×
Menu
Search
 
   
   
   
 
  (c) PCI Pal 2020. The content on this page is subject to the Disclaimer Section (found on the Introduction page)

SagePay Payment Gateway

 
This page details the inputs, secure inputs and outputs available for the SagePay Logic Item, how to complete each field, and an external link to the SagePay integration documentation.
 
PCI Pal must check any payment gateway integrations prior to going live.  The documentation disclaimer (which applies throughout this guide) should be read before commencing any configuration of payment gateways.
 

Inputs

 
Input Fields
Required
Character Limits/
Required Input
Description
VPSProtocol
Yes
4 chars
By default should be set to 3.00
TxType
Yes
15 chars
Value must be uppercase
Vendor
Yes
15 chars
Unique identifier, who the payment intended for
VendorTxCode
Yes
40 chars
Unique reference code for the individual transaction
Amount
Yes
0.01 to 100,000.00
Two decimal places are allowed, for example '3.25' is allowed, '3.256' will be rejected
Currency
Yes
3 chars
Standard currency codes are permitted, for example GBP or EUR
Description
Yes
100 chars
Description of what the payment is for, or what it is about
CardHolder
Yes
50 chars
This should be the name listed on the card
CardType
Yes
15 chars
Card type which is being taken (for example, VISA)
Token
No
38 chars
The token created from a previous transaction which will be used to take payment
BillingSurname
Yes (C)
20 chars
Customer billing surname
BillingFirstnames
Yes (C)
20 chars
Customer billing first name(s)
BillingAddress1
Yes (C)
100 chars
Customer billing address line 1
BillingAddress2
No (C)
100 chars
Customer billing address line 2 (optional)
BillingCity
Yes (C)
40 chars
Customer billing city
BillingPostCode
Yes (C)
10 chars
Customer billing postcode which follows the format of postcodes. Can include a space, case sensitive.
BillingCountry
Yes (C)
2 chars
Customer billing country, ISO format, for example, GB, IE, DE
BillingState
No (C)
2 chars
Customer billing US state codes, for example AL, MS, NY
BillingPhone
No (C)
20 chars
Customer billing phone number
DeliverySurname
Yes (C)
20 chars
Customer delivery surname
DeliveryFirstnames
Yes (C)
20 chars
Customer delivery firstnames
DeliveryAddress1
Yes (C)
100 chars
Customer delivery address line 1
DeliveryAddress2
No (C)
100 chars
Customer delivery address line 2 (optional)
DeliveryCity
Yes (C)
40 chars
Customer delivery city
DeliveryPostCode
Yes (C)
10 chars
Customer delivery postcode which follows the format of postcodes. Can include a space
DeliveryCountry
Yes (C)
2 chars
Customer delivery country, ISO format, for example, GB, IE, DE
DeliveryState
No (C)
2 chars
Customer delivery US state codes, for example, AL, MS, NY
DeliveryPhone
No (C)
20 chars
Customer delivery phone number
CustomerEmail
No (C)
255 chars
Customers email address
GiftAidPayment
No
0 or 1
Setting this field means that the customer indicated they wish to donate the tax for the transaction
0 - This is not a Gift Aid Donation (default)
1 - This is a Gift Aid Donation (must have this enabled on the account)
ApplyAVSCV2
No
0 - 3
Allows for fine tuning of the AVS/CV2 checks on the payment
  • 0 - If AVS/CV2 is enabled, check both (default)
  • 1 - Force AVS/CV2 checks even if not enabled on the account, if rules apply, use rules
  • 2 - Force NO AVS/CV2 checks even if enabled on the account
  • 3 - Force AVS/CV2 checks even if not enabled, do not apply any rules
ClientIPAddress
No (C)
15 chars
The IP Address of the client connecting to the server, this will be used by the clients CRM Solution and will not be stored on our side
Apply3DSecure
No
2
If using this variable, it must always be set to 2.  This will not perform 3D Secure checks and authorise the transaction request
BillingAgreement
No
0 or 1
This must always be set to 0 if used as we are not using PayPal payments
CreateToken
No
0 or 1
Use this if you wish to have a token generated and stored for future use
0 - No token will be created from this payment (default)
1 - Store a token from this payment if it is successful
StoreToken
No
0 or 1
Use this if you wish to store the token being used for future use
0 - Do not store a Token (default value)
1 - Store a token after a successful auth or 3 failed attempts
VendorData
No
 
