@@ -34,8 +34,9 @@ Table of Contents
3434 * [ Server Notification Handler] ( #server-notification-handler )
3535 * [ Sage Pay Form Methods] ( #sage-pay-form-methods )
3636 * [ Form Authorize] ( #form-authorize )
37+ * [ Form completeAuthorise] ( #form-completeauthorise )
3738 * [ Form Purchase] ( #form-purchase )
38- * [ Sage Pay Shared Methods (Direct and Server)] ( #sage-pay-shared-methods-for-both- direct-and-server )
39+ * [ Sage Pay Shared Methods (Direct and Server)] ( #sage-pay-shared-methods-direct-and-server )
3940 * [ Repeat Authorize/Purchase] ( #repeat-authorizepurchase )
4041 * [ Capture] ( #capture )
4142 * [ Delete Card] ( #delete-card )
@@ -681,7 +682,10 @@ At the gateway, the user will authenticate or authorise their credit card,
681682perform any 3D Secure actions that may be requested, then will return to the
682683merchant site.
683684
684- To get the result details, the transaction is "completed" on return:
685+ ### Form completeAuthorise
686+
687+ To get the result details, the transaction is "completed" on the
688+ user's return. This wil be at your ` returnUrl ` endpoint:
685689
686690``` php
687691// The result will be read and decrypted from the return URL (or failure URL)
@@ -696,14 +700,30 @@ $result->getTransactionReference();
696700
697701If you already have the encrypted response string, then it can be passed in.
698702However, you would normally leave it for the driver to read it for you from
699- the current server request:
703+ the current server request, so the following would not normally be necessary :
700704
701705 $crypt = $_GET['crypt']; // or supplied by your framework
702706 $result = $gateway->completeAuthorize(['crypt' => $crypt])->send();
703707
704708This is handy for testing or if the current page query parameters are not
705709available in a particular architecture.
706710
711+ It is important to make sure this result is what was expected by your
712+ merchant site.
713+ Your transaction ID will be returned in the result and can be inspected:
714+
715+ $result->getTransactionId()
716+
717+ You * must* make sure this transaction ID matches the one you sent
718+ the user off with in the first place (store it in your session).
719+ If they do no match, then you cannot trust the result, as the user
720+ could be running two checkout flows at the same time, possibly
721+ for wildly different amounts.
722+
723+ In a future release, the ` completeAuthorize() ` method will expect the
724+ ` transactionId ` to be supplied and it must match before it will
725+ return a success status.
726+
707727Like ` Server ` and ` Direct ` , you can use either the ` DEFERRED ` or the ` AUTHENTICATE `
708728method to reserve the amount.
709729
0 commit comments