Developers

iATS Payments Contact Information

North America: www.iatspayments.com

UK/International: www.uk.iatspayments.com

Customer Care:

Email: iatscs@iatspayments.com
Phone: North America: 1-888-955-5455 | UK/Europe: 0808-234-0466

Hours: 7:30am – 5:00pm Pacific Standard Time, Monday to Friday

Sales and Marketing:

Email: iats@iatspayments.com
Phone: North America: 1-866-300-4287 | UK/Europe: 0808-234-0466

Hours: 7:00am – 4:30pm Pacific Standard Time, Monday to Friday

Partner Support:

Email: PartnerSupport@iatspayments.com
Hours: 7:00am – 4:30pm Pacific Standard Time, Monday to Friday

Direct Post Options

iATS offers two options for the Direct Post Method:

Option 1
This uses a JavaScript Relay URL redirect that allows the developer more control over the redirect page as well as the message that displays to the donor as a result of the transaction response (example rejection codes). All transaction detail is posted back to the relay page which can be used to capture into the developers’ database.

Option 2
This does not utilize JavaScript but a Direct Redirect. This option only allows the programmer to redirect to two static pages – a successful transaction page or a failed transaction page. As no relay page is utilized, the details of the transaction will be sent to a postback URL. Please refer to separate document for this option.

Introduction

This user guide describes the web development required to process transactions via iATS Payments using the Direct Post Method.

Direct Post is a fully PCI compliant service as the sensitive credit card data never flows through your servers or website. Your website does not have to handle any credit card data, and all transaction information is submitted directly to iATS via Secure Sockets Layer (SSL) while keeping iATS invisible to the donor. Your site can still collect all pertinent donor data and has been built to allow you to utilize your own unique website look and feel as well as response pages.

The Direct Post Method can be combined with other iATS Web Services such as CustomerLink (to manage recurring schedules), ProcessLink (to process transactions with a Token or do refunds using a Transaction ID), and ReportLink (pulling transaction reports from iATS’ servers). These are explained further in our Web Service Guides and are available upon request.

For managing recurring transactions, you have the option of managing them or having iATS manage them for you:

1. If iATS manages the recurring schedule:
   1. You use DPM to set up the individual Tokens (Customer Codes) and provide all payment and recurring details (amount, start/end date etc.), with the recurring tag set to true.
2. If you manage the recurring schedule:
   1. 1. You use DPM to set up the individual Tokens (Customer Codes) and only provide the payment details, with the recurring tag set to false;
      2. Then, on the schedule date you send a batch file containing the Tokens (Customer Codes) and amount of charge using our ProcessLink Web Service.
      3. Any future updates (switch it OFF, delete, etc.) to the Tokens can be done via our CustomerLink Web Service.

Please note that iATS operates two server systems, one based in North America (NA) and one in the United Kingdom (UK). Clients in the United States and Canada will use the NA servers, while all other clients use our UK servers. The explanation of the specific services that follows will provide the links to each server address as available.

Notes on International processing

Donor’s Information Fields

The following table represents the HTML form donor information fields that can be submitted to iATS using Direct Post.

The data fields are name and value pairs, using the following HTML syntax:

Custom Information Fields

The following table represents the HTML form fields of custom information can be submitted to IATS using Direct Post. All  fields in this section are optional and will be stored in the iATS system and available via ReportLink web service.

The data fields are name and value pairs, using the following HTML syntax:

Client Defined Fields

The following table represents the HTML form fields of client defined can be submitted to iATS using Direct Post.

iATS neither stores nor processes this field’s value, only acting as a pass-through to the postback URL. iATS will accept up to 3 client-defined fields with the prefix “IATS_DPM_ClientDefined_”.

The data fields are name and value pairs, using the following HTML syntax:

Single Credit Card Transaction Fields

The following table represents the fields required for submitting a single credit card transaction using Direct Post.

The data fields are name and value pairs, using the following HTML syntax:

Single ACH Transaction Fields

The following table represents the fields required for submitting a single ACH transaction using Direct Post.

The data fields are name and value pairs, using the following HTML syntax:

Creating Secure Tokens

Instead of processing a real-time transaction, the merchant can use the Direct Post to create a token which can be used for transactions at a later stage with the iATS web services or to set up recurring transactions to be auto processed by iATS.

