTP_COOKIE"
value="' + document.cookie + '">');
//-->
</script>
Voucher return parameters
When using vouchers, some of the regular return parameters are changed, and new ones are introduced. For example, using a voucher will change the "amount" parameter from what was sent to FlexWin — "amount" now holds the reduced amount.
Please note, that in order to receive the voucher specific return parameters, you must enable the return of additional parameters in DIBS Admin.
The following additional parameters are returned to the accepturl:
Parameter | Description |
[amount] | This is the amount which the customer had to pay, which is the original amount sent to FlexWin minus the discount amount obtained through the voucher. Example: FlexWin was called with an amount of 5000 (50DKK) and a voucher gave a 15% rebate. Then "amount" will be 4250. |
[amount_original] | This parameter holds the amount that was originally sent to FlexWin. Cf. the example above, "amount_original" will contain 5000. |
[voucher] | Identical to the parameter sent to FlexWin to enable vouchers. |
[voucher_amount] | This is the part of the original amount that is covered by the voucher, i.e. this is the rebate obtained. Cf. the example above "voucher_amount" would contain 750. |
[voucher_entry] | This is the voucher code that has been entered by the customer. |
[voucher_rest] | The "voucher_rest" parameter only applies to type M vouchers, i.e. vouchers that hold a fixed monetary amount. If the voucher is reusable and not all of its monetary value is spent, then "voucher_rest" holds the amount that is left on the voucher. Example: The voucher used is of type M; it's maximum number of uses has not yet been reached; before the purchase it held 100DK (10000); the purchase used 25DKK (2500) from the voucher. In this case "voucher_rest" will contain 7500. Furthermore, this parameter is only returned if the voucher can be reused. If the voucher cannot be reused, and there is an amount left on it, it will be unavailable. |
