Welcome to Zuora Product Documentation

Explore our rich library of product information

Direct POST Fields for Credit Card

This task provides instructions for handling direct POST fields for credit card information, including encryption and encoding processes.

Field Name

Maximum Length

Comments

encrypted_fields

-

Set to the following:

"#field_creditCardNumber#field_cardSecurityCode#field_creditCardExpirationMonth#field_creditCardExpirationYear"

encrypted_values

-

See Obtain the Encrypted Credit Card Information for Direct POST below.

field_creditCardAddress1

255

field_creditCardAddress2

255

field_creditCardCity

40

field_creditCardCountry

3

Set it to a 3-digit ISO code

For a complete list of supported ISO country codes, see View countries or regions .

field_creditCardHolderName

50

field_creditCardPostalCode

20

field_creditCardState

50

State or province

field_creditCardType

-

Set to one of the following:

  • "Visa"

  • "MasterCard"

  • "AmericanExpress"

  • "Discover"

field_email

80

field_phone

40

To obtain the encrypted credit card information for the encrypted_values field, complete the following steps:

  1. Construct the credit card information to a string in the following format: #field_CreditCardNumber#field_CreditCardSecurityCode#field_CreditCardExpirationMonth#field_CreditCardExpirationYear
  2. Use Base64 encoding to encode the formatted string.
  3. Encrypt the encoded result from Step 2 with the public key . For more detailed information, see Obtain the Public Key for Payment Pages 2.0
  4. Use Base64 encoding to encode the encrypted result from Step 3.

Credit card information can be encrypted either on your payment web page directly, or on your own backend before the encrypted value is sent to the Zuora system. Sample codes are provided below for both cases.

Note that if you get NullValue when trying to obtain the encrypted credit card information for Direct POST, it is usually due to one of the following reasons:

  • The order of the credit card parameters is incorrect.

  • The Javascript library HPM2Security.js is not used to encrypt.