The iATS payment gateway will return a token ID to the Host which can be used to:

• Access and update payment information associated with the token iATS CustomerLink Web Service
• Process a single transaction on a recurring schedule using ProcessLink Web Service

Please refer to the iATS Web Service Guides for more details on the services offered.

The data fields are name and value pairs, using the following HTML syntax:

The following table represents the fields required for creating a secure token using Direct Post. The Host will need to have the credit card or bank account fields in the form. This payment information is what will be stored in the iATS system which is associated with the token.

Relay URL

The following table describes form fields that can be submitted to configure the relay response. The relay URL should be embedded in the payment form but not visible to the end user.

The relay URL fields are submitted using the syntax below.

ENCRYPTED MAGNETIC STRIPE READERS

Overview

Our encrypted magnetic stripe readers (MSRs) are fully PCI compliant as the sensitive credit card data is encrypted immediately within the device before the data flows through to the computer or device. This means your servers do not have to handle any clear text credit card data. The encrypted MSRs are designed to work with the Direct Post Method.

When a credit card is swiped through the MSR, it will read and encrypt the track data on the magnetic stripes and pass the encrypted data to the Account Number field in DPM to the relevant web service to either a) process the transaction directly or b) tokenize the details for future transactions, or c) process the transaction directly and tokenize the details for future transactions

Supported Hardware

The following supported magnetic stripe readers should be ordered directly from iATS Payments as they contain encryption keys only accessible by iATS:
USB (PC and Mac)

• MagTek DynaMag
• ID Tech SecureMag

Using the MSR’s

As there are a number of variations of the swiper, iATS needs to know which swiper is being used so that iATS

can supply the correct encryption key to the transaction. Once the user has swiped the card in the Credit Card

field, the swiper type needs to be appended to the front of the transaction string before being sent to iATS.

Development requirements - Magtek

Magtek Dynamag USB Encrypted swiper

The Magtek Dynamag is a USB encrypted swiper for use on PC’s.

When you swipe the USB device a complete string of masked as well as encrypted data. You can use the masked data for the name of the client, the expiry date and last 4 digits of the credit card. For the USB swipers, the entire string (masked and encrypted) as well as the identification of the swiper type needs to be passed through to iATS.

Magtek USB encrypted swipe example:

For the Magtek Dynamag, please append the data in the following order and delimitation:

SwiperType|@|Entire USB output

Where:

- SwiperType : 02 for Magtek Dynamag

- Entire USB output string (no parsing)

- |@| : Delimiter

MagTek USB swipe to be entered into IATS_DPM_AccountNumber field

Development requirements – IDTech

IDTech SecureMag USB card swipe

The IDTech Secure Mag is a USB encrypted swipe for PC’s and Laptops.

When you swipe the USB device, it will collect a complete string of masked as well as encrypted data. You can use the unmasked data for the name of the client, the expiry date and last 4 digits of the credit card. For the USB swipers the entire string (masked and encrypted) needs to be passed through to iATS.

IDTECH USB encrypted swipe example:

SwiperType|@|Entire USB output

Where:

- SwiperType : 00 for IDTech Secure Mag

- Entire USB output string (no parsing)

- |@| : Delimiter

IDTech USB swipe to be entered into IATS_DPM_AccountNumber field

JavaScript to choose card reader type

If you want to use the card readers as per above, then you can use the following piece of JavaScript to choose the reader type and append the correct number to the string when the form is submitted. This allows the user to use the card reader directly without needing to add the reader type each time.

Add the following script to the header:

Also, make sure to add the OnSubmit function to the form action:

North America

UK/International

The above code combined will give you ability to choose the swiper being used. You could of course pre-fill the card reader type and hide the field so its completely anonymous to the users.

Transaction Responses

When a Relay Response is configured, the transaction response that is returned to the merchant from the iATS payment gateway is a set of fields that provides information about the status of the transaction.

• For single credit card transactions iATS will provide real-time transaction approval or rejection results.
• For ACH transactions, the result is always approved because it takes at least one day to settle the transaction.
• For the ACH process please refer to the Web Service documentation – ProcessLink.

