This section describes the steps that you need to take to dynamically generate the security signature of the hosted iFrame.
After configuring and saving your Checkout page, you can view the generated iFrame URL, the Page ID, and the API Security Key.
To view the Checkout page information:
The Usage Information section includes the information that you will need in order to embed the Checkout pages into your website.
Besides the Page ID and API Security Key, there are several additional components that need to be set to generate the iFrame.
The iFrame URL from the Usage Information section is valid for 30 minutes after it is generated. You must add logic to dynamically generate the timestamp/token when calling the hosted page.
7av18bEz97Jrq9K6z0QPyvJpIqIxSmZc. Every page submission consumes a token. Once a token have been consumed, it is blacklisted for 48 hours. When a Hosted Checkout Page needs to be reloaded, for example, after an unsuccessful submission, a new token must be created to generate a new iFrame.
To generate the signature for the URL, create a string that concatenates the following input values:
Use the following format for the string:
Do not add a space or other character between the token and the API security key.
For example, using the following values:
The resulting concatenated string would look like the following:
After you generate the signature for the URL, you must encode the resulting string.
To encode the URL signature:
_(respectively). The sample resulting output should be "
The result from the step 3 above is the signature to be used for the iFrame URL.
Next, Embed and Submit the iFrame.