Nearly all payment gateways can be setup to collect credit card data by posting to them a form created of hidden fields. In this case the secure pages are hosted on their server and they simply require details about the order. The payment gateway may or may not return information to the cart as to whether the the customer's card was accepted.

If you want to try to setup a gateway using this option then you MUST read the gateway's documentation very carefully and make sure you understand it! Furthermore, we make no guarantee that it will work with all gateways. In other words it must be compatible with the principles used here.

Posting to the gateway

Enter the link URL for the gateway (with https:// or http:// at the font):

Should the action be a POST or a GET request:

We've never seen a payment gateway that didn't accept a POST so if in doubt set it to that. If the gateway doesn't perform a reliable link back to the cart (see below for setup) it may be better to set this to GET if you are allowed to.



Now we need to start entering the hidden form fields. First off we need to create a few fields which are always the same whatever the link. These will always include a field with your Merchant ID at the gateway but might also include information about the method you are using.

Field Name Value


Sometimes you might need to include data from the cart within a field value. To do this use the syntax #field_name# where field_name is taken from the list of available values below. For example, the value might be:


However if the field translates directly to one used by the gateway then set it up below.



Next we include the data from the cart. Every payment gateway makes up it's own field names, there is no standardization in the industry, so enter their appropriate field name for each piece of data. You may not be able to submit all the information in which case leave that item blank. You will always need to submit the amount; how much to charge the customer's card.

Field Name Value Field name
Total value of the order total
Customer's Unique ID (Shopper ID)   id
Subtotal subtotal
Shipping ship
Discount discount
Tax tax
Invoice to name inv_name
Invoice to company inv_company
Invoice to address inv_addr1
Invoice to city inv_addr2
Invoice to state inv_state
Invoice to ZIP/Postal code inv_zip
Invoice to country inv_country
Telephone number tel
Fax number fax
Email address email
Ship to name del_name
Ship to address del_addr1
Ship to city del_addr2
Ship to state del_state
Ship to ZIP/Postal code del_zip
Ship to country del_country


If you don't or can't post the the Customer's Unique ID then there will be no way to "pickup" the transaction on a link back to the cart.



The submit button may need a name and it will always need a value, for example, "CONTINUE".

Submit Name Value



To see the HTML code generated click on the button below. It is populated by sample data and will pop-up in a new window so your settings won't be lost.


Return link to the cart

There are two types of link back a gateway might make:

  • The gateway makes a silent HTTP POST or GET to the cart and this happens in the background. Alternatively the gateway redirects to a Thank you page hosted here. Either way the customer has no control over it.
  • The gateway presents a simple hyperlink or form button on its own "Thank You" page. This may or may not include fields with data about the transaction. However since we cannot guarantee that the customer will click on it, for all intents and purposes, it is completely useless. In this case point the return link to your own website and select that the gateway does NOT return back to the cart.

If we don't know that the customer has paid because the gateway doesn't return a success or failure message that has important implications for the way the cart works:

  • All transactions are saved to the database on the payment options page. Remember some may never be completed, others may become "other" payment methods if the transaction is live at the time.
  • You can't use any of the Affiliate programs and you can't use the real-time system.