If the request is to create a token, the response is the detail of the token information created by iATS system.
The merchant server can parse the data in the returned response and customize the message to display to the end user.

Standard Fields in the Transactions Response

Below is the table for all the standard fields iATS will return to the merchant’s relay URL. iATS will return all donors information collected on the merchant’s HTML payment form.

Single Credit Card Transaction Response

Below is the table of results for a transaction that iATS will return to merchant’s relay URL for a single credit card transaction.

Rejection codes for Credit Card Responses

Below is the list of transaction rejection codes. For a more detailed list, please refer to

https://www.iatspayments.com/Portal/StaticPages/RejectCodes

Single ACH Transaction Response

Below is the table of transaction result fields that iATS will return to merchant’s relay URL for a single ACH transaction.

Token Transactions Response

Below is the table of the response fields iATS will return to merchant’s relay URL for a request to create a token.

Non-recurring Tokens

Tokens with a recurring schedule

The following fields are for when a recurring setting was set up for the token. If the host posts recurring settings in the original request, iATS will post the same settings back. Otherwise iATS will return default settings.

RELAY PAGE

Direct Post provides a relay response feature to communicate the transaction results to the merchant. The merchant can use the relay response feature to create a custom response page using transaction results returned by iATS. The response page is then relayed to the customer’s web browser.

Dynamic Page

To create a dynamic page to redirect the donor to various pages depending on the results of the transaction then the relay  page sent to iATS must contain the following JavaScript to redirect the end user to the correct URL.

Front-end JavaScript to be returned to iATS

Relay.aspx

<%@ Page Language="C#" CodeBehind="relayPage.aspx.cs" Inherits="IATSDirectPostTest.relayPage" %>

<html>
<head>
<script type='text/javascript' charset='utf-8'>

    window.location = '<%=redirectUri %>';
</script>

</head>
<body></body>
</html>

Code Behind to accept the HTTPS Post results from iATS server

Relaypage.aspx.cs

Namespace IATSDirectPostTest
{

       public partial class relayPage : System.Web.UI.Page
       {

                      public string redirectUri = "";
                      protected void Page_Load(object sender, EventArgs e)
                      {
                      //Get transaction result from POST data

                       if(Request.Form["IATS_Result"]!=null &&
Request.Form["IATS_Result"].Contains("OK")){

   //If the transaction is approval, redirect to approval response

redirectUri = "https://approval.merchant.com";

//If the transaction is rejected, redirect to rejected response page.

else redirectUri = "https://reject.merchant.com";
}

CODE SAMPLES

Below is an example of the Direct Post HTML form and relay page. This includes all the fields so remove those that are not necessary. Make sure you include your Relay URL at the end of the form.

SAMPLE HTML Payment Form – Without Card Reader

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

    <title>DPM Test Merchant</title>
    <style type="text/css">

         float: left;
         width: 400px;

    </style>
</head>

<div class="">
    <label class="" for="IATS_DPM_ProcessID">ProcessKey</label>
    <input name="IATS_DPM_ProcessID" class="" id="IATS_DPM_ProcessID"

<div><strong>Donors information</strong></div>

<div class="">
    <label class="" for="IATS_DPM_Title">Title</label>
    <input name="IATS_DPM_Title" class="" id="IATS_DPM_Title" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_FirstName">First Name</label>

    <input name="IATS_DPM_FirstName" class="" id="IATS_DPM_FirstName" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_LastName">Last Name</label>
    <input name="IATS_DPM_LastName" class="" id="IATS_DPM_LastName" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Address">Address</label>

    <input name="IATS_DPM_Address" class="" id="IATS_DPM_Address" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_City">City</label>
    <input name="IATS_DPM_City" class="" id="IATS_DPM_City" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Province">State/Province</label>

    <input name="IATS_DPM_Province" class="" id="IATS_DPM_Province" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Country">Country</label>
    <input name="IATS_DPM_Country" class="" id="IATS_DPM_Country" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_ZipCode">Zip Code</label>

    <input name="IATS_DPM_ZipCode" class="" id="IATS_DPM_ZipCode" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Phone">Phone</label>
    <input name="IATS_DPM_Phone" class="" id="IATS_DPM_Phone" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Phone">Phone2</label>

