I'm integrating Sage Pay Direct into a website. Currently I'm running everything in test mode, and everything works fine unless I test a payment using 3D Secure.
I am using the first card details from the Sage Pay test cards here:
http://www.sagepay.co.uk/support/12/36/test-card-details-for-your-test-transactions
This causes my site to go to its 3D Secure page containing an iframe which loads Sage Pay's own 3D Secure page from their test server. However, it's just completely empty. It's a blank white page with no source code at all.
Here is my iframe which self-submits automatically to load the Sage Pay 3D Secure page:
<html>
<head>
<title>3D-Secure Authentication</title>
</head>
<body>
<form action="https://test.sagepay.com/mpitools/accesscontroler?action=pareq" method="post">
<input type="hidden" name="MD" value="2015466070671410" />
<input type="hidden" name="PaReq" value="eJxVkttygjAQhu/7FAwPQAhyEGeNY u0paMto06ntynsCFM5BVB8 yYIteZq/83my 6fwKLLjtoJRZ0W Vynhqkv2APCmSwwbrmB9TSeK5bJr39ie/4nmt6putRm5o6g3C5xYrBAGKSY1Ago5QEESU8bxjwqHoM3pntU9fzgAwSMhTBijlT35LUsdf4iXldQK5pyHmGbJ/gR/ct0viAW6yRS KLKNoSSL8NUdHmjbiwqeUGQW04siSpwerwerilnhJzPZ6MYCBinTZofjKjICBBVBOTWZNiqqJbQLo1ZEofPXvfmJCe ro5JWp2yjfj5Wn2uolQExb5BJa1zTp45GpzPqzlT/fR54prphlt3PNCgo1SXLu63/KZDeC8yjcaBRAXZlkaM6BOQvhhjriO3UK4X8om3CQF6uUkBuwzy9Kv jRlpKlfV9pHipdIq61OyBSgBRtWR4VTJ8ABndfYxf1D28kg==" />
<input type="hidden" name="TermUrl" value="https://www.example.com/payment/auth-return" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
The data for the fields comes from the request made previously, returned by Sage Pay. As you can see, I am sending the following fields:
- MD
- PaReq
- TermUrl
I have read the Sage Pay Direct Integration Guide documentation 100 times and this seems to be correct, and the field names are correct with correct case-sensitive names.
- This is using Sage Pay protocol v3.00
- I have successfully implemented this before in v2.2.3 some years ago
- I have compared the two websites (old and new) and they look the same
- Payments not using 3D Secure work 100% so the general integration is correct
