Go to https://e-payment.postfinance.ch/ncol/prod/backoffice (production) or https://e-payment.postfinance.ch/ncol/test/backoffice (test account) and log into your PostFinance back office using your PSPID and password.
Go to “Configuration -> Technical information” to make the following settings.
1.1 Global security parameters
1.1.1 Hashing method
Choose the option “Each parameter followed by the passphrase”. The hash algorithm has to be the same you set in the settings in WordPress (WooCommerce -> Settings -> PostFinance).
These settings only apply if you chose the mode “direct implementation (dynamic template)” in the settings of the payment method in WooCommerce. For the use of dynamic templates a valid SSL certificate is required. In the field “Trusted dynamic template” fill in the URI of the page where you entered the shortcode [pf-payment] (see the tutorial for the payment gateway settings). In the field “Trusted website hostname hosting the dynamic template” enter the URL of your website.
1.2. Data and origin verification
1.2.1 Checks for e-Commerce & Alias Gateway
You can optionally enter the URI of your checkout page (the page where the customer chooses the payment method) into the field “URL of the merchant page containing the payment form that will call the page” to improve security. Normally the URL of your website also works.
Choose a pass phrase to enter in the field “SHA-IN pass phrase”, which you will later need for the configuration of the payment method in the WordPress back end. The SHA-IN has to consist of at least 16 characters and contain lowercase characters (a-z) and at least one digit (0-9) or a symbol (&,@, #, !).
1.2.2 Checks for PostFinance DirectLink
These settings are required if you use DirectLink functions like the direct checkout for credit cards. You need a valid SSL certificate to use these functions. In the field “IP address” fill in the IP address of the server where your website is hosted.
In the field SHA-IN fill in another pass phrase consisting of at least 16 characters and containing lowercase characters (a-z) and at least one digit (0-9) or a symbol (&,@, #, !).
1.3 Transaction feedback
You can leave all the fields Accepturl, DeclineURL, Exceptionurl, Cancelurl empty. These values will be set in the WooCommerce settings.
Choose the option “I would like to receive transaction feedback parameters on the redirection URLs”.
Direct HTTP server-to-server request
Choose the option “Online but switch to a deferred request when the online requests fail”.
Enter the following URL into the fields:
Replace [mywebsite] with the URL of your website. If you use the same PostFinance e-Payment account for multiple shops enter the URL of the master shop instead. Click HERE for more information about the multishop feature.
The request method is GET.
Choose the following dynamic e-commerce parameters:
Activate the checkbox “I would like PostFinance to re-launch the “end of transaction” (post-payment request/redirection) process if required”.
1.3.2 All transaction submission modes
Security for request parameters
Enter a SHA-OUT signature consisting of at least 16 characters and containing lowercase characters (a-z) and at least one digit (0-9) or a symbol (&,@, #, !).
HTTP request for status changes
Check the option “For each offline status change“.
Enter the following URL into the field:
The dynamic e-Commerce parameters for DirectLink are required if you use DirectLink functions. Choose the following parameters:
If you are using the multilanguage plugin Polylang and the option “Hide URL language information for default language” is deactivated on the page “Settings > URL modifications”, you will have to append the language parameter of the main language to the URLs.
E.g. https://mywebsite.ch/en/mame-api/<PARAMVAR> instead of https://mywebsite.ch/mame-api/<PARAMVAR>