# Hosted checkout

xMoney offers a secure, hosted checkout experience. This allows your customers to easily select their preferred payment method and complete their purchase. Our hosted checkout is designed for optimal performance and conversion, ensuring a smooth transaction.

## Checkout initialization

To initiate the xMoney checkout and redirect your customer for payment, you need to create an HTML form with two essential parameters: `jsonRequest` and `checksum`.

* **`jsonRequest`:** A JSON object containing all transaction details, base64 encoded.
* **`checksum`:** An alphanumeric sequence (base64 encoded) that verifies the JSON's integrity, preventing tampering.


Here's an example of a JSON object containing transaction details:


```json
{
  "siteId": 1,
  "customer": {
    "identifier": "your-unique-customer-id",
    "firstName": "John",
    "lastName": "Doe",
    "country": "RO",
    "city": "Bucharest",
    "email": "john.doe@test.com"
  },
  "order": {
    "orderId": "your-unique-order-id",
    "description": "Order Description",
    "type": "purchase",
    "amount": 2194.98,
    "currency": "RON"
  },
  "cardTransactionMode": "authAndCapture",
  "backUrl": "https://myshop.com/payment-back-url"
}
```

To calculate the `checksum` and `jsonRequest`, you will need to base64 encode the json, and calculate the hmac using your **Private Key**.

Here are some examples of how to calculate the base64 encoded json and checksum.

NodeJS

```javascript
const crypto = require('crypto');

function getBase64JsonRequest(orderData) {
    const jsonText = JSON.stringify(orderData);
    return Buffer.from(jsonText).toString('base64');
}

function getBase64Checksum(orderData, secretKey) {
    const hmacSha512 = crypto.createHmac('sha512', secretKey);
    hmacSha512.update(JSON.stringify(orderData));
    return hmacSha512.digest('base64');
}

// Sample order data
const orderData = {
    "siteId": 1,
    "customer": {
        "identifier": "your-unique-customer-id",
        "firstName": "John",
        "lastName": "Doe",
        "country": "RO",
        "city": "Bucharest",
        "email": "john.doe@test.com"
    },
    "order": {
        "orderId": "your-unique-order-id",
        "description": "Order Description",
        "type": "purchase",
        "amount": 2194.98,
        "currency": "RON"
    },
    "cardTransactionMode": "authAndCapture",
    "backUrl": "https://myshop.com/payment-back-url"
};

const secretKey = "your-private-key";

const base64JsonRequest = getBase64JsonRequest(orderData);
const base64Checksum = getBase64Checksum(orderData, secretKey);
```

PHP

```PHP
<?php

function getBase64JsonRequest(array $orderData) {
    return base64_encode(json_encode($orderData));
}

function getBase64Checksum(array $orderData, $secretKey) {
    $hmacSha512 = hash_hmac('sha512', json_encode($orderData), $secretKey, true);
    return base64_encode($hmacSha512);
}

// Sample order data
$orderData = [
    "siteId" => 1,
    "customer" => [
        "identifier" => "your-unique-customer-id",
        "firstName" => "John",
        "lastName" => "Doe",
        "country" => "RO",
        "city" => "Bucharest",
        "email" => "john.doe@test.com"
    ],
    "order" => [
        "orderId" => "your-unique-order-id",
        "description" => "Order Description",
        "type" => "purchase",
        "amount" => 2194.98,
        "currency" => "RON"
    ],
    "cardTransactionMode" => "authAndCapture",
    "backUrl" => "https://myshop.com/payment-back-url"
];

$secretKey = "your-private-key";

$base64JsonRequest = getBase64JsonRequest($orderData);
$base64Checksum = getBase64Checksum($orderData, $secretKey);
```

Once you have the `base64JsonRequest` and `base64Checksum`, generate an HTML form. You have two options for how the customer will be redirected to the xMoney checkout page:

Pay Button

```html
<!-- if using production env replace action with https://secure.xmoney.com -->
<form action="https://secure-stage.xmoney.com" method="POST" accept-charset="UTF-8">
  <input type="hidden" name="jsonRequest" value="${base64JsonRequest}">
  <input type="hidden" name="checksum" value="${base64Checksum}">
    
  <button type="submit">Pay Now</button>
</form>
```

**Description:** This form creates a "Pay Now" button. When the customer clicks this button, the form is submitted, and they are redirected to the xMoney secure checkout page.

Auto-submit

```html
<!-- if using production env replace action with https://secure.xmoney.com -->
<form name="myform1" action="https://secure-stage.xmoney.com" method="POST" accept-charset="UTF-8">
  <input type="hidden" name="jsonRequest" value="${base64JsonRequest}">
  <input type="hidden" name="checksum" value="${base64Checksum}">
</form>
<script>
  window.onload = function() {
    document.myform1.submit();
  };
</script>
```

**Description:** This form automatically submits itself using JavaScript upon page load. The customer is immediately redirected to the xMoney secure checkout page without needing to click a button.

Upon redirection, the customer will be presented with the xMoney hosted checkout page, as illustrated below:

Checkout hosted page
## Checkout parameters

Here's a list of all the parameters you can use to configure our hosted checkout page.