Once all the relevant information has been captured on your website, you then need to prepare the data, encrypt it and POST it to us for authorisation.
With VSP Form, the final confirmation page on your web site should contain an HTML FORM with the Action set to the Protx VSP Form submission URL and the following 4 hidden fields as part of that Form.

This would look something like this (example taken from Submit3 of our ASP integration kit):

Before the data is encrypted, the Crypt field should contain all the other transaction information in plain text as Name=Value fields separated by '&' characters. See VSP Form Protocol and Integration guideline for more information.

Once the values in this field have been put together into a string, it will look like this:

Crypt=VendorTxCode=406227821909&Amount=4760&Currency=GBP &Description=DecriptionOfYourProducts&SuccessURL=http://www.YourSuccessPage.co.uk/ completed.asp&FailureURL=http://www.YourFailurepage.com/notcompleted.asp

This string should then be encrypted using a Simple XOR algorithm with the pre-registered encryption password provided by Protx and subsequently Base64 encoded to allow safe transport in an HTML form. Once encrypted, it will look like this:

Crypt="b1cZVgcRHDUwLSstXgFBZQsAQApaUnF9SmQOJQxAHycEBkAEWEULOAEwKiYA TEwUe2JRdg0QKz8aMjshDFtMYgFRAxIsCikgHCwraFAVAidWXBISOgomKlUROisAUAI gbGA7DwAXPD1JbWA/FEJfI1ZfEkAHCmYuHGw6I0xWHj5JXhJGDQdmLhUvaQ4CXB0mS1 ciYCReIDkHMnVnTEIGJBdCGF8NESckXSEgZhZeXj1WRhRdBRMkKAcnK2YAUxx1ekcER gcOLT82Ly4hDwgDMFZdB1caIzskByc7IQdMXzBWX1FkDQ0sIgEHIikKWUw6V1QYchgM JSgBLSZmAFocd=="

The functions to perform these steps (SimpleXor and Base64Encode) are included in the kits and can be used or copied in your own script pages.

The crypt field uses Simple XOR algorithm to encrypt the information and once this functions has been performed, is further encrypted using a Base64 code.


What is a Simple XOR algorithm?

XOR stands for Exclusive-OR encryption and is almost unbreakable through brute force methods. Both the vendor and Protx have access to a pre-defined encryption password in order to encrypt and decrypt the information provided

XOR encryption uses a password generated by Protx to encrypt text. For security reasons this is a randomly generated mixture of 16 numbers and letters in both upper and lower case e.g. oVPMeTE1xjXdT0nm

The encryption first transforms the data and the password into an Ascci number (this is where all letters/symbols/numbers are represented by a number from 0 to 256).

The Password and the crypt string which has already been transformed into an Ascci number is then further encrypted into a Binary form (a digital format of 0's and 1's).

The binary data (0's and 1's) from the password is XORed against the binary data (0's and 1's) of the crypt string. If the password is shorter than the crypt string, it repeats. e.g:

Password: 01100101011001/ 01100101011001/01100101011001/etc
Crypt string: 010010101010100111001010101010101010101101010101010010


What is Base 64 code encryption?

Base 64 literally means a positional numbering system using a base of 64. It is the largest power of two bases that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for email among other things. All well-known variants of base 64 use the characters A-Z, a-z, and 0-9 in that order for the first 62 digits but the symbols chosen for the last two digits vary considerably between different systems that use base 64.

The two encryption methods are done within the submit 3 file provided within the integration kits and would look as follows:

crypt = base64Encode(SimpleXor(stuff,EncryptionPassword))

You need to ensure that you do not remove this from the kit or if you are writing your own script then you must enter this at the end of your coding where you are building your crypt string. The actual coding that performs the encryption is written within the functions.asp file provided in the integration kits.

The Functions file (provided within the integration kit) contains all the simple procedures to encode, encrypt, decode, decrypt and split the information POSTed to and from VSP Form.

Within this file, you will need to enter the encryption password that was provided to you by Protx. You will also need to ensure that you use your unique vendor name rather than the generic 'testvendor' vendor name.

Please be aware that the XOR encryption password will remain the same for both the Test and Live server but will differ from the encryption password that was generated for you to use the VSP Simulator when you began filling in the application form.

If you use the incorrect encryption password, you will receive the following error message:

The VendorTxCode field may be missing or you may have used an incorrect encryption password

You will therefore need to check and make sure that the password is the correct XOR encryption password and it is in the correct case.

The VSP simulator password is emailed to you whilst the application form is being completed and would be emailed to you from info@protx.com.

The VSP Test and Live encryption password remains the same and is emailed to you from support@protx.com when your test account is set up and again once you have gone live with your Protx account.

You will need to ensure that your site is pointing to the correct URL which is passed within the FORM action field.

The integration kits we provide contain an action (<%response.write vspSite%> ) within this field which will pull this information from the functions.asp file.

To change the URL you will simply need to comment and un-comment the relevant URL's within this fie. This would look as follow:

N.B: The action field quoted above is for .asp and may vary depending on what scripting language you are using.

The different URL's of the Protx servers are as follows:

•  SIMULATOR server: https://ukvpstest.protx.com/VSPSimulator/VSPFormGateway.asp



•  TEST server: https://ukvpstest.protx.com/vps2Form/submit.asp



•  LIVE Server: https://ukvps.protx.com/vps2Form/submit.asp

In HTML, one can specify two different submission methods for a form. The method is specified inside a FORM element, using the METHOD attribute. The difference between METHOD="GET" (the default) and METHOD="POST" is primarily defined in terms of form data encoding.

The HTML specifications technically define the difference between "GET" where form data is to be encoded (by a browser) into a URL and "POST" where form data is to appear within a message body.

N.B: Protx do not support the GET method and you are required to use the POST action when sending a transaction through for registration.

In order to process transactions through your Protx account you will need to ensure that you are passing through your unique VSP vendor name. This is passed within the Form action field:

The integration kits we provide contain an action (<%response.write VendorName%> ) within this field which will pull this information from the functions.asp file. To amend the vendor name you will simply need to change the field within this file. This would look as follows:

N.B: The action field quoted above is for .asp and may vary depending on what scripting language you are using.

If you do not change this and/or use the "TestVendor" vendor name, all transactions which you process through your website will appear within the Protx test account which is available to all our vendors and does not classify as part of your test transactions required to go live.

Once you have encrypted the relevant information and submitted this to us, your shoppers will then be re-directed to the Protx payment page to enter their card payment details (STEP 3)