Page Comparison

...

1. uPay posting URL
   1. Location that department storefront will initiate request post and redirect
   2. (Sean Lee) 20150807 Mathew Lindley: The uPay posting URL is where you post the parameters and the user redirect occurs in that single operation. There is an example posting in the uPay Technical Guide. This is the only method of posting to a uPay site.
2. (Sean Lee) Department postback
   1. Send TouchNet the IPs and ports to allow postbacks through the TouchNet firewall
   2. (Rich Martucci) So when we are ready to move to the production server we will need to send you the ssl certificate .cer renamed as .txt for that server too correct?
      1. 20151014 Adam Stambaugh: More than likely. If wildcards are used than it may not be needed but to be on the safe side sending in the cert is the best bet.
   3. 20160226 Cecilia Do: For troubleshooting the postback, go here
3. (Sean Lee) I have noted two additional postback parameters with corresponding value in postback result: __VIEWSTATE and __VIEWSTATEGENERATOR.  What are these values for and is there a way that we can exclude them in postback? 
   1. 20150818 Mathew Lindley: The two parameters are not part of TMS.  If they are being posted to the posting URL, it is because they are being passed to TMS on entry.  The school needs to change their application to not pass them.
4. (Sean Lee) VALIDATION_KEY
   1. Alphanumeric plus special characters
   2. Sample: hX0r0Huchc9gv+ReALWrkQ
   3. 20150817 Sean Lee: Now I know that we cannot have hyphen as part of validation key.  I have tried to include hyphen in ExtTransId and TouchNet complains.
5. (Sean Lee) The other question I have is related to validation key.  I have setup HousingTest uPay site with a validation key.  Let’s say my campus web application is not configured or is configured with incorrect validation key for posting.  TouchNet will redirect user to this page (see attachment),  and stay on that page if user clicked the “Please click here to return” button.  Is there a way that we can configure this scenario in uPay setting with an external URL similar to the way we configure for success/error/cancel page?
   1. 20150818 Mathew Lindley: The ‘Please click here to return’ button is not configurable.  It returns the user back to the location they were sent from.
6. (Sean Lee) What is the maximum field length return by uPay postback for the following fields:

   VALIDATION_KEY
   tpg_trans_id
   CREDIT_ACCT_CODE
   CREDIT_ACCT_AMT
   CREDIT_ACCT_CODE_2
   CREDIT_ACCT_AMT_2 

   All of them have field type ALPHANUMERIC and FIELD LENGTH Unlimited.  What is the maximum “possible” return value for unlimited length?  We want to limit the field length but at same time try to prevent truncation to occur.  This is especially important for tpg_trans_id and CREDIT_ACCT_CODE/CREDIT_ACCT_CODE_2. 

   1. 20150821 Mathew Lindley: 
      1. The maximum length allowed to be entered into the Op Center when creating an accounting code is 50.  So their maximum length is defined by what they use for accounting codes.
      2. Validation key is not passed back to the posting url, but it is calculated and passed by the school, so they should be able to see the length, but I believe that it is 24.
      3. tpg_trans_id is defined by payment gateway, but I believe for credit cards the format is always year, month, day and 6 numbers for a total of 14.  Ach is just a one up number, so that can grow over time.

7. (Cecilia Do) Can you confirm what will happen when we transmit an invalid account code (CREDIT_ACCT_CODE) in uPay?

   1. We're seeing:

      1. uPay session is successful. Customer can make payment.

      2. Transaction shows up in:
         1. uPay reports 
         2. Payment Gateway reports
      3. Transaction does not show up in Marketplace Accounting Code report
      4. The transaction shows up under GL Exception
         1. We can correct the Accounting Code and mark it as complete
         2. After which transaction will show up in Marketplace Accounting Code report under the newly selected Account Code

   2. 20150820 Mathew Lindley: We have confirmed that yes, payments are taken and completed before attempting to send to G/L.  If an exception occurs, payments are not reversed, G/L error notifications are sent.