Use this field to pass any  data you wish to be displayed against the transaction to SagePay
ReferrerID
No
40 chars
This can be used to send the unique reference for the partner that referred the Vendor to SagePay
Website
No
100 chars
Reference to the website this transaction has come from.  This is used for reporting purposes
FIRecipientAcctNumber
No (C)
10 chars
Only required for UK Merchants who have the merchant category code of 6012
FIRecipientSurname
Yes (C)
20 chars
Only required for UK Merchants who have the merchant category code of 6012. Recipient surname
FIRecipientPostcode
No (C)
10 chars
Only required for UK Merchants who have the merchant category code of 6012. Postcode may contain spaces
FIRecipientDoB
No (C)
8 chars
Only required for UK Merchants who have the merchant category code of 6012.  DoB format must be YYYYMMDD
 
Secure Inputs
Input Fields
Required
Character Limits/
Required Input
Description
CardNumber
Yes
19 chars
Secure Input of the Card Number
ExpiryDate
Yes
4 chars
Secure Input of the Card Expiry - in the format MMYY
CV2
Yes
3 or 4 chars
Secure Input of the Card CVV, either three or four digits long depending on the card
 
Outputs
Output Fields
Description
VpsProtocol
Protocol used by the system - should read out 3.00
Status
The result of the transaction
StatusDetail
If the status of the transaction is not OK, this field will show more information
VPSTxId
SagePay's unique ID for the transaction, if the status comes back as OK
SecurityKey
A security key which SagePay uses to generate a MD5 hash for notification purposes.  This will only come back if the status is OK
TxAuthNo
SagePay's unique authorisation code for a successfully authorised transaction
AVSCV2
AVS and CV2 response
AddressResult
The specific result of the check of the AVS result on the Card Holders address number
PostcodeResult
The specific result of the check of the AVS result on the Card Holders postcode
CV2Result
The specific result of the check of the AVS result on the Card Holders CV2
3DSecureStatus
Should always come back as NOTCHECKED
CAVV
Will only come back if 3DSecureStatus is used
Token
The token generated by SagePay
DeclineCode
Bank decline code which are specific for each bank
ExpiryDate
Expiry Date of the card, used in the format MMYY
BankAuthCode
The authorisation code given by the bank
Surcharge
Returns the surcharge amount, only if surcharge was present on the transaction
errorMessage
PCI Pal Specific Error Message.  If anything goes wrong in the sending of a request, our internal error handling will respond with a message on the output of the flow
 
SagePay Logic Item
The SagePay Logic Item contains the following properties:
 
SagePay Payment Gateway
 
1

Vendor Name

The unique name given to the client by SagePay.  This can be coded in this field, and set as a variable.  By placing here security measures are added as this will not be shown on the request.

Success Code

2Each gateway has its own unique selection of status codes on a request back from the gateway - for SagePay, these are:
- OK
- NOTAUTHED
- REJECTED
- AUTHENTICATED
- REGISTERED
- 3DAUTH
- PPREDIRECT
- MALFORMED
- INVALID
- ERROR
 
This must be set in order for our internal logging processes to notice that the payment has come back with the expected response.
3

Select Endpoint

  For added security the SagePay endpoints have been hardcoded into the integration.  Test or Live needs to be selected from the Select Endpoint drop down list, depending on the transaction being conducted.
 
Further information can be found by viewing the integration documentation:
 
SagePay Integration Documentation
 
The help manual was created with Dr.Explain