1. Settings in PostFinance back office


Go to https://e-payment.postfinance.ch/ncol/prod/backoffice (production) or https://e-payment.postfinance.ch/ncol/test/backoffice (test account) and log into your PostFinance back office using your PSPID and password.

postfinance login screen

Go to “Configuration -> Technical information” to make the following settings.

1.1 Global security parameters

1.1.1 Hashing method

Choose the option “Each parameter followed by the passphrase”. The hash algorithm has to be the same you set in the settings in WordPress (WooCommerce -> Settings -> PostFinance).

postfinance security params 1

1.1.2 Template

These settings only apply if you chose the mode “direct implementation (dynamic template)” in the settings of the payment method in WooCommerce. For the use of dynamic templates a valid SSL certificate is required. In the field “Trusted dynamic template” fill in the URI of the page where you entered the shortcode [pf-payment] (see the tutorial for the payment gateway settings). In the field “Trusted website hostname hosting the dynamic template” enter the URL of your website.

postfinance sec params template

1.2. Data and origin verification

1.2.1 Checks for e-Commerce & Alias Gateway

You can optionally enter the URI of your checkout page (the page where the customer chooses the payment method) into the field “URL of the merchant page containing the payment form that will call the page” to improve security. Normally the URL of your website also works.

Choose a pass phrase to enter in the field “SHA-IN pass phrase”, which you will later need for the configuration of the payment method in the WordPress back end. The SHA-IN has to consist of at least 16 characters and contain lowercase characters (a-z) and at least one digit (0-9) or a symbol (&,@, #, !).

postfinance data origin ver

1.2.2 Checks for PostFinance DirectLink

These settings are required if you use DirectLink functions like the direct checkout for credit cards. You need a valid SSL certificate to use these functions. In the field “IP address” fill in the IP address of the server where your website is hosted.

In the field SHA-IN fill in another pass phrase consisting of at least 16 characters and containing lowercase characters (a-z) and at least one digit (0-9) or a symbol (&,@, #, !).

1.3 Transaction feedback

1.3.1 e-Commerce

You can leave all the fields Accepturl, DeclineURL, Exceptionurl, Cancelurl empty. These values will be set in the WooCommerce settings.

Choose the option “I would like to receive transaction feedback parameters on the redirection URLs”.

postfinance transaction feedback urls

Direct HTTP server-to-server request

Choose the option “Online but switch to a deferred request when the online requests fail”.

Enter the following URL into the fields:

[mywebsite]/mame-api/<PARAMVAR>/

Replace [mywebsite] with the URL of your website. If you use the same PostFinance e-Payment account for multiple shops enter the URL of the master shop instead. Click HERE for more information about the multishop feature.

The request method is GET.

Choose the following dynamic e-commerce parameters:

  • ACCEPTANCE
  • AMOUNT
  • BRAND
  • COMPLUS
  • CURRENCY
  • NCERROR
  • ORDERID
  • PAYID
  • PM
  • STATUS

postfinance-dynamic-e-commerce-params-en

 

General

Activate the checkbox “I would like PostFinance to re-launch the “end of transaction” (post-payment request/redirection) process if required”.

postfinance-repeat-http-de

1.3.2 All transaction submission modes

Security for request parameters

Enter a SHA-OUT signature consisting of at least 16 characters and containing lowercase characters (a-z) and at least one digit (0-9) or a symbol (&,@, #, !).

 

HTTP request for status changes

Check the option “For each offline status change“.

Enter the following URL into the field:

[mywebsite]/mame-api/<PARAMVAR>/

Replace [mywebsite] with the URL of your website. If you use the same PostFinance e-Payment account for multiple shops enter the URL of the master shop instead. Click HERE for more information about the multishop feature.

 

postfinance-shaout-dynamic-params-en

1.3.3 DirectLink

The dynamic e-Commerce parameters for DirectLink are required if you use DirectLink functions. Choose the following parameters:

  • BRAND
  • CURRENCY
  • NCERROR
  • ORDERID
  • PAYID
  • STATUS

postfinance transaction feedback directlink

 

 

1.4 Polylang

If you are using the multilanguage plugin Polylang and the option “Hide URL language information for default language” is deactivated on the page “Settings > URL modifications”, you will have to append the language parameter of the main language to the URLs.

E.g. https://mywebsite.ch/en/mame-api/<PARAMVAR> instead of https://mywebsite.ch/mame-api/<PARAMVAR>