Below you will find a listing of the supported Authorize.net-compatible parameters and what information each parameter should contain. This parameter set is used by third party carts and custom designed scripts. Please note that 2Checkout must know what is being sold in every sale. There are parameters available that allow for dynamic product creation. These will be discussed as well, and must be used if you are using this parameter set, but they are not Authorize.Net specific.

Multi-page Payment Routine:
https://www.2checkout.com/2co/buyer/purchase
Supports all payment methods. Supports tangible and intangible products/services.

Single Page Payment Routine:
https://www.2checkout.com/checkout/spurchase
Credit card-only payment routine only available for intangible products/services.

Required Parameters:
x_login - Your numerical 2checkout vendor account number.
x_amount - The total amount to be billed, without a currency symbol, and only two decimal places if used (8 characters, decimal, 2 characters: Example: 99999999.99)
x_invoice_num - A unique order id from your system. (64 characters max)

Product Identification Parameters:
Suppliers using this parameter set must pass in parameters to identify what is being sold during the purchase. These parameters will also benefit suppliers as when used correctly the product information will be displayed to customers on the purchase pages and will be listed on the suppliers 2Checkout.com sale detail page.

id_type - Due to changes in with the Product Identification parameters this parameter should be passed in once during the purchase and will need to have its value set to 1.
c_prod - The ID of the product that is being purchased. The quantity of product being purchased can passed with this parameter by placing a comma after the ID and then the quantity in numeric format.
c_name - The value of this parameter should contain the name of the product to be created. (128 characters max)
c_description - The value of this parameter should contain a short description of the product to be sold. (255 characters max)
c_price - The price of your product. Please note that in order to prevent a discrepancy between the total parameter and the sum of the product identification c_price parameters which may confuse the customer, the product price will not be displayed on the purchase page. (8 characters, decimal, 2 characters: Example: 99999999.99)

You can use these identification parameters to pass in multiple products as well. To do so you will need to append a digit to each parameter. For example, c_prod_1, c_name_1, c_description_1, c_price_1 will describe the first product, then to describe the second product you would use a 2 so the parameters will read c_prod_2, c_name_2 and so on.

Additional Parameters:
demo - Y to enable demo mode. Do not pass this in for live sales. Can also be controlled within the account.
lang - “sp” for Spanish purchase routine pages, defaults to English if this is absent, but “en” may be used for English as
well.
merchant_order_id - Specify your order number with this parameter. It will also be included in the confirmation emails to yourself and the customer. (50 characters max)
pay_method - CC for Credit Card, CK for check, PPI for PayPal, PPL for PayPal Pay Later, or FXS for FXSource. This will set the default selection on the payment method step during the checkout process.
skip_landing - If set to 1 it will skip the order review page of the purchase routine.
x_Receipt_Link_URL - Used to specify an approved URL on-the-fly, but is limited to the same domain that is used for your 2Checkout account, otherwise it will fail. This parameter will over-ride any URL set on the Look and Feel page. (no limit)

To populate the billing information page you may pass in:
x_First_Name - buyers first name (64 characters max)
x_Last_Name - buyers last name (64 characters max)
x_Phone - buyers phone number (16 characters max)
x_Email - buyers email address (64 characters max)
x_Address - buyers address (64 characters max)
x_City - buyers city (64 characters max)
x_State - buyers state (64 characters max)
x_Zip - buyers zip code (16 characters max)
x_Country - buyers country (64 characters max)

To populate the shipping information page you may pass in:
x_Ship_To_First_Name
x_Ship_To_Last_Name
x_Ship_To_Address
x_Ship_To_City
x_Ship_To_Country
x_Ship_To_State
x_Ship_To_Zip

Please note that since this parameter set is for third party shopping carts, we do not collect shipping information for these types of orders. This is because your cart is responsible for calculating the shipping and it is passed in as part of the x_amount parameter. We will present the shipping information page if any of the shipping parameters are passed in, but this does not mean we will apply shipping charges to the order. If the shipping information is passed in, we will also populate the billing information using that information unless any of the above parameters are passed in by your cart to populate the billing information page.

