Request Parameters

Request Parameters

Always use the same upper and lower case writing of the parameter names and values as described.

QENTA Checkout Server has restrictions regarding the parameter names and values:

GET parameters

  • Max. numbers of parameters you can use are 1024.

  • Max. length of a parameter name must not exceed 64 characters.

  • Max. length of the value of a parameter must not exceed 2048 characters.

POST parameters

  • Max. numbers of parameters you can use are 12000.

  • Max. length of a parameter name must not exceed 64 characters.

  • Max. length of the value of a parameter must not exceed 65000 characters.

Custom Parameters

You can add your custom parameters when starting the payment process. These custom parameters may have any parameter names you want except those parameter names which are reserved for request parameters.

To prevent naming conflicts with possible future extensions of our QENTA solutions use a prefix for your custom parameter names e.g. yourWebshopName_customValueXYZ.

For QPAY Checkout Page all of your custom parameters are returned without any modification to your online shop when the URLs as defined in the parameters successUrl,cancelUrl, pendingUrl, failureUrl or confirmUrl are called when returning from the payment process to your online shop.

For QMORE Checkout Seamless all of your custom parameters are returned without modifications to your online shop via the confirmUrl.

No parameters are returned to the successUrl when using QMORE Checkout Seamless.

Computing the Fingerprint

The fingerprint is computed by concatenating all response parameter values plus your secret in the order defined in the parameter requestFingerprintOrder without any dividers in between and using the secret as a cryptographic key for the hashing function.

Be aware that the concatenation of the request parameters and the secret has to be done in the order as defined within the detailed description of each backend operation.

After concatenating all values to a single string create an HMAC-SHA-512 hash with your secret as a cryptographic key. The result is the fingerprint which you add as a request parameter to the server-to-server call.

The QENTA Checkout Server is thus able to check whether the received parameters are manipulated by a 3rd party.