[bop-devel] Proposed - Barclaycard EPDQextra Plus API Direct Link Integration

Tue Jan 22 08:26:14 PST 2013

Okay, I am in similar situation to Ted Byers.

In that I have a working prototype for submitting a hash, and get a 
status code and error messages back (if appropriate).

I've emailed Ted directly to check it isn't the same processor.

At this point my employers only need to implement the purchase operation 
(SAL), but we will need additional features shortly (notably 3DSecure).

In prototype I've used:

use URI::Escape qw/uri_escape/;
use Digest::SHA qw/sha1_base64/;
use LWP::UserAgent;
use XML::Simple;

I now need to remap a whole load of names from existing hash sent to 
Business::OnlinePayments to whatever module I write, so it seems to me I 
may as well write it as a BOP module since you guys have some bits to 
make that easier.

The system POSTs URLs with parameters to SSL protected locations, 
retrieves a short XML response, which includes status code and error 
messages and some other bits.

Seems straightforward.

I could do with some pointers (mentor?).

Do any of the existing modules do anything along these lines already?

I see TCLink shows me remapping fields nicely.

All the modules seem to split protocol, server, path for the connection. 
Is that an SSLeay thing, as the LWP::UserAgent approach can be just 
strings. Do BOP authors care? I know LWP::UserAgent didn't verify 
certificates correctly previously, I believe this is fixed now (on the 
upside Barclay card offer a message hash so intercepted messages can't 
be modified without the hash key as well as the contents of the message).

Should I be using Business::OnlinePayments::HTTPS

I'm not 100% clear only having used AuthorizeNet and WorldPay modules 
precisely what the "standard" HASH input we should be aiming at is for BOP.

I appreciate we can't guarantee to preserve every details since 
different processors require different information, but those two 
modules has some minor differences which seemed unnecessary to me. For 
example "expiry date" should it be "YYMM" or doesn't it matter as long 
as I give good error messages? I presume the goal is to make it an 
interchangeable as possible or what's the point...

If I produce something that is useful to other folks can I get it 
uploaded by someone, or do I go down becoming a CPAN author (I know 
Barbie - so I'm sure he'll provide even more frank advice than usual if 
I go that route...).

Anyone prepared to critique my Perl? It might need quite a lot of 
critiquing, but at least I know that so the ego is mostly dead.

Testing: Barclays provide separate URLs, and separate account, but it is 
all tied to our company, so I can't provide any public test credentials 
for the system.