Skip to main content
knowledgecenter.avangate.com

Prefill customer data in order forms

Overview

Use Avangate's order form prefill feature to pre-populate forms in the ordering interface with customer data already stored in your shopping cart platform. 

Scenarios

  1. You're using the secure.avangate.com domain - Send the details to be auto-filled via a form using either GET or POST to https://secure.avangate.com/order/pf.php.
  2. You're using a custom domain such as store.YourDomain.com - Use the custom domain when sending the details with either GET or POST to https://store.YourDomain.com/order/pf.php.

Workflow

Avangate captures the sent parameters and redirects the customer to the link set by the "URL" parameter.

Parameters

 

Required

URL

The GET request created either in the Generate Sales Links area or dynamically. 

Use URL-encoding (RFC 1738) for the value of the URL parameter when working with custom built links.

MERCHANT

Your Avangate Merchant Code (view)

AUTOMODE

(optional) Send this parameter with value = 1 to skip to the credit card details page, provided all billing information is sent as described below. If any of the fields below are incomplete, the regular form will be shown in order for the customer to fill in the missing fields.

 

Optional: billing information

BILL_FNAME

Client first name

BILL_LNAME

Client last name

BILL_COMPANY

Company name for billing

BILL_FISCALCODE

Company Unique registration code(VAT ID)

BILL_EMAIL

E-mail address

BILL_PHONE

Phone number

BILL_FAX

Fax number

BILL_ADDRESS

Customer/Company physical address

BILL_ADDRESS2

Customer/Company address (second line)

BILL_ZIPCODE

Customer/Company zip code

BILL_CITY

City

BILL_STATE

State/County

BILL_COUNTRYCODE

Country code (two letter code)

 

Optional: delivery information

DELIVERY_FNAME

Client first name

DELIVERY_LNAME

Client last name

DELIVERY_COMPANY

Company name for delivery

DELIVERY_PHONE

Phone number

DELIVERY_ADDRESS

Client/company address (for delivery)

DELIVERY_ADDRESS2

Client/company address (second line)

DELIVERY_ZIPCODE

Client/company zip code

DELIVERY_CITY

City

DELIVERY_STATE

State/County

DELIVERY_COUNTRYCODE

Country code (NL for Netherlands)

URL encoded string

Not encoded Encoded
https://secure.avangate.com/order/cart.php?PRODS=123456&QTY=1
https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D123456%26QTY%3D1

Example: Submitting customer email in the buy-link

https://secure.avangate.com/order/pf.php?MERCHANT=YourCode&BILL_EMAIL=john.doe@example.com& URL=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcheckout.php%3FPRODS%3D123456%26QTY%3D1

Encrypt prefilled data

Send the data using either GET or POST.

Cryptographic Standard

Advanced Encryption Standard (AES), used with 256 bit keys, in CBC mode (cipher block chaining), with random and unique 'Initialization vector (IV)' 256 bit IV. 

Encryption Key

  1. Get the secret key for your account from account settings
  2. Create the MD5 hash (256 bit) of your account's secret key
  3. Use the result as the encryption key.

Hash

Generate a keyed hash value using the HMAC method and the MD5 hashing algorithm of the unecrypted URL (Buy Link) and your account's secret key.

Encryption Format

  1. URL-encode prefill data: BILL_FNAME=John&BILL_LNAME=Doe...
  2. Encrypt the URL-encoded data using AES-256 in CBC mode, with a unique randomly generated IV (intialization vector) and the MD5 hash (256 bit) of your account's secret key as the symmetric encryption key.
  3. Encrypt the IV used at step 2 using AES-256 in ECB mode.

GET request

Build your URL using this format:

https://secure.avangate.com/order/pf.php?MERCHANT=<Your_Merchant_CODE>&IV=<BASE64_IV>&DATA=<BASE64_DATA>&HASH=<HASH>

You most base 64 encode both the IV and the data. Do the same with the URL-encoded before including it in the URL.

Example

<?php

//Buy link
$url = 'https://secure.avangate.com/order/checkout.php?PRODS=1234567&QTY=1&CART=1&CARD=2';

//Prefill data + buy link.
$data = 'BILL_FNAME=John&BILL_LNAME=Doe&URL=' . urlencode($url);

//Secret key
$key = '123&^^%$hjBJ';
$encryption_key = md5($key);

//Data to encrypt.
$string = $data;

// Create a random IV to use with ECB encoding
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_RANDOM);
    
//Encrypt IV to use in the link
$cryptIv = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $encryption_key,$iv, MCRYPT_MODE_ECB);
        
//Encrypted data
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $encryption_key, $string, MCRYPT_MODE_CBC, $iv);

$hash = hash_hmac('md5', $string, $key);

$outputUrl = 'https://secure.avangate.com/order/pf.php?MERCHANT=YourCode&IV=' . ( urlencode(base64_encode($cryptIv)) ) .'&DATA=' . ( urlencode ( base64_encode($ciphertext) ) ) . '&HASH=' . $hash;
echo $outputUrl . '<br />';

//un-encrypted URL
echo  'https://secure.avangate.com/order/pf.php?MERCHANT=YourCode&' . $data . '<br />';