Persisted invoices are invoices that have been uploaded via the Merchant Dashboard or via the API.
In order to iFrame or direct your customers to our persisted invoices pages, authentication is required.
Authentication is achieved by providing some extra query parameters in the URL. This helps to avoid credit card skimming bots. The base path is
/<your-merchant-username>/invoices. The query parameters that must be provided are:
A alphanumeric string, randomly generated by you each time the page is accessed.
An epoch timestamp representing the current time.
An MD5 hex-encoded verification code which is the timestamp (ts) and the nonce concatenated with a colon and encoded with your "PayNow" token.
Below is an example of how to generate the verification code in Ruby.
v = OpenSSL::HMAC.hexdigest('md5', paynow_token, [timestamp, nonce].join(':'))
Insert one of the following to your website, replacing the nonce, ts and v parameters with your own.
<!-- iFrame Example --> <iframe height='800' src='https://paynow.pmnts.io/xxxx/invoices?iframe=1&nonce=7705a1dd&ts=1511737426&v=8f14f3f99769ce96b2488dc4a1350ff8' width='600'></iframe> <!-- Link Example --> <a href="https://paynow.pmnts.io/xxxx/invoices?iframe=1&nonce=7705a1dd&ts=1511737426&v=8f14f3f99769ce96b2488dc4a1350ff8">Pay Now</a>
When the customer arrives on the landing page, they will be asked to enter their invoice reference.
If the customer enters a valid reference, they can then see the details of the invoice and enter their credit card details.
If successful the customer will see a message confirming that the payment has been processed.