<div class="">
    <label class="" for="IATS_DPM_Phone">Fax</label>
    <input name="IATS_DPM_Fax" class="" id="IATS_DPM_Fax" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Email">Email</label>

    <input name="IATS_DPM_Email" class="" id="IATS_DPM_Email" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Comment">Comment</label>
    <input name="IATS_DPM_Comment" class="" id="IATS_DPM_Comment" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Item1">Item1</label>

    <input name="IATS_DPM_Item1" class="" id="IATS_DPM_Item1" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Item2">Item2</label>
    <input name="IATS_DPM_Item2" class="" id="IATS_DPM_Item2" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Item3">Item3</label>

    <input name="IATS_DPM_Item3" class="" id="IATS_DPM_Item3" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Item4">Item4</label>
    <input name="IATS_DPM_Item4" class="" id="IATS_DPM_Item4" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Item5">Item5</label>

    <input name="IATS_DPM_Item5" class="" id="IATS_DPM_Item5" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Item6">Item6</label>
    <input name="IATS_DPM_Item6" class="" id="IATS_DPM_Item6" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_ClientDefined_Name1">Client Defined Field 1</label>

    <input name="IATS_DPM_ClientDefined_Name1" class="" id="IATS_DPM_ClientDefined_Name1"
maxlength="150" />

</div>
<div class="">

    <label class="" for="IATS_DPM_ClientDefined_Name2">Client Defined Field 2</label>

    <input name="IATS_DPM_ClientDefined_Name2" class="" id="IATS_DPM_ClientDefined_Name2"
maxlength="150" />
</div>
<div class="">

    <label class="" for="IATS_DPM_ClientDefined_Name3">Client Defined Field 3</label>

    <input name="IATS_DPM_ClientDefined_Name3" class="" id="IATS_DPM_ClientDefined_Name3"
maxlength="150" />
</div>
<br /><br />

<div><strong>Amount</strong></div>
<div class="">

    <label class="" for="IATS_DPM_Amount">Amount</label>

<br /><br />
<div><strong>Payment</strong></div>
<div class="">

    <label class="" for="IATS_DPM_MOP">Method of Payment</label>

    <input name="IATS_DPM_MOP" class="" id="IATS_DPM_MOP" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_AccountNumber">Account Number</label>
    <input name="IATS_DPM_AccountNumber" class="" id="IATS_DPM_AccountNumber" maxlength="600" />

</div>
<div class="">

    <label class="" for="IATS_DPM_ExpiryDate">Expiry (for credit card)</label>

<div class="">
    <label class="" for="IATS_DPM_CVV2">CVV2 (for credit card)</label>
    <input name="IATS_DPM_CVV2" class="" id="IATS_DPM_CVV2" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_DebitAccountType">Debit Account Type (for ACH)</label>

    <input name="IATS_DPM_DebitAccountType" class="" id="IATS_DPM_DebitAccountType" maxlength="39" />
</div>

<div><strong>Process Option</strong></div>
<div class="">

    <label class="" for="IATS_DPM_ProcessOption">Process Option</label>

    <input name="IATS_DPM_ProcessOption" class="" id="IATS_DPM_ ProcessOption" maxlength="39" /> <br
/>

/>
    <label class="" for="IATS_DPM_ScheduleDate">ScheduleDate (If Schedule Type is Monthly)</label>
    <input name="IATS_DPM_ScheduleDate" class="" id="IATS_DPM_ScheduleDate" maxlength="39" /> <br />

</div>
<br /><br />

    <label class="" for="IATS_DPM_RelayURL">Relay URL</label>

</div>
<br /><br />

<input type="submit" value="Process"/>
</form>

SAMPLE HTML Payment Form – With Card Reader

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

    <title>DPM Test Merchant</title>
    <style type="text/css">

float: left;
width: 400px;

</style>
<script type="text/javascript">

    function usbReaderPreprocess() {
        // Get the USB card reader type.
        var usbDeviceType = document.getElementById('USB_Device_Type').value;