It is also important to note that when using the Authorize.Net set of parameters, 2CO only requires the three listed under the required section. We will therefore not passback strictly Authorize.Net style parameters for everything unless they are passed in to us. This is not often a problem as most carts do this anyways. For example, x_First_Name and x_Last_Name will prepopulate the billing name, but 2CO uses cardholder_name for this. cardhold_name will then be returned unless x_First_Name and x_Last_Name are passed into 2Checkout.

Custom Parameters:
You may pass in any additional parameters that you may need and they will be returned to you at the end of the sale. The only restrictions on custom parameters are that they can not share the name of ANY parameter that our system uses, even from the other sets. Please note that you WILL need a return script set up on the Look and Feel page to receive any of these parameters back as they are not included in the confirmation emails.

Return Parameters:
You can receive back all of the parameters that were passed in as well as the following parameters:
x_2checked - Y if card was successfully processed, K if pending.
x_MD5_Hash - The MD5 hash that can be used to verify that the sale came from a 2CO server.
x_trans_id - the 2CO order number for the order.

Using this parameter set, we are not receiving any product information. As you can see, you are only passing in a total amount to us. Usually, the cart will have some means of using the x_invoice_num to determine what was purchased after the sale. A return URL will need to be set up on the Look and Feel page for the cart to correctly determine this.

Consult the documentation that came with your cart or contact the cart manufacturer for assistance with setting this up or to determine what URL you should enter on the Look and Feel page for your cart to receive the product information.

Recurring billing can not be done with this parameter set. You must use the Plug-N-Play parameter set and have the products defined within the 2CO database for recurring billing.

Important: You can not mix the three parameter sets. This will cause problems during payment or may prevent the payment pages from working at all.

Important Note: When you are testing parameters, please be certain to clear the cookies in your browser between tests to ensure the changes you have made are applied. For more information on clearing the cookies please click here.

Related Article: Country Codes

Below are the parameters supported by the Plug and Play Cart. These parameters can only be used if you have added your products to the 2CO database. You are using the Plug and Play cart if you are passing in the three parameters listed under the Required section below.

Multi-page Payment Routine:
https://www.2checkout.com/2co/buyer/purchase
Supports all payment methods. Supports tangible and intangible products/services.

Single Page Payment Routine:
https://www.2checkout.com/checkout/spurchase
Credit card-only payment routine only available for intangible products/services.

Required Parameters:
sid - Your 2Checkout vendor account number. (64 characters max)
product_id - The 2CO ID for the product or service in your 2Checkout account.
quantity - The quantity of the product. (99 max value)

Additional Parameters:
demo - Y to enable demo mode, do not pass this in for live sales
fixed - Y to remove the Continue Shopping button and lock the quantity fields
lang - “sp” for Spanish purchase routine pages, defaults to English if this is absent, but “en” may be used for English as well.
return_url - Used to control where the Continue Shopping button will send the customer when clicked. (255 characters max)
merchant_order_id - Specify your order number with this parameter. It will also be included in the confirmation emails to yourself and the customer. (50 characters max)
pay_method - CC for Credit Card, CK for check, PPI for PayPal, PPL for PayPal Pay Later, or FXS for FXSource. This will set the default selection on the payment method step during the checkout process.
skip_landing - If set to 1 it will skip the order review page of the purchase routine. If there are options on the products it will cause an error and redirect the customer back to the order review page.
x_Receipt_Link_URL -Used to specify an approved URL on-the-fly, but is limited to the same domain that is used for your 2Checkout account, otherwise it will fail. (no limit):

• This parameter will over-ride any URL set on the Look and Feel page.
• If Direct Return is disabled: If only one product is ordered, it will over-ride the return URLs on the product as well. If more than one product is ordered, then this parameter will control where the “Click Here to Notify [Your Company]” button on the final page takes the customer, but the return URLs on the products will be listed as links below the button, next to the description of the product.
• If Direct Return is enabled : If one product is ordered, this parameter will NOT over-ride the return URLs on the products. If more than one product is ordered, then this parameter will over-ride the product return URLs. Also keep in mind that many third party shopping carts recommend that Direct Return be disabled to work properly.

