Create a payment form

The first step for adding payments capabilities to your website is to implement a HTML form that you can use to accept a payment.

This type of integration manages the customer checkout process and supports many payment methods or authentication mechanisms.

This gives you the option to use our secure hosted pages or an embeddable form which can reduce the burden of compliance with the Data Security Standard of the Payment Card Industry (PCI DSS).

With the transaction type Pre-Authorization (preauth) you can reserve funds on a customer's card account. This transaction does not charge the card until you perform a completion (postauth) transaction.

Note on Pre-authorizations

Pre-authorizations reserve funds for varying periods, depending on the issuing card company's policy. We strongly suggest that you confirm shipment as soon as possible after authorization.

Alternatively you can use the transaction type sale which immediately charges a customer’s card or bank account over night with no further action required from you.

Getting started

When using the embedded form or hosted payment page, you'll need the following:

Field Name


Sandbox Value


This is the ID of the store that was given to you by your support team. For example: 10123456789



This is the shared secret provided to you by your support team. This is used when constructing the hash value.


URL for Test Transactions

Sandbox URL

You will get the production URL with your production account credentials from your integration team.

Building the Request

Independently of the payment method, there are some mandatory fields that need to be included in your transaction request:

txntypeThe type of the transaction: preauth, sale or payer_auth
timezoneThe timezone of the transaction in Area/Location format, e.g. America/New_York or Europe/Berlin
txndatetimeThe exact time of the transaction in format YYYY:MM:DD-hh:mm:ss
hash_algorithmThis is to indicate the algorithm that you use for hash calculation. Accepted values are: HMACSHA256, HMACSHA384 , HMACSHA512
hashExtendedThe extended hash needs to be calculated using all request parameters in ascending order of the parameter names. When you are using Direct Post, there is also an option where you do not need to know the card details (PAN, CVV and Expiry Date) for the hash calculation. This will be managed with a specific setting performed on your store. Please contact your local support team if you want to enable this feature.
storenameThe ID of the store provided to you by First Data, e.g. 541234567
chargetotalThe total amount of the transaction using a dot or comma as decimal separator, e.g. 12.34 for an amount of 12 Dollar and 34 Cents. Group separators like 1,000.01 / 1.000,01 are not allowed.
currencyThe numeric ISO code of the transaction currency, e.g. 840 for US Dollar or 978 for Euro

Sample Code

Example of a form with the minimum set of fields:

<form method="post" action="">
  <input type="hidden" name="txntype" value="preauth">
  <input type="hidden" name="timezone" value="Europe/Berlin">
  <input type="hidden" name="txndatetime" value="<% getDateTime() %>"/>
  <input type="hidden" name="hash_algorithm" value="HMACSHA256"/>
  <input type="hidden" name="hashExtended" value="<% call createExtendedHash( "13.00","978" ) %>"/>
  <input type="hidden" name="storename" value="10123456789">
  <input type="text" name="chargetotal" value="13.00">
  <input type="hidden" name="currency" value="978">
  <input type="submit" value="Submit">

What’s Next
Did this page help you?