    </script>
</head>

var processedReaderInput = usbDeviceType + '|@|' + readerInput;
// Update the form with the processed reader input.

document.getElementById('IATS_DPM_AccountNumber').value = processedReaderInput;
// Parse the payer's name from the reader input.

var nameMatch = readerInput.match(/\^([a-z]+)\/([a-z]+)\^/gi);

if (nameMatch != null) {
    var nameString = nameMatch[0].replace(/\^/g, '');
    var nameParts = nameString.split('/');

    document.getElementById('IATS_DPM_FirstName').value = nameParts[1];

    document.getElementById('IATS_DPM_LastName').value = nameParts[0];
}

<div class="">
    <label class="" for="IATS_DPM_ProcessID">ProcessKey</label>
    <input name="IATS_DPM_ProcessID" class="" id="IATS_DPM_ProcessID"

<div class="">
    <label class="" for="USB_Device_Type">USB Device</label>
    <select id="USB_Device_Type">

        <option value="">None</option>
        <option value="00">IDTech SecureMag USB swiper</option>
        <option value="02">MagTek Dynamag USB swiper</option>

    </select>
</div>

<div><strong>Donors information</strong></div>
<div class="">

    <label class="" for="IATS_DPM_Title">Title</label>

    <input name="IATS_DPM_Title" class="" id="IATS_DPM_Title" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_FirstName">First Name</label>
    <input name="IATS_DPM_FirstName" class="" id="IATS_DPM_FirstName" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_LastName">Last Name</label>

    <input name="IATS_DPM_LastName" class="" id="IATS_DPM_LastName" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Address">Address</label>
    <input name="IATS_DPM_Address" class="" id="IATS_DPM_Address" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_City">City</label>

    <input name="IATS_DPM_City" class="" id="IATS_DPM_City" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Province">State/Province</label>
    <input name="IATS_DPM_Province" class="" id="IATS_DPM_Province" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Country">Country</label>

    <input name="IATS_DPM_Country" class="" id="IATS_DPM_Country" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_ZipCode">Zip Code</label>
    <input name="IATS_DPM_ZipCode" class="" id="IATS_DPM_ZipCode" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Phone">Phone</label>

    <input name="IATS_DPM_Phone" class="" id="IATS_DPM_Phone" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Phone">Fax</label>
    <input name="IATS_DPM_Fax" class="" id="IATS_DPM_Fax" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Email">Email</label>

    <input name="IATS_DPM_Email" class="" id="IATS_DPM_Email" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Comment">Comment</label>
    <input name="IATS_DPM_Comment" class="" id="IATS_DPM_Comment" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Item1">Item1</label>

    <input name="IATS_DPM_Item1" class="" id="IATS_DPM_Item1" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Item2">Item2</label>
    <input name="IATS_DPM_Item2" class="" id="IATS_DPM_Item2" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Item3">Item3</label>

    <input name="IATS_DPM_Item3" class="" id="IATS_DPM_Item3" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Item4">Item4</label>
    <input name="IATS_DPM_Item4" class="" id="IATS_DPM_Item4" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_Item5">Item5</label>

    <input name="IATS_DPM_Item5" class="" id="IATS_DPM_Item5" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_Item6">Item6</label>
    <input name="IATS_DPM_Item6" class="" id="IATS_DPM_Item6" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_ClientDefined_Name1">Client Defined Field 1</label>

    <input name="IATS_DPM_ClientDefined_Name1" class="" id="IATS_DPM_ClientDefined_Name1"
maxlength="150" />
</div>
<div class="">

    <label class="" for="IATS_DPM_ClientDefined_Name2">Client Defined Field 2</label>

    <input name="IATS_DPM_ClientDefined_Name2" class="" id="IATS_DPM_ClientDefined_Name2"
maxlength="150" />
</div>
<div class="">

    <label class="" for="IATS_DPM_ClientDefined_Name3">Client Defined Field 3</label>

    <input name="IATS_DPM_ClientDefined_Name3" class="" id="IATS_DPM_ClientDefined_Name3"
maxlength="150" />
</div>

