In this Section
Search Our Site:
University at Buffalo Foundation, Inc.
P.O. Box 900
Buffalo, NY 14226-0900
Phone: (716) 645-3013
Fax: (716) 645-3475
Contact Us
UBFWIT - Documentation for web developers
Evaluating your ability to use UBFWIT
In order to be technically capable of using UBFWIT you should be able answer YES to all of the following questions:
- Do you have your own web space?
- Are you capable of scripting an HTTP POST of data to UBFWIT or can you create an HTML form that will gather data and POST it to UBFWIT?
- Are you capable of scripting something to receive an HTTP POST back from UBFWIT in a language such as PHP, Perl, ASP, Cold Fusion, etc.?
- Do you have a database to store the data you collect from your web site and receive from UBFWIT?
- Can you write a script to store it along with response data from UBFWIT?
Getting set up
To use UBFWIT:
- You need to have your own web site
- You need to have a page on your site that will POST to UBFWIT
- You need to have a page on your site that will accept a POST from UBFWIT
To make the connection to UBFWIT, you will be POSTING to:
https://ubfoundation.buffalo.edu/interface/CreditCard.php
Before you can use the system you must contact the UB Foundation to have a connecting_site_code assigned. At this time you will also need to provide the UBF Account Numbers that your transactions will be associated with. To have this set up, please complete the web site setup form located at:
http://www.ubfoundation.buffalo.edu/drpl/node/210
Email the web site setup form to:
Cindy Johannes
Director of Constituent Records & Revenue, UB Foundation
Center for Tomorrow, North Campus
Voice: 645-3013 x223
Email: devclj@buffalo.edu
OR
Linda Sansone
Center For Tomorrow, North Campus
Voice: 645-3013 x224
Email: devlah@buffalo.edu
Depending on what type of product or service for which your site accepts payment, you will also need to know the correct Service Type Code. Cindy Johannes or Linda Huffman can help you determine the correct code.
Connecting/Posting to UBFWIT
The following charts describe the data that is passed to and from UBFWIT (to your web pages):
Data to include when posting to the interface:
|
Variable |
Description |
Maximum Length |
Required when posting/linking to UBFWIT? |
|
This is a field that you may use however you like |
2000 |
N |
|
|
Amount to charge the card (must be>=10.00 and <=10,000.00) |
|
Y |
|
|
Customer's City |
30 |
Y |
|
|
Customer's Company |
50 |
N |
|
|
An alpha-numeric code that we assign to you when you request to use the service |
16 |
Y |
|
|
Customer's Country |
60 |
N |
|
|
Reserved for future/internal use |
20 |
N |
|
|
When set to TRUE, customer will be presented with the eCheck payment screen instead of the default credit card payment screen |
4 |
N |
|
|
Customer's Email Address - where the email receipt generated by Authorize.net is sent when email_ind = TRUE. Only one email address allowed. |
200 |
Y if email_ind = TRUE |
|
|
Text at the bottom of the email receipt |
500 |
N |
|
|
Text at the top of the email receipt |
500 |
N |
|
|
If an email receipt should go to the customer (TRUE or FALSE) (case sensitive) |
5 |
N |
|
|
Customer's First Name |
50 |
N |
|
|
Customer's Home Phone |
25 |
N |
|
|
Customer's Last Name |
50 |
N |
|
|
Administration Email Address - where a version copy of the customers email receipt generated by Authorize.net (minus the custom header and footer) is sent when merchant_email_ind = TRUE. Only one email address allowed. |
200 |
Y if merchant_email_ind = TRUE |
|
|
If an a copy of the email receipt should go to the merchant (TRUE or FALSE) (case sensitive) |
5 |
N |
|
|
If you need to add a query_string to the post_back_url, put that in this variable - do not include the leading ‘?'. The variables in this query_string will be sent back to you via the post to your post_back_url. NOTE: Please encode the query string properly and make sure not to use variables already listed here. |
Unlimited (recommended that it is not > 4000) |
N |
|
|
URL of the script to receive the response (http://yourserver/yourscript) Note: please do not add a QUERY_STRING to this url, rather, use the post_back_qstring field |
2000 |
Y |
|
|
Customer's State |
40 |
Y | |
|
Type of service or product relating to the transaction |
5 |
Y |
|
|
Customer's Street Address |
60 |
Y | |
|
Description of charge on email receipt |
200 |
Y |
|
|
Your unique transaction identifier - used for tracking on your end |
20 |
Y |
|
|
UBF Account Number |
10 |
Y |
|
|
Customer's Zip Code |
20 |
Y |
Page Formatting Options:
(variables to include in your POST to UBFWIT if you want to customize the look of the page)
|
Variable |
Description |
Default |
|
face attribute of the <basefont> tag and corresponding style selectors |
Arial,Helvetica,Sans-Serif |
|
|
size attribute of the <basefont> tag and corresponding style selectors |
3 |
|
|
contents of the <title> tag |
Credit Card Transaction |
|
|
bgcolor attribute of the <body> tag and corresponding style selector |
#ffffff |
|
|
Text attribute of the <body> tag and corresponding style selector |
#000000 |
|
|