To populate the billing information page you may pass in:
card_holder_name - Card holder’s name. (128 characters max)

The card holder’s name can also be populated using the first_name, middle_initial, and last_name parameters. IMPORTANT: If you use these three parameters, the data will be combined into and returned as card_holder_name to your Approved URL script.

street_address - Card holder’s street address (64 characters max)
street_address2 - The second line for the street address, typically suburb or apartment number information (64 characters max)
city - Card holder’s city (64 characters max)
state - Card holder’s state (64 characters max)
zip - Card holder’s zip (16 characters max)
country - Card holder’s country (64 characters max)
email - Card holder’s email address (64 characters max)
phone - Card holder’s phone number (16 characters max)
phone_extension - Card holder’s phone extension (9 characters max)

To populate the shipping information page you may pass in:
ship_name
ship_street_address
ship_street_address2
ship_city
ship_state
ship_zip
ship_country

Please note that shipping information will only be collected for items that are defined as tangible in our system. Shipping is also only charged for tangible items. We will ask for shipping information if you pass in any of the shipping parameters, regardless of whether the item is tangible or not. This does not mean we will apply shipping charges to the sale, but their information will be collected.

The billing information page will also be populated with the information from the shipping page if the shipping information is collected on that sale and the billing information is not passed in.

Custom Parameters:
You may pass in any additional parameters that you may need and they will be returned to you at the end of the sale. The only restrictions on custom parameters are that they can not share the name of ANY parameter that our system uses, even from the other sets. Please note that you WILL need a return script set up on the Look and Feel page to receive any of these parameters back as they are not included in the confirmation emails.

Passing Multiple Plug and Play Products:
You may also pass multiple plug and play products in one form. To do this add a corresponding digit to the quantity and product_id parameters to group them for each product. For example, if we wanted to pass two products into the system we would be passing in first the sid parameter, then product_id1 and quantity1, and then product_id2 and quantity2.

Example:

<form action='https://www.2checkout.com/2co/buyer/purchase' method='post'>
<input type='hidden' name='sid' value='123' >
<input type='hidden' name='quantity1' value='1' >
<input type='hidden' name='product_id1' value='1008' />
<input type='hidden' name='quantity2' value='1' >
<input type='hidden' name='product_id2' value='1014' >
<input type='hidden' name='quantity3' value='1' >
<input type='hidden' name='product_id3' value='1011' >
<input name="submit" type='submit' value='Buy from 2CO' >
</form>

You can receive back all of the parameters that were passed in as well as the following parameters:
order_number - 2Checkout.com order number
total - the total amount of the purchase
ship_method - the shipping method that was selected for this order (if applicable)
credit_card_processed - Y if successful (Approved), K if waiting for approval (Pending)
merchant_product_id - your product ID for purchased item
key - the MD5 hash that can be used to verify that the sale came from one of our servers

Also note that this is the only parameter set that can be used for recurring billing with our service.

Important: You can not mix the three parameter sets. This will cause problems during payment or may prevent the payment pages from working at all.

Important Note: When you are testing parameters, please be certain to clear the cookies in your browser between tests to ensure the changes you have made are applied. For more information on clearing the cookies please click here.

Related Article: Country Codes

This parameter is used to verify the passbacks for you. Depending on what parameter set you are using, this will either appear as ‘key’ or ‘x_MD5_Hash‘. The MD5 hash is also provided to help you verify the authenticity of INS posts. On INS posts the hash is returned in the md5_hash parameter.

One of the Md5 hash components involves a secret word that can be set by you. To set it, follow these directions:

Setting Your Secret Word:

1. Login to your account.
2. Click on “Look and Feel” found on your account homepage.
3. Enter your secret word into the data field labeled, “Your Secret Word (16 Character Limit)”. As labeled, the only limit is that it must be 16 characters or less.
4. Click “Save Changes” when you are finished.

Please read the related article below for more information about the MD5 Specifications.
How do I use the MD5 Hash?

The MD5 hash is provided to help you verify the authenticity of a sale. This is especially useful for vendors that sell downloadable products, or e-goods, as it can be used to verify whether sale actually came from 2Checkout and was a legitimate live sale. We intentionally break the hash code for demo orders so that you can compare the hash we provide with what it should be to determine whether or not to provide the customer with your goods or not.

To calculate the MD5 hash, you need to make a string that contains the information described below and pass it in as the value to your scripting languages MD5 function. Below is an example:

md5 ( secret word + vendor number + order number + total )

The secret word is set by yourself on the Site Managment page. The vendor number is your numerical vendor/seller ID number. The order number is the order number for the sale. The total is the numerical value for the total amount of the sale.