8. (Cecilia Do) 20150825 Mathew Lindley (in red)

   1. For the uPay payment reversals (same day VOID and subsequent refunds), will a postback be sent? No
   2. Is this the “Post data when payment is cancelled:” parameter under “Posting Settings”? Post data when payment is cancelled controls whether we post back to you when the customer hits the cancel button
   3. If a transaction had multiple partial refunds, will a postback be transmitted for each one with the appropriate refunded amount? No
   4. And what about recurring payments? Will a postback be sent out for each payment that is processed on the scheduled payment date? Yes
9. (Cecilia Do) Can you delete a uStore/uPay as long as it hasn’t taken payments yet? And once a payment is taken, the store/site can only be disabled, not deleted? 
   1. 20150825 Mathew Lindley: Correct.
10. (Cecilia Do) It looks like uStore and uPay names are not required to be unique.
    1. 20150825 Mathew Lindley: Correct.
11. (Cecilia Do) When a store is no longer used, we can only disable it? And it will forever show up on the Revenue by Merchant reports with 0 amounts?
    1. 20150825 Mathew Lindley: Correct, although it will only show up with zero depending on how far you search back. If you haven’t used the store or site you can delete it.
    2. They will stay there for reporting. We do allow the deletion of uStore products though.

12. (Cecilia Do) When a uPay site's name is changed, the reports will display the new name, even for transaction data before the name change.

13. (Sean Lee) Does uPay support postback encryption?  I am a bit concerned on postback security and wondering if it has any methods to encrypt the postback string.
    1. 20150908 Mathew Lindley: I’m not aware of any post back encryption, although it should be noted that we would never receive a post or send a post back that contains payment data; that information is entered on the uPay pages and is only saved within our datacenter at that point.
14. (Cecilia Do on behalf of Linda Snyder) I understand that TouchNet has monthly maintenance. Are we able to request for uninterrupted service during our peak payment period? For example, the period 2-3 weeks where students make an SIR (Student Intent to Register) payment is critical. Can we request for uninterrupted service during those weeks?
    1. 20150916 Michelle Sullivan: You are correct, we do have monthly maintenance that occur on Wednesday. Unfortunately it is a datacenter-wide activity and we cannot pull certain schools from this. I apologize for any inconvenience this may cause.
15. (Sean Lee) It occurs to me that I need some ways to verify user’s identity for those that visit success page, cancel page, and error page via uPay redirect.  Is there a way that we can append parameters (e.g., campus identifier, tpg_trans_id, user-defined parameters, etc.) from post string at the end of redirect URL so the referred page can parse and verify?
    1. 20150917 Mathew Lindley: Posted parameters are not added to the Success Link.  If they want the posted parameters passed back to them, they need to use a posting url. UPAY_SITE_ID and EXT_TRANS_ID are added to the success url unless they have turn this off in the Payment Settings page with the “Transaction ID Settings - Show External Transaction Id in URL” setting.
16. (Markus Quon) With the UPAY_SITE_ID and EXT_TRANS_ID, we are able to identify the record (person) being redirected, however, there is no trust that the redirect URL was tampered with because it lacks trust/validation information.  Is there a way to include one more item such as the VALIDATION_KEY which the external user would not know, but TouchNet does know (Cecilia: this is comparable to the session id key in our current world).
    1. 20150917 Mathew Lindley: This is not possible in our current environment.
    2. (Markus Quon) I'm a bit concerned about the lack of the VALIDATION_KEY as part of the redirect process.  There's a big disconnect that breaks trust and actually would open the door for someone to brute force if a uPay client blindly trust the EXT_TRANS_ID to continue to process assuming they still are handling the same “customer.” Our only saving grace for the UX is that we are able to check for our session and if it exists correlate that with the EXT_TRANS_ID to validate if we have the same user; and in all other cases force reauthentication.
17. (Dianne Bean) 20150928 Mathew Lindley: Adding new merchants / uStores / uPay sites does NOT require any kind of restart. As soon as they are created, they will show up.

18. (Cecilia Do) Regarding going live. For uPay, there’s no preview mode, right? If a department wants to test to the point of authorization, postback, and viewing reports, do we enable the uPay site, go through the local storefront, make a payment with a personal card, check for the postback, view the reports, and do a same-day reversal?

    1. 20150930 Mathew Lindley: That would be the best way to test it front-to-back. You can also use the TEST uPay page to simply test transactions without involving the posting application.

19. (Linda Snyder) The “Site Email Address” item in “General Settings” of the Miscellaneous page…. Is this for administrator announcements/alerts?  Or is this for users to submit queries?

