Sagepay are a card payment provider. There is a new Sagepay API to manage the actions that are normally accessed through the account management web portal “MySagePay”. At time of writing it is in restricted Beta. As it is not open I feel unable to disclose everything about how it works, but if you are using the beta service with .NET then parts of my wrapper may be useful to you.
To get in on the Beta, go into the Sagepay website Access forum and PM Joe in support who will send you the API documents. If you want my .NET wrapper for Access then I don’t mind sharing but would need to confirm with you that you have been given the Beta documentation first.
LINQ to XML seemed like the best way forward so here goes;
Prepare the XML
I’ve left out the command name, you can replace it if you have the API documentation as you will know what it is. For each call in the API you start with the same XML fragment then append the relevant parameters to it.
Public Shared Function lockUserXMLRequest( _
ByVal VendorID As String, ByVal UserName As String, ByVal Password As String, _
ByVal lockusername As String) As XElement
If lockusername.Length > 20 Then Throw New ArgumentException("username must be 20 characters maximum", _
"lockusername", Nothing)
Dim SagePayRequestXML As XElement = New Credentials("[commandname]", VendorID, UserName, Password)
SagePayRequestXML.Element("user").AddAfterSelf(<username><%= lockusername %></username>)
Return HashRequestxml(SagePayRequestXML)
End Function
The credentials are passed in for each request as an xElement;
Public Class Credentials
Inherits XElement
Public Sub New(ByVal Command As String, ByVal VendorID As String, _
ByVal UserName As String, ByVal Password As String)
MyBase.New("vspaccess")
If UserName.Length > 20 Then
Throw New ArgumentException("UserName maximum of 20 character", "UserName", Nothing)
End If
If VendorID.Length > 16 Then
Throw New ArgumentException("VendorID maximum of 16 character", "VendorID", Nothing)
End If
If Password.Length > 32 Then
Throw New ArgumentException("Password maximum of 32 character", "Password", Nothing)
End If
Me.Add(<command><%= Command %></command>)
Me.Add(<vendor><%= VendorID %></vendor>)
Me.Add(<user><%= UserName %></user>)
Me.Add(<password><%= Password %></password>)
End Sub
End Class
Hash the request
Once you have the XML it is hashed with your vendor password, the password must be removed before the XML is submitted to Sagepay;
Private Shared Function HashRequestxml(ByVal RequestElement As XElement) As XElement
''Is there a better way to convert xElement() to string?
Dim sb As New StringBuilder
For Each currentElement In RequestElement.Elements
sb.Append(currentElement.ToString)
Next
' Get the "inner xml" of the element
Dim oReader = RequestElement.CreateReader()
oReader.MoveToContent()
Dim asstring = oReader.ReadInnerXml()
'Hash the request and password element together and use the result
' as the signature
Dim signature As XElement = _
<signature><%= getMd5Hash(asstring) %></signature>
'Now remove the password, not required now hash generated
RequestElement.Element("password").Remove()
RequestElement.Add(signature)
Return RequestElement
End Function
Note: A post in the Sagepay forum indicates that the final Access may be significantly different to the current one in use. See: Our improved Reporting & Admin API is coming...