SagePay Gateway Guide
Services and Compatibility
- Payment Gateway Company Name:
- SagePay UK
- Services that work with Spreedly:
-
- SagePay’s Direct Integration
- Services that do not work with Spreedly:
-
- SagePay iFrame based accounts **
- SagePay Form based accounts
- Supported operations:
- Purchase, Authorize, Capture, Refund, Void, Verify
- Supported payment types:
- Credit Card
- Spreedly 3DS2 Global Supported
- No
- Gateway Specific 3DS2 Supported
- No
- Populate MIT GSF Support
- No
- Regions:
- Europe
- API endpoint URL:
-
https://live.sagepay.com/gateway/service
Authentication and Security
- Specific names for credentials:
- Vendor Login Name
- Additional steps needed to activate?
- Yes. You’ll need to add Spreedly’s IP address to the list of valid IPs. And email us so we can contact SagePay on your behalf.
Onboarding Merchants in:
-
United Kingdom
-
Ireland
Additional Notes
** SagePay iFrame based accounts do not work with Spreedly. Please note that the “Spreedly iFrame” is supported and works well with SagePay.
The IP addresses for white listing are listed here.
Contact Spreedly when you are ready to go live. SagePay typically requires a test transaction to be run before your account can be enabled for live transactions. We can contact SagePay for you to get it all sorted without needing a test transaction; we just need to know your vendor name. This is typically a 24 hour end-to-end task.
In order to setup recurring transactions, the merchant will need to obtain a Continuous Authority merchant number from their merchant acquirer. Once you have the Continuous Authority number, you can add it to your SagePay account (https://www.sagepay.co.uk/support/12/38/adding-more-merchant-numbers).
Additionally, it may be helpful to review these guides from SagePay regarding Repeats and Continuous Authority:
https://www.sagepay.co.uk/support/12/36/continuous-auth https://www.sagepay.co.uk/support/12/37/repeating-a-transaction
SagePay does not support IPv6 format for customer transaction IP addresses.
Adding a SagePay gateway
Once you’ve got SagePay prepped, you can create a SagePay gateway like so:
curl https://core.spreedly.com/v1/gateways.xml \
-u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
-H 'Content-Type: application/xml' \
-d '<gateway>
<gateway_type>sage_pay</gateway_type>
<login>Your Vendor Name</login>
</gateway>'
<gateway>
<token>4RGEQimnj4xvjjy4zjtKzJh8MKQ</token>
<gateway_type>sage_pay</gateway_type>
<name>SagePay</name>
<description nil="true"/>
<login>Your Vendor Name</login>
<characteristics>
<supports_purchase type="boolean">true</supports_purchase>
<supports_authorize type="boolean">true</supports_authorize>
<supports_capture type="boolean">true</supports_capture>
<supports_credit type="boolean">true</supports_credit>
<supports_general_credit type="boolean">false</supports_general_credit>
<supports_void type="boolean">true</supports_void>
<supports_verify type="boolean">true</supports_verify>
<supports_reference_purchase type="boolean">true</supports_reference_purchase>
<supports_purchase_via_preauthorization type="boolean">false</supports_purchase_via_preauthorization>
<supports_offsite_purchase type="boolean">false</supports_offsite_purchase>
<supports_offsite_authorize type="boolean">false</supports_offsite_authorize>
<supports_3dsecure_purchase type="boolean">true</supports_3dsecure_purchase>
<supports_3dsecure_authorize type="boolean">true</supports_3dsecure_authorize>
<supports_store type="boolean">false</supports_store>
<supports_remove type="boolean">false</supports_remove>
<supports_fraud_review type="boolean">false</supports_fraud_review>
</characteristics>
<credentials>
<credential>
<name>login</name>
<value>Your Vendor Name</value>
</credential>
</credentials>
<gateway_specific_fields>
<gateway_specific_field>gift_aid_payment</gateway_specific_field>
<gateway_specific_field>apply_avscv2</gateway_specific_field>
<gateway_specific_field>repeat</gateway_specific_field>
<gateway_specific_field>account_type</gateway_specific_field>
</gateway_specific_fields>
<payment_methods>
<payment_method>credit_card</payment_method>
</payment_methods>
<state>retained</state>
<redacted type="boolean">false</redacted>
<created_at type="dateTime">2019-03-28T18:57:22Z</created_at>
<updated_at type="dateTime">2019-03-28T18:57:22Z</updated_at>
</gateway>
Gateway specific fields
When interacting with a SagePay gateway to run transactions, there are some gateway specific fields you can specify when making a purchase or authorize call.
SagePay allows you to specify an optional gift_aid_payment
field to indicate that the payment is a Gift Aid charitable donation and the customer has agreed to donate the tax.
SagePay also allows you to fine tune the AVS/CV2 checks and rule set you’ve defined at a transaction level using the apply_avscv2
field. This is useful in circumstances where direct and trusted customer contact has been established and you wish to override the default security checks.
SagePay allows you to specify an optional account_type
field used to select which merchant account to use.
Please note the repeat
field has been deprecated and has no use, but still exists to prevent errors. To invoke a recurring/repeat purchase, send a reference purchase instead.
These fields can be specified like so:
curl https://core.spreedly.com/v1/gateways/LlkjmEk0xNkcWrNixXa1fvNoTP4/purchase.xml \
-u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
-H 'Content-Type: application/xml' \
-d '<transaction>
<payment_method_token>56wyNnSmuA6CWYP7w0MiYCVIbW6</payment_method_token>
<amount>100</amount>
<currency_code>USD</currency_code>
<gateway_specific_fields>
<sage_pay>
<gift_aid_payment>1</gift_aid_payment>
<apply_avscv2>1</apply_avscv2>
<repeat>true</repeat>
<account_type>E</account_type>
</sage_pay>
</gateway_specific_fields>
</transaction>'
<transaction>
<on_test_gateway type="boolean">true</on_test_gateway>
<created_at type="dateTime">2019-03-28T18:57:22Z</created_at>
<updated_at type="dateTime">2019-03-28T18:57:22Z</updated_at>
<succeeded type="boolean">true</succeeded>
<state>succeeded</state>
<token>IVgKk20lBPcrXJdH35lWXI2P7TA</token>
<transaction_type>Purchase</transaction_type>
<order_id nil="true"/>
<ip nil="true"/>
<description nil="true"/>
<email nil="true"/>
<merchant_name_descriptor nil="true"/>
<merchant_location_descriptor nil="true"/>
<gateway_specific_fields>
<sage_pay>
<gift_aid_payment>1</gift_aid_payment>
<apply_avscv2>1</apply_avscv2>
<repeat>true</repeat>
<account_type>E</account_type>
</sage_pay>
</gateway_specific_fields>
<gateway_specific_response_fields>
</gateway_specific_response_fields>
<gateway_transaction_id>54</gateway_transaction_id>
<gateway_latency_ms type="integer">21</gateway_latency_ms>
<amount type="integer">100</amount>
<currency_code>USD</currency_code>
<retain_on_success type="boolean">false</retain_on_success>
<payment_method_added type="boolean">false</payment_method_added>
<message key="messages.transaction_succeeded">Succeeded!</message>
<gateway_token>T11bJAANtTWnxl36GYjKWvbNK0g</gateway_token>
<gateway_type>test</gateway_type>
<shipping_address>
<name>Newfirst Newlast</name>
<address1 nil="true"/>
<address2 nil="true"/>
<city nil="true"/>
<state nil="true"/>
<zip nil="true"/>
<country nil="true"/>
<phone_number nil="true"/>
</shipping_address>
<response>
<success type="boolean">true</success>
<message>Successful purchase</message>
<avs_code nil="true"/>
<avs_message nil="true"/>
<cvv_code nil="true"/>
<cvv_message nil="true"/>
<pending type="boolean">false</pending>
<result_unknown type="boolean">false</result_unknown>
<error_code nil="true"/>
<error_detail nil="true"/>
<cancelled type="boolean">false</cancelled>
<fraud_review nil="true"/>
<created_at type="dateTime">2019-03-28T18:57:22Z</created_at>
<updated_at type="dateTime">2019-03-28T18:57:22Z</updated_at>
</response>
<api_urls>
</api_urls>
<payment_method>
<token>1rpKvP8zOUhj4Y9EDrIoIYQzzD5</token>
<created_at type="dateTime">2017-06-26T17:04:38Z</created_at>
<updated_at type="dateTime">2019-03-28T14:40:24Z</updated_at>
<email>joey@example.com</email>
<data>
<my_payment_method_identifier>448</my_payment_method_identifier>
<extra_stuff>
<some_other_things>Can be anything really</some_other_things>
</extra_stuff>
</data>
<storage_state>retained</storage_state>
<test type="boolean">true</test>
<metadata>
<key>string value</key>
</metadata>
<callback_url nil="true"/>
<last_four_digits>1111</last_four_digits>
<first_six_digits>411111</first_six_digits>
<card_type>visa</card_type>
<first_name>Newfirst</first_name>
<last_name>Newlast</last_name>
<month type="integer">3</month>
<year type="integer">2032</year>
<address1 nil="true"/>
<address2 nil="true"/>
<city nil="true"/>
<state nil="true"/>
<zip nil="true"/>
<country nil="true"/>
<phone_number nil="true"/>
<company nil="true"/>
<full_name>Newfirst Newlast</full_name>
<eligible_for_card_updater nil="true"/>
<shipping_address1 nil="true"/>
<shipping_address2 nil="true"/>
<shipping_city nil="true"/>
<shipping_state nil="true"/>
<shipping_zip nil="true"/>
<shipping_country nil="true"/>
<shipping_phone_number nil="true"/>
<payment_method_type>credit_card</payment_method_type>
<errors>
</errors>
<verification_value></verification_value>
<number>XXXX-XXXX-XXXX-1111</number>
<fingerprint>e3cef43464fc832f6e04f187df25af497994</fingerprint>
</payment_method>
</transaction>
Please refer to using a payment method for more information on how to send GSFs
Gateway specific response fields
A response from the SagePay gateway may contain the security_key
, vps_auth_code
, bank_auth_code
, and decline_code
fields, which you can find in the gateway_specific_response_fields
.
For example, a transaction response could look something like this:
<transaction>
<token>LgpTNGjsWQs9DwdxcbreUVz0R8p</token>
<transaction_type>Purchase</transaction_type>
<gateway_specific_response_fields>
<sage_pay>
<security_key>abc123</security_key>
<vps_auth_code>abc123</vps_auth_code>
<bank_auth_code>abc123</bank_auth_code>
<decline_code>05</decline_code>
</sage_pay>
</gateway_specific_response_fields>
</transaction>