    1. Used as the contact e-mail address on e-mail confirmation messages to the customer. In addition, warning messages for posting URL failures, GL update failures, and recurring payment failures are sent to this e-mail address.

20. How to view reversals (voids/refunds) in reports

    1. Marketplace Reports » uPay Sites » <uPay name>
       1. » Revenue
          1. Input date range.
          2. Lists out individual transaction and refund lines.
       2. » By Product
          1. Input date range.
          2. Product drilldown will list out individual transaction and refund lines.
21. 20151012 Mathew Lindley: The end user and school each receive an email saying payment failed on CC recurring failures.
22. Department notification for transactions processed?
    1. 20151013 Mathew Lindley: A uPay site manager can opt to receive emails by going to "Edit My Profile" on the left hand menu.
       
23. Email receipt signature block uses uPay site name by default. Can override by configuring "Payment Notification Signature Text" under "Miscellaneous" section
24. User's browser might show insecure red lock icon in the https URL in uPay site.
    1. The SSL certificate for secure.touchnet.net, is certainly valid and secure.  This warning is most only being seen by certain older operating systems (generally MAC) and internet browsers that are having issues recognizing new SSL certificates.  Therefore, if those users can visit the site in Safari and permanently trust the root certificate as shown in the attached image, it should resolve future warnings in Safari and Chrome as well.
        
25. (Cecilia Do) 11 May 2016 Per TouchNet Customer Care, there is no way to repost a postback if it is not in the posting exceptions list. The department will need to perform manual updates.
26. (Cecilia Do) 07 Dec 2016 For passing parameters to your uPay site, can we define our own fields for input? Do these self-defined fields come back to us in the postback? Can we pass over fields not defined in the Technical Guide? Say I pass over fields called student_id = '12345678' and term_code = 'F2017'. Will I get these value pairs in the postback so my web system can further process this data? Or does uPay only accept the parameters defined in the uPay Technical Guide?
    1. Yes, allowed! Cecilia confirmed on TEST environment 07 Dec 2016.
    2. 07 Dec 2016 TouchNet Customer Care: You can pass any parameter you like, we wll pass them back to the posting url. Take a look at section 10.4 of the Marketplace Users guide. or the uPay Technical Guide Section 1.0  “uPay will accept any parameters that you pass and in turn pass the parameters back to your campus web application after the transaction is processed”.

...

1. (Cecilia Do) 20150810 Mathew Lindley: Any time you add a new Merchant, TEST or PROD, we have to conduct a Payment Gateway restart on our side to activate the new addition (or edits).
   1. Does NOT cause disruption to Marketplace. Does NOT disrupt the merchants that are already functional and active. 
   2. 20151009 Mathew Lindley: [Restart is only required] when you create/edit Payment Gateway Merchants for Credit Card or ACH.

2. (Cecilia Do) 20150811 Mathew Lindley (in red): I wanted to ask you about the relationship between the Credit Card Merchants (MIDs), Payment Gateway Host System Accounts, and Marketplace Business Units. We plan to create MIDs at the campus school/unit level, which may or may not require additional breakdown. We want to verify that this is possible in TouchNet Marketplace. 

   1. Between Credit Card Merchants (MIDs) and Payment Gateway Host System Accounts
      1. It can be 1-1 CORRECT
         1. For example, we have an “Engineering” MID, and under it an “Engineering” Host System
      2. It can be 1-many CORRECT
         1. For example, we have a “Student Affairs” MID, and under it “Housing” and “Admissions” Host Systems
      3. We plan to use both (i) & (ii)
   2. Between Payment Gateway Host System Accounts and Marketplace Business Units
      1. It can be 1-1 CORRECT
         1. For example, we will have “Engineering,” “Housing,” and “Admissions” Marketplace Business Units tied to the corresponding Host System
      2. It can be 1-many CORRECT…
      3. We plan to use (i)… BUT I STRONGLY RECOMMEND THIS
      
      
      
3. (Kathy Gorelick) 20170221 Update the Merchant Name: in Payment Gateway by logging in to U.Commerce -> Payment Gateway -> Payment Processing Setup -> Credit Card -> Merchant Configuration -> Description -> Select SubTransCode: 17 -> Short Description Name. 

   This doesn't require any module restarts on TouchNet side, it takes effective right after save the change.

Ledger Integration

...