Access Keys:
Skip to content (Access Key - 0)

Q: What are the options for merchant redirect URLs in Cybersource?

On this page:

Answer

Authorized Users Only
Only authorized users can update these URLs in their Cybersource accounts. Merchants who have questions about updating these urls should contact chargemit-help@mit.edu.

In a Secure Acceptance Profile, there are 4 configurable URLs:

  • Merchant POST URL
  • Transaction Response Page
  • Custom Cancel Response Page
  • Custom Redirect After Checkout

They are described below:

Note

Merchants do NOT need to change all 4 URLs in order to handle different responses (e.g. ACCEPT, DECLINE, ERROR) correctly. Merchants should consult Appendix A of the Secure Acceptance Web/Mobile Guide (PDF), in the section labeled "Types of Notifications". A copy of that table is available below (click to enlarge), but always consult the most recent Cybersource documentation.

For all of these URLs, the URL must be the final URL of the page, and cannot be a URL that redirects (via 301 or 302) to yet another URL (for example, if the url is http://example.com/response, that then cannot redirect to http://example.com/mit_response). If it does that, all transaction data will be lost, and the custom response page will have no way of knowing if a transaction was successful or not. (Some web browsers will correctly handle a 307 redirect, but merchants are strongly encouraged to specify a response URL that points to an actual page and returns a 200.) Merchants who re-design their websites should take care to ensure that their web designer does not attempt to preserve old links via a RedirectMatch or RewriteRule or similar directive; or they must update their Cybersource profiles when they redesign their sites.

Merchant POST URL

This is found in the "Notifications" section of the secure acceptance profile. By default, this is set to https://shopmitprd.mit.edu/web/log, and ensures that transaction data is logged on the shopmitprd server.

If a merchant wishes to change this URL, they should ensure that they correctly handle ALL possible "Reason Codes" and correctly process ALL "API Reply Fields". (See Appendix A of the Silent Order POST guide: PDF)

Note that if a merchant changes this URL, no transaction data will be sent to the shopmitprd server, so we won't have access to help them troubleshoot any problems.

IMPORTANT: If a merchant simply wishes to handle different responses (e.g. ACCEPT, DECLINE, ERROR) on their own, they do not need to change this URL – they can use a Transaction Response Page, as described below. In general, changing this is NOT recommended unless a merchant absolutely needs to.

Custom Response Page

This is found in the "Customer Response Pages" section of the secure acceptance profile. By default, this is set to "Hosted by Cybersource", and will display a Cybersource page that either tells the customer their order was successful, or declined, or there was an error.

If a merchant wants their own page, they can specify a custom URL here, by clicking "Hosted by you", and entering the URL. After entering payment information, the customer will be sent to that page, and Cybersource will also send information about whether the transaction was successful or not. If a merchant wishes to change this URL, they should ensure that they correctly handle ALL possible "Reason Codes" and correctly process ALL "API Reply Fields". (See Appendix A of the Secure Acceptance Web/Mobile guide: PDF)

Custom Cancellation Page

This is found in the "Customer Response Pages" section of the secure acceptance profile. By default, this is set to "Hosted by Cybersource", and will display a Cybersource page that either tells the customer their order was successful, or declined, or there was an error.

This is similar to the "Custom Response Page" above, but is only displayed for transactions that are cancelled: either the customer clicked "Cancel", or the customer declined to agree to any service fees/service charges. It is less complicated than the Custom Response Page, because the only data sent by Cybersource is the reason for the cancellation. However, if the merchant decides to use the same URL for "Custom Response" and "Custom Cancellation", they must ensure they correct read all data from Cybersource, and do not mistakenly count a cancellation as a successful payment.

Customer Redirect After Checkout

This is found in the "Customer Response Pages" section of the secure acceptance profile. By default, this is blank.

This can be used along with Cybersource-hosted Response and Cancellation pages. Cybersource will display their own pages indicating whether payment was successful or not, but will then give the customers a link back to whatever URL is specified here. Unlike the Custom Response page, no information is sent along with the URL to indicate whether the transaction succeeded or failed. It's the same page for every transaction, but merchants may still want to use it to indicate next steps to the customer (e.g. "Thank you for your payment. If it was declined, we will contact you in a week. If your payment was successful, you don't need to take any other action")

The Cybersource development guides indicate that if a Custom Response Page is used, this URL must be set to the same URL as the Custom Response Page.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

May 05, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
cybersource cybersource Delete
chargemit chargemit Delete
shopmit shopmit Delete
merchant-services merchant-services Delete
c-chargemit c-chargemit Delete
merch-review merch-review Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki