Cybersource Secure Acceptance and the elimination of the HOP (hosted order page)

Hi All,

I have used Cybersource's Hosted Order Page for the past 8 years, but they are eliminating that option and are offering Secure-Acceptance in it's place. The only trouble is, Cybersource offers no ColdFusion support or API.  I have pulled apart their PHP example and thought I'd share what I have working so far. You should follow the steps in http://www.cybersource.com/resources/collateral/pdf/Secure_Acceptance_WM_Quick_Start_Guide.pdf  to get the AccessKey, ProfileID, and SecretKey you'll need for this example. Here are the two pages I created "payment_form.cfm" and "payment_confirmation.cfm". You can get the payment.css, payment_form.js and jquery.js from the PHP download link in the PDF I mentioned. 

I'll post more, as I get father along...

Have a good one,

- Shawn

=================================================

payment_form.cfm

=================================================

<html>

<head>

    <title>Secure Acceptance - Payment Form Example</title>

    <link rel="stylesheet" type="text/css" href="payment.css"/>

    <script type="text/javascript" src="jquery-1.7.min.js"></script>

    <script type="text/javascript" src="payment_form.js"></script>

</head>

<body>

  <!--- CREATE UNIQUE ID FOR TRANSACTION --->

  <cfset uniqid = randrange(10000000, 99999999) & randrange(00000000, 99999999)>

  <!--- FORMAT CURRENT DATE/TIME TO GREENWICH MEAN TIME AND MATCH FORMATTING FROM PHP --->

  <cfset dtNow = Now() />

  <cfset dtGMT = DateAdd("s", GetTimeZoneInfo().UTCTotalOffset, dtNow) />

  <cfset strGMT = (DateFormat( dtGMT, "yyyy-mm-dd" )&"T"&TimeFormat( dtGMT, "HH:mm:ss" ) &"Z") />

  <cfset accessKey = "[ -----PUT YOUR ACCESS_KEY HERE----- ]">

  <cfset profileID = "[ -----PUT YOUR PROFILE_ID HERE----- ]">

<cfoutput>

  <form id="payment_form" action="payment_confirmation.cfm" method="post">

  <!--- HIDDEN FIELDS --->

  <input type="hidden" name="access_key" value="#accessKey#">

  <input type="hidden" name="profile_id" value="#profileID#">

  <input type="hidden" name="transaction_uuid" value="#uniqid#">

  <input type="hidden" name="signed_field_names" value="access_key,profile_id,transaction_uuid,signed_field_names,unsigned_field_names,signed_date_time,locale,transaction_type,reference_number,amount,currency">

  <input type="hidden" name="unsigned_field_names" value="">

  <input type="hidden" name="signed_date_time" value="#strGMT#">

  <input type="hidden" name="locale" value="en">

    <fieldset>

        <legend>Payment Details</legend>

        <div id="paymentDetailsSection" class="section">

            <span>transaction_type:</span><input type="text" name="transaction_type" size="25" value="authorization"><br/>

            <span>reference_number:</span><input type="text" name="reference_number" size="25"><br/>

            <span>amount:</span><input type="text" name="amount" size="25" value="100.00"><br/>

            <span>currency:</span><input type="text" name="currency" size="25" value="USD"><br/>

        </div>

    </fieldset>

    <input type="submit" id="submit" name="submit" value="Submit"/>

</form>

    </cfoutput>

</body>

</html>

=================================================

payment_confirmation.cfm

=================================================

<cfset signed_inputs_values =

"access_key="&#access_key#&",profile_id="&#profile_id#&",transaction_uuid="&#transaction_uuid#&",signed_field_names="&#signed_field_names#&",unsigned_field_names="&#unsigned_field_names#&",signed_date_time="&#signed_date_time#&",locale="&#locale#&",transaction_type="&#transaction_type#&",reference_number="&#reference_number#&",amount="&#amount#&",currency="&#currency#>

<cfset key = "[ -----PUT YOUR  SECRET_KEY  HERE----- ]">

<cfoutput>

  <!---  CREATE HMAC SHA256  --->

  <cfscript>

       secret = createObject('java', 'javax.crypto.spec.SecretKeySpec' ).Init(key.GetBytes(), 'HmacSHA256');

       mac = createObject('java', "javax.crypto.Mac");

       mac = mac.getInstance("HmacSHA256");

       mac.init(secret);

       digest = mac.doFinal(signed_inputs_values.GetBytes());

  </cfscript>

  <!--- ENCODE AS iso-8859-1 --->

  <cfset theSigHMAC = CharsetEncode(digest, 'iso-8859-1')>

  <!--- CREATE Base64 signature --->

  <cfset signature = ToBase64(digest)>

    <fieldset>

        <legend>Confirm Payment</legend>

        Amount: #amount#

        <br><br>

        Date: #signed_date_time#

  </fieldset>

  <form id="payment_form" action="https://testsecureacceptance.cybersource.com/pay" method="post">

       <input type="hidden" name="access_key" value="#access_key#">

       <input type="hidden" name="amount" value="#amount#">

       <input type="hidden" name="currency" value="#currency#">

       <input type="hidden" name="locale" value="#locale#">

       <input type="hidden" name="profile_id" value="#profile_id#">

       <input type="hidden" name="reference_number" value="#reference_number#">

       <input type="hidden" name="signed_date_time" value="#signed_date_time#">

       <input type="hidden" name="transaction_type" value="#transaction_type#">

       <input type="hidden" name="transaction_uuid" value="#transaction_uuid#">

       <input type="hidden" name="unsigned_field_names" value="#unsigned_field_names#">

       <input type="hidden" name="signed_field_names" value="#signed_field_names#">

       <input type="hidden" name="signature" value="#signature#">

  <input type="submit" id="submit" name="submit" value="confirm"/>

  </form>

</cfoutput>