The calculation of the signature works as follows:
Important: For the return and the push, the data have to be fully decoded before the signature can be calculated.
Instruction: The use of the selected (SHA) encryption algorithm differs per development platform. Most languages (such as PHP and ASP.NET) have default implementations of the selected SHA algorithm. For other languages, such as classis ASP, implementations for the selected SHA algorithm can be found on the internet.
The Buckaroo payment environment is entirely equipped with SSL certificates. This is visible through the “padlock” that is shown on the webpages and the URL beginning with HTTPS instead of HTTP. Buckaroo recommends to implement both the online store checkout and the redirect page in a HTTPS secured environment. This way the data are illegible should they get intercepted on the internet.
When the customer returns to the Merchant’s online store after having made a payment, a warning might be displayed. Customers are then warned that they’re leaving the safety of the Buckaroo environment and are redirected to the online store’s unprotected Thank You page.
In order to avoid an error message, it is important to protect the Thank You page with a SSL certificate. So you’ll have to change the Thank You page from http://return.merchantnaam.nl to https://return.merchantnaam.nl.
In order to verify whether the return URL is working properly, it can be extracted from the message to Buckaroo and placed in a browser. If the URL doesn’t work, it needs to be checked whether this page actually starts with HTTPS. An unprotected Thank You page can cause problems, particularly with regard to the Safari browser on the iPAD and iPHONE platform. The option to proceed is not always available. This results in incomplete payments and thus conversion loss.
It is possible to get access to the Buckaroo Payment Plaza by means of two-factor authentication. Thus the user can rest assured not just anyone can log in to the Buckaroo Plaza by simply typing in the username and password. Apart from the current log-in data, we recommend you also set an extra verification via your phone with the Google Authenticator. This can be downloaded in the online App store of the relevant telephone type. With two-factor authentication, two of the following forms of authentication must be complied with: