- Endpoints
- Introduction
- Custom iFrames
-
getAccessToken
The getAccessToken method generates a one time access token to be used with transactions
-
processCard
The processCard method is the method used to perform a purchase request
-
processAuth
The processAuth method is used to perform a pre-authorization request
-
addCard
The addCard method is used to add a new card to the MW Vault
Sandbox
POST
https://base.merchantwarrior.com/iframe/
Copy
Production
POST
https://api.merchantwarrior.com/iframe/
Copy
The MW Transparent iFrame service allows merchants to embed an MW iFrame in their website and/or application. The MW iFrame can process transactions and/or store credit card information in the MW Vault.
Merchants who do not wish to store, process or transmit credit card (PAN) in order to reduce their PCI DSS scope will be able to achieve this with this service.
In order for an iFrame to be generated successfully, a request must be sent from a website or application that has its form target set as the target of the iFrame.
A simple implementation of the Transparent iFrame is made possible by creating a standard HTML form and submitting the form via javascript, AJAX or any other technology in use by the website and/or application(s).
The Transparent iFrame can be fully customized to maintain the look and feel of the website and/or application(s) that it is embedded in. In order to do this the relevant (addCard, processCard or processAuth) HTML skeleton form will need to be downloaded (from here) and themed accordingly.
The HTML skeleton form can be customized to handle frontend validation and styling. After the HTML skeleton form has been customized appropriately, all assets (css, images and javascript) should be compressed and emailed to our technical team infoservices@merchantwarrior.com) for review.
If the customized Transparent iFrame is approved by our technical team it will be made accessible on the Merchant Warrior platform and will be available by submitting the ‘style’ and ‘custom’ parameters in the appropriate transaction request (addCard, processCard or processAuth).
The getAccessToken method generates a one time access token to be used with transactions
Required Parameters
| Parameter | Description |
|---|---|
| method | This field is case sensitive. |
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | The value of this parameter is provided to you by Merchant Warrior. |
| hash | The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. This parameter is not required if you are generating an Access Token for use with the Transparent Redirect addCard method. |
| urlHash | The urlHash field is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
curl -X POST \
-d method="getAccessToken" \
-d merchantUUID="5265f8eed6a19" \
-d apiKey="ksmnwxab" \
-d hash="f518187f47bc52fe5a76a18593df72c9" \
-d urlHash="49713da3df889c861c5643107af9dcde" https://api.merchantwarrior.com/iframe/
require 'net/http'
require 'uri'
uri = URI.parse("https://api.merchantwarrior.com/iframe/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
'method' => 'getAccessToken',
'merchantUUID' => '5265f8eed6a19',
'apiKey' => 'ksmnwxab',
'hash' => 'f518187f47bc52fe5a76a18593df72c9',
'urlHash' => '49713da3df889c861c5643107af9dcde'
)
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
http.request(request)
end
puts response.bodyimport requests
data = {
'method': 'getAccessToken',
'merchantUUID': '5265f8eed6a19',
'apiKey': 'ksmnwxab',
'hash': 'f518187f47bc52fe5a76a18593df72c9',
'urlHash': '49713da3df889c861c5643107af9dcde'
}
r = requests.post('https://api.merchantwarrior.com/iframe/', data = data)
print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/iframe/');
// Setup POST data
$postData = array (
'method' => 'getAccessToken',
'merchantUUID' => '5265f8eed6a19',
'apiKey' => 'ksmnwxab',
'hash' => 'f518187f47bc52fe5a76a18593df72c9',
'urlHash' => '49713da3df889c861c5643107af9dcde'
);
// Setup CURL defaults
$curl = curl_init();
// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));
// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);
// Check for CURL errors
if (isset($error) && strlen($error)) {
throw new Exception("CURL Error: {$error}");
}
// Parse the XML
$xml = simplexml_load_string($response);
// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;
// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;
// Make the response a little more useable
$result = array (
'status' => $status,
'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
'responseData' => $xml
);
exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;
public class Program {
public static void Main(string[] args) {
using(var client = new System.Net.WebClient()) {
byte[] response = client.UploadValues("https://api.merchantwarrior.com/iframe/",
new System.Collections.Specialized.NameValueCollection() {
{ "method", "getAccessToken" },
{ "merchantUUID", "578dd399d2373" },
{ "apiKey", "dyqxkzse" },
{ "hash", "f518187f47bc52fe5a76a18593df72c9" },
{ "urlHash", "49713da3df889c861c5643107af9dcde" },
});
String result = System.Text.Encoding.Default.GetString(response);
Console.WriteLine(result);
}
}
}
Imports System
Imports System.Collections.Generic
Imports System.Linq
Public Module Program
Public Sub Main(args As String())
Using client = New System.Net.WebClient()
Dim response As Byte() = client.UploadValues(
"https://api.merchantwarrior.com/iframe/",
New System.Collections.Specialized.NameValueCollection() From { _
{"method", "getAccessToken"}, _
{"merchantUUID", "578dd399d2373"}, _
{"apiKey", "dyqxkzse"}, _
{"hash", "f518187f47bc52fe5a76a18593df72c9"}, _
{"urlHash", "49713da3df889c861c5643107af9dcde"} _
})
Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
Console.WriteLine(result)
End Using
End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;
public class Program{
public static void main(String[] args) {
try{
URL url = new URL("https://api.merchantwarrior.com/iframe/");
Map<String, String> params = new LinkedHashMap<>();
params.put("method", "getAccessToken");
params.put("merchantUUID", "5265f8eed6a19");
params.put("apiKey", "ksmnwxab");
params.put("hash", "b55552ff426d7e3d4885465d27ea0062");
params.put("urlHash", "49713da3df889c861c5643107af9dcde");
StringBuilder postData = new StringBuilder();
for (Map.Entry<String, String> param : params.entrySet()) {
if (postData.length() != 0)
postData.append('&');
postData.append(param.getKey());
postData.append('=');
postData.append(param.getValue());
}
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setDoOutput(true);
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
writer.write(postData.toString());
writer.flush();
BufferedReader reader = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
String line;
StringBuilder sb = new StringBuilder();
while((line = reader.readLine()) != null){
sb.append(line);
}
System.out.println(sb.toString());
writer.close();
reader.close();
}
catch(Exception ex){
ex.printStackTrace();
}
}
}
<?xml version="1.0"?>
<mwResponse>
<responseCode>0</responseCode>
<responseMessage>Operation successful</responseMessage>
<token>907de50c2a</token>
</mwResponse>
{
"responseCode": "0",
"responseMessage": "Operation successful",
"token": "907de50c2a"
}
The processCard method is the method used to perform a purchase request
Required Parameters
| Parameter | Description |
|---|---|
| method | This field is case sensitive. |
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | The value of this parameter is provided to you by Merchant Warrior. |
| accessToken | The value returned by the getAccessToken method. |
| transactionAmount | The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected. |
| transactionCurrency | One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive. |
| transactionProduct | A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes. |
| returnURL | The customer will be redirected to this URL upon completion of the transaction. |
| notifyURL | The asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters. |
| urlHash | The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
| hashSalt | Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction. |
| customerName | This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters. |
| customerCountry | Two letter ISO 3166-1 alpha-2 country code. |
| customerState | Freeform field, keep consistent for your records and reporting. |
| customerCity | Freeform field, keep consistent for your records and reporting. |
| customerAddress | Freeform field. |
| customerPostCode | This can also accomodate ZIP/Post codes for international transactions. |
| hash | The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. |
Optional Parameters
| Parameter | Description |
|---|---|
| transactionReferenceID | This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received. |
| returnTarget | One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this is not advised) |
| postmessageURL | The domain of the parent for the purpose of sending a postMessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent. |
| customerPhone | Anything other than +,-, space and 0-9 will be stripped. |
| customerEmail | Sending this optional parameter is highly recommended. |
| customerIP | Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended. |
| addCard | This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction. |
| cardTypes | This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb). |
| custom1 | Freeform field. Returned as |
| custom2 | Freeform field. Returned as |
| custom3 | Freeform field. Returned as |
| style | Possible values are default or custom. If not set the default styling is used. |
| iframeID | This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom. |
The processAuth method is used to perform a pre-authorization request
Required Parameters
| Parameter | Description |
|---|---|
| method | This field is case sensitive. |
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | The value of this parameter is provided to you by Merchant Warrior. |
| accessToken | The value returned by the getAccessToken method. |
| transactionAmount | The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected. |
| transactionCurrency | One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive. |
| transactionProduct | A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes. |
| returnURL | The customer will be redirected to this URL upon completion of the transaction. |
| notifyURL | The asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters. |
| urlHash | The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
| hashSalt | Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction. |
| customerName | This field can only contain alphanumeric characters, as well as the full stop, comma, apostrophe, ampersand, space and hyphen characters. |
| customerCountry | Two letter ISO 3166-1 alpha-2 country code. |
| customerState | Freeform field, keep consistent for your records and reporting. |
| customerCity | Freeform field, keep consistent for your records and reporting. |
| customerAddress | Freeform field. |
| customerPostCode | This can also accomodate ZIP/Post codes for international transactions. |
| hash | The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. |
Optional Parameters
| Parameter | Description |
|---|---|
| transactionReferenceID | This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received. |
| returnTarget | One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this is not advised) |
| postmessageURL | The domain of the parent for the purpose of sending a postMessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent. |
| customerPhone | Anything other than +,-, space and 0-9 will be stripped. |
| customerEmail | Sending this optional parameter is highly recommended. |
| customerIP | Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended. |
| addCard | This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction. |
| cardTypes | This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb). |
| custom1 | Freeform field. Returned as |
| custom2 | Freeform field. Returned as |
| custom3 | Freeform field. Returned as |
| style | Possible values are default or custom. If not set the default styling is used. |
| iframeID | This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom. |
The addCard method is used to add a new card to the MW Vault.
Required Parameters
| Parameter | Description |
|---|---|
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | |
| accessToken | The value returned by the getAccessToken method. |
| cardTypes | This field is a comma delimited list of card types that will be accepted. If not set all card types will be accepted (visa,mastercard,amex,diners,discover,jcb). |
| returnURL | The customer will be redirected to this URL upon completion of the transaction. |
| notifyURL | Asynchronous POST notifications will be sent to this URL. |
| urlHash | The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
| hashSalt | Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction. |
Optional Parameters
| Parameter | Description |
|---|---|
| returnTarget | One of the following: _self, _top, _parent. This defines the target of the returnURL. Defaults to _top if not set. If it is set to _none, no redirect will occur (although this isn’t advised) |
| postmessageURL | The domain of the parent for the purpose of sending a postMessage from the iFrame to the parent after completing the transaction. To respond or interpret this message you will need to add a listener to the parent. |
| custom1 | Freeform field. Returned as |
| custom2 | Freeform field. Returned as |
| custom3 | Freeform field. Returned as |
| style | Possible values are default or custom. If not set the default styling is used. |
| iframeID | This field is only applicable for customers with multiple custom iFrames. This field will not function correctly without the style parameter being set to custom. |