<div><strong>Amount</strong></div>
<div class="">

    <label class="" for="IATS_DPM_Amount">Amount</label>

<div><strong>Payment</strong></div>
<div class="">

    <label class="" for="IATS_DPM_MOP">Method of Payment</label>

    <input name="IATS_DPM_MOP" class="" id="IATS_DPM_MOP" maxlength="39" />
</div>

<div class="">
    <label class="" for="IATS_DPM_AccountNumber">Account Number</label>
    <input name="IATS_DPM_AccountNumber" class="" id="IATS_DPM_AccountNumber" maxlength="600" />

</div>
<div class="">

    <label class="" for="IATS_DPM_ExpiryDate">Expiry (for credit card)</label>

<div class="">
    <label class="" for="IATS_DPM_CVV2">CVV2 (for credit card)</label>
    <input name="IATS_DPM_CVV2" class="" id="IATS_DPM_CVV2" maxlength="39" />

</div>
<div class="">

    <label class="" for="IATS_DPM_DebitAccountType">Debit Account Type (for ACH)</label>

    <input name="IATS_DPM_DebitAccountType" class="" id="IATS_DPM_DebitAccountType" maxlength="39" />
</div>

<div><strong>Process Option</strong></div>
<div class="">

    <label class="" for="IATS_DPM_ProcessOption">Process Option</label>

    <input name="IATS_DPM_ProcessOption" class="" id="IATS_DPM_ ProcessOption" maxlength="39" /> <br
/>

/>
    <label class="" for="IATS_DPM_ScheduleDate">ScheduleDate (If Schedule Type is Monthly)</label>
    <input name="IATS_DPM_ScheduleDate" class="" id="IATS_DPM_ScheduleDate" maxlength="39" /> <br />

<br /><br />
<div><strong>Relay Response</strong></div>
<div class="">

    <label class="" for="IATS_DPM_RelayURL">Relay URL</label>

</div>
<br /><br />

<input type="submit" value="Process"/>
</form>
</body>

EXAMPLE RESPONSES

Single Credit Card Transaction Response Example

Single ACH Transaction Response Example

Creating a Token for Credit Card Transaction Response

Creating a Token for ACH Transaction Response

APPENDIX A: TESTING iATS PAYMENTS SYSTEMS

The following information will allow you to test iATS Payments systems to ensure that you can use our services. Please note that this “TEST88” account is not a live merchant account and that authorization and rejection results are for display purposes only.

Please note that this test information is provided to many clients. Please do not modify or delete any pre-existing Aura Event’s or change the password of this code.

User ID = TEST88

Password = TEST88

URL:     NA = www.iatspayments.com

               UK = www.uk.iatspayments.com

To test the Authorization and Rejection responses related to a Charge, credit card number 4111111111111111 can be used.

To test the Authorization responses related to both Charges and Refunds, credit card number 4222222222222220 can be used.

The amounts and corresponding responses detailed below have been created for to test multiple situations:

Please note there is a transaction limit of $2000.00 (£2000.00) per charge. Amounts above will be rejected.

If using our Direct Post Method, the TEST88 Process Key credentials are:

PAAB24B9961FAC07FAA561180F6CB69A7B (North America) PA0940D765F2BD67BD97B82EFAA4D72BE9 (UK/International)

iATS Payments Contact Information

North America: www.iatspayments.com

UK/International: www.uk.iatspayments.com

Customer Care:

Email: iatscs@iatspayments.com
Phone: North America: 1-888-955-5455 | UK/Europe: 0808-234-0466

Hours: 7:30am – 5:00pm Pacific Standard Time, Monday to Friday

Sales and Marketing:

Email: iats@iatspayments.com
Phone: North America: 1-866-300-4287 | UK/Europe: 0808-234-0466

Hours: 7:00am – 4:30pm Pacific Standard Time, Monday to Friday

Partner Support:

Email: PartnerSupport@iatspayments.com
Hours: 7:00am – 4:30pm Pacific Standard Time, Monday to Friday

Direct Post Options

iATS offers two options for the Direct Post Method:

Option 1
This uses a JavaScript Relay URL redirect that allows the developer more control over the redirect page as well as the message that displays to the donor as a result of the transaction response (example rejection codes). All transaction detail is posted back to the relay page which can be used to capture into the developers’ database.