link attribute of the <body> tag and corresponding style selector |
#0000ff |
|
|
Alink attribute of the <body> tag and corresponding style selector |
#cc33ff |
|
|
Vlink attribute of the <body> tag and corresponding style selector |
#cc33ff |
|
|
Color of a.hover in the style tag |
#cc33ff |
|
|
Color of the labels for required form fields |
#ff0000 |
|
|
The format of the form that collects credit card number (horizontal or vertical) |
vertical |
|
|
A block of HTML that will be inserted before the form that collects the customer's credit card information |
|
|
|
A block of HTML that will be inserted after the form that collects the customer's credit card information |
|
Receiving the response from UBFWIT
Data posted back to your script (Plus the fields above that were included in the first POST):
|
Variable |
Description |
Length |
|
UBF unique transaction identifier (UBF's Transaction ID) |
20 |
|
|
Authorize.net Response: 1 = This transaction has been approved. 2 = This transaction has been declined. 3 = There has been an error processing this transaction. Please code accordingly. Only when receiving a "1" should you confirm with the site visitor that the transaction is a success. |
1 |
|
|
Authorize.net Response: See Below |
2 |
|
|
Authorize.net Response: See Pages 21-27 of Authorize.net documentation at http://www.authorizenet.com/support/AIM_guide.pdf
|
varies |
|
|
The name on the card charged - only returned for a successful transaction Absent for eCheck transactions. |
40 |
|
|
The last 4 digits on the card charged - only returned for a successful transaction Absent for eCheck transactions. |
4 |
|
|
The type of card charged - only returned for a successful transaction (VISA, MASTERCARD, AMERICANEXPRESS, DISCOVER) Absent for eCheck transactions. |
20 |
|
|
The name on the check charged - only returned for a successful transaction Absent for credit card transactions. |
50 |
|
|
The last 4 digits of the bank account charged - only returned for a successful transaction Absent for credit card transactions. |
4 |
|
|
Authorize.net's Authorization Code - only returned for a successful transaction. Empty for eCheck transactions |
6 |
|
|
Authorize.net's Transaction ID - only returned for a successful transaction |
10-20 |
Notes:
- Your receiving script/html should NOT use relative urls (for images, links, etc.). Due to the utility we use to automatically post back to your script, all the urls in your html should have the full url (http://www.yourserver...).
- To be prepared for future security updates, we suggest that customer address information is included in your POST to UBFWIT (even though these fields are not currently required).
- The person in the email field and the person in merchant_email field get slightly different emails from Authorize.net - the one to "email" is meant for the customer/visitor on your site (it has your custom Email Header and Footer). The one to "merchant_email" is meant for someone internal in your department (it has no custom content and it has more information about the transaction). Only pass in the actual email address in these fields (no name inclusion like: "Mike Sabatino <msabatinosemailaddress@buffalo.edu>" ONLY pass in msabatinosemailaddress@buffalo.edu
- Currently the DOCTYPE for the UBFWIT pages is HTML 4.0 transitional. Eventually, deprecated HTML elements may force us to change the formatting options when we go to HTML 4.0 Strict or XHTML. There are no current plans for this yet.
- Any images that you reference in the HTML code passed into UBFWIT do not need to be hosted on a secure server in order for the transaction to be secure, BUT some of your customers may complain that their browser is telling them that the page is insecure (depending on the browser). Due to this it is recommended that you do not references images in the HTML code that gets passed unless they are on a secure server and the url in the code starts with https://. In the case that you absolutely must have images but do not have a secure server, you may contact Mike Sabatino to arrange hosting of your images on the UB Foundation's server.
Testing your site's integration with UBFWIT
The TEST ADDRESS to POST to is https://ubfoundation.buffalo.edu/test/interface/CreditCard.php
-
Transactions ARE NOT REAL when performed at the test site
-
The credit cards numbers listed below should be used when testing credit card transactions
- The bank routing numbers listed below should be used when testing eCheck transactions
-
Test transactions should not be done on the LIVE Site
Test Credit Card Numbers:
Visa - 4007000000027
Mastercard - 5424000000000015
Discover - 6011000000000012
American Express - 370000000000002
Test Bank Routing Numbers:
222371863
307075259
052000113
When you switch to "LIVE MODE" you may use the test credit card numbers for an initial test (they get declined when you are in "LIVE MODE").
Sample PHP code can be found at:
http://ubfoundation.buffalo.edu/UBFWIT_Example/Form.php
We also welcome your examples that may help others. If you have questions or if you would be willing to host a working set of test pages please use this contact form.