Request Parameters

Request Parameters

Always use the same upper and lower case writing of the parameter names and values as described.

QENTA Checkout Server has restrictions regarding the parameter names and values:

GET parameters

  • Max. number of parameters that can be used is 1024.

  • Max. length of a parameter name must not exceed 64 characters.

  • Max. length of the value of a parameter must not exceed 2048 characters.

POST parameters

  • Max. number of parameters that can be used is 12000.

  • Max. length of a parameter name must not exceed 64 characters.

  • Max. length of the value of a parameter must not exceed 65000 characters.

Custom Parameters

Custom parameters can be added when starting the payment process. Any names can be used for custom parameters except for those that already exist as our request parameters.

To prevent naming conflicts with possible future extensions of QENTA solutions use a prefix for custom parameter names e.g. yourWebshopName_customValueXYZ.

For QPAY Checkout Page all of the custom parameters are returned without any modification to the online shop via successUrl,cancelUrl, pendingUrl, failureUrl or confirmUrl.

For QMORE Checkout Seamless all of the custom parameters are returned without modifications to the online shop via the confirmUrl.

No parameters are returned to the successUrl when using QMORE Checkout Seamless.

Computing the Fingerprint

The fingerprint is computed by concatenating all request parameter values plus the secret in the order defined in the parameter requestFingerprintOrder without any dividers in between and using the secret as a cryptographic key for the hashing function.

Be aware that the concatenation of the request parameters and the secret has to be done in the order as defined within the detailed description of each backend operation.

After concatenating all values to a single string create an HMAC-SHA-512 hash with a secret as a cryptographic key. The result is the fingerprint that must be added as a request parameter to the server-to-server call.

The QENTA Checkout Server is thus able to check whether the received parameters are manipulated by a 3rd party.