Option 2
This does not utilize JavaScript but a Direct Redirect. This option only allows the programmer to redirect to two static pages – a successful transaction page or a failed transaction page. As no relay page is utilized, the details of the transaction will be sent to a postback URL. Please refer to separate document for this option.

Introduction

This user guide describes the web development required to process transactions via iATS Payments using the Direct Post Method.

Direct Post is a fully PCI compliant service as the sensitive credit card data never flows through your servers or website. Your website does not have to handle any credit card data, and all transaction information is submitted directly to iATS via Secure Sockets Layer (SSL) while keeping iATS invisible to the donor. Your site can still collect all pertinent donor data and has been built to allow you to utilize your own unique website look and feel as well as response pages.

The Direct Post Method can be combined with other iATS Web Services such as CustomerLink (to manage recurring schedules), ProcessLink (to process transactions with a Token or do refunds using a Transaction ID), and ReportLink (pulling transaction reports from iATS’ servers). These are explained further in our Web Service Guides and are available upon request.

For managing recurring transactions, you have the option of managing them or having iATS manage them for you:

1. If iATS manages the recurring schedule:
   1. You use DPM to set up the individual Tokens (Customer Codes) and provide all payment and recurring details (amount, start/end date etc.), with the recurring tag set to true.
2. If you manage the recurring schedule:
   1. 1. You use DPM to set up the individual Tokens (Customer Codes) and only provide the payment details, with the recurring tag set to false;
      2. Then, on the schedule date you send a batch file containing the Tokens (Customer Codes) and amount of charge using our ProcessLink Web Service.
      3. Any future updates (switch it OFF, delete, etc.) to the Tokens can be done via our CustomerLink Web Service.

Please note that iATS operates two server systems, one based in North America (NA) and one in the United Kingdom (UK). Clients in the United States and Canada will use the NA servers, while all other clients use our UK servers. The explanation of the specific services that follows will provide the links to each server address as available.

Notes on International processing:

1. The same interface can be used for International processing on our UK servers however it should be noted that single ACH/EFT (Direct Debit) transactions are not allowed in the UK. Only recurring Direct Debit transactions can be initiated.
2. The recurring date format is different for UK. Please use the format DD/MM/YYYY where applicable.

1. Merchant must have received the client’s valid iATS Process Key associated with their Client Code which is has been enabled to process credit card and/or ACH transactions. Instructions on how the client creates the Process Key are included below.

2. Merchant needs to create the HTML payment form on their own web server. The form must have the required payment fields following the iATS specifications in this document. The standard API consists of required and optional fields that can be submitted to iATS for real time credit card transaction processing. See the ‘Submitting Transaction’ section for more details

3. Merchant needs to build relay pages to be able to handle the https post transaction result from the iATS payment gateway. 
4. Merchant needs to build a transaction response page to be displayed to the end user for the various responses: Success, Failed, Token and Token with success or failed transaction.

Transaction Post URL

The Direct Post transaction should POST to the following URLs:

North America

https://www.iatspayments.com/netgate/IATSDPMProcess.aspx

UK/International

https://www.uk.iatspayments.com/netgate/IATSDPMProcess.aspx

HTML Form Post Syntax

Transaction data will be submitted to iATS by means of HTML form POST. The host needs to have the HTML form collect the  transaction data from the end user and the form should be in the following syntax:

North America

       <input type="submit" value="Submit Transaction"/>
</form>

UK/International

<form action="https://www.uk.iatspayments.com/netgate/IATSDPMProcess.aspx" method="POST"
name="IATS_DPM_Form">

   <input type="submit" value="Submit Transaction"/>
</form>

The following sections describe the required and optional form fields that can be submitted to iATS payment gateway by using Direct Post.

Authentication Information (Process Key)

The transaction authentication used by the Direct Post is the Process Key. The Process Key is encrypted and secure. Each merchant can generate a unique process key after receiving a valid iATS Client Code.

To create a Process Key:

Notes on Process Key:

• If the Create button is clicked again at some point in the future, a new Process Key will be generated, invalidating the old one. If this occurs, the new Key will need to be added to the code to replace the old one.
• Changes to the Client Code password at a future time will not affect the existing process key or make it invalid.