Demonstration:

Secret Word => tango
Vendor Number => 123456
Order Number => 9999999
Total => 5.99

md5hash = md5( tango12345699999995.99 )

It is important to note that the MD5 hash must also be converted to upper case letters for a clean comparison. How this is done depends on the scripting language that you use. Below are some examples of how to compute the MD5 hash using PHP. This should illustrate how this process works.

The following code would be applicable to orders placed using our Plug and Play cart and our proprietary third party set of parameters.

$string_to_hash = “tango123456″ . $_POST[”order_number”]
.
$_POST[”total”];
$check_key = strtoupper(md5($string_to_hash));

echo (”Returned MD5 Hash : ” . $_POST[”key”]
. “<BR>”);
echo (”Should be : ” . $check_key . “<BR>”);

if($check_key == $_POST[”key”]){
// At this point the expected key and the returned key match, so the customer should be given access to the download
// This is where you would want to put the code or page for the download
echo (”<center>They match!</center>”); }
else {
// At this point the keys do not match, so either the attempt was fraudulentor a demo order
// This is where you would put the code or page for an unsuccessful attempt
echo (”<center>They do NOT match! Was this a demo order?</center>”);}

The following code would then be applicable to orders placed using the Authorize.net
parameter set.

$string_to_hash = “tango123456″ . $_POST[”x_trans_id”]
.
$_POST[”x_amount”];
$check_key = strtoupper(md5($string_to_hash));

echo (”Returned MD5 Hash : ” . $_POST[”x_MD5_Hash”]
. “<BR>”);
echo (”Should be : ” . $check_key . “<BR>”);

if($check_key == $_POST[”x_MD5_Hash”]){
// At this point the expected key and the returned key match, so the customer
should be given access to the download
// This is where you would want to put the code or page for the download
echo (”<center>They match!</center>”); }
else {
// At this point the keys do not match, so either the attempt was fraudulent
or a demo order
// This is where you would put the code or page for an unsuccessful attempt echo (”<center>They do NOT match! Was this a demo order?</center>”);}

The MD5 hash is also provided to help you verify the authenticity of INS posts. The MD5 hash that is sent with INS posts is a hash of sale_id + vendor_id + invoice_id + secret word in the md5_hash parameter.

Demonstration:

sale_id => 9999999999
vendor_id => 123456
invoice_id => 1111111111
Secret Word => tango
md5hash = md5( 99999999991234561111111111tango )

The following code would be applicable to orders placed using our Plug and Play cart and our proprietary third party set of parameters.

$string_to_hash = $_POST[“sale_id”] . “123456” . $_POST[“invoice_id”] . “tango”;
$check_key = strtoupper(md5($string_to_hash));
echo (“Returned MD5 Hash : ” . $_POST[“md5_hash”]
. “
”);
echo (“Should be : ” . $check_key . “
”);
if($check_key == strtoupper($_POST[“md5_hash”])){
// If the expected key and the returned key match the authenticity of the message has been validated.
echo (”They match!”); }
else {
// At this point the keys do not match.
// This is where you would put the code for an unsuccessful attempt.
echo (“They do NOT match!”);}

Please note that help with implementing the MD5 hash into your return script is beyond the realm of 2Checkout.coms support. This document is provided merely as a reference document to help point you in the right direction. How the MD5 hash is computed is Dependant upon the scripting language that you use. Implementation of any MD5 hash checking is solely on your end or your server. 2Checkout.com can not provide you with support in implementing this or troubleshooting your implementation. We provide you with the hashes as a convenience to help you protect your digital goods.

The following links may be of interest to you if you are looking for more information on the MD5 algorithm and its use.

http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
http://en.wikipedia.org/wiki/MD5
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemSecurityPolicyHashClassMD5Topic.asp

We have also intentionally designed the MD5 hash not to work for demo sales as was explained earlier. If the sale is in demo mode, the order number used to create the hash will be forced to a one, which will cause the hashes to be different when you compare them. If you wish to test the hashes, you’ll have to place a live test order using a real credit card number.

Because MD5 is designed to fail in demo mode for security reasons, the only way to test the MD5 hash is to perform a live test order using a real credit card. Note that if you cancel the test order from the admin panel immediately afterward, no transaction fees will apply to the sale.