Guides
Guides

Pre-Population API

What is the Pre-Population API?

The Pre-Population API has been designed for merchants who obtain and store their customers information within their own CMS. When a customer would like to purchase with humm, the Merchant can easily populate data from their CMS into a humm Buyer Portal application automatically using this API.

How does it work?

The client’s browser performs a post to humm’s API. The POST endpoint returns a view. This view is essentially a UI to complete the final payment step (and resolve any validation errors from the posted data).

An approved, declined, error page may follow an authorisation. These pages do not redirect automatically. The page relies on the client to press the Redirect Now button. This action will redirect to the URLs you provided in the original POST.



Resource Information

HTTP MethodPOST from a client side HTML page
Testing Resource URLhttps://integration-seller.shophumm.com.au/
Production Resource URLhttps://seller.shophumm.com.au/

Data Definitions

KeyTypeRequiredSampleDescription
x_account_idStringTrue30199999The merchant number provided to you by Humm.
x_signatureStringTrueThe signature for this request. See the section Signature Generation for further details
x_guidGuid (200)FalseYour GUID reference for this transaction (required for resuming transactions)

This is returned as part of the response
x_referenceStringFalseABC123Your reference for this transaction

This is returned as part of the response
x_testBooleanFalseTruePerform process under test mode
x_staff_first_nameStringFalseHarryThe first name of the staff member processing this transaction
x_staff_last_nameStringFalseTipperThe last name of the staff member processing this transaction
x_currencyStringFalseAUD, NZD, etc.Will default to AUD if not specified
x_amountDecimalFalse1500.00The total sales amount of the transaction
x_deposit_amountDecimalFalse100.00The deposit paid by the customer
productStringDiamond RingShort description of the item or service purchased. NOTE: This is excluded from the API signature process
x_vip_numberLong (10)False1234567890The customer’s VIP or Pre-Approval number
x_customer_titleStringFalseMr = 1
Mrs = 2
Ms = 3
Miss = 4		The customer's title
x_customer_first_nameStringFalseJohnThe customer's first name
x_customer_middle_nameStringFalseAndrewThe customer's middle name (not initial)
x_customer_last_nameStringFalseSmithThe customer's surname
x_customer_emailStringFalse[email protected]The customer's email address
x_customer_mobile_phoneStringFalse0400123123The customer's mobile phone number
x_customer_home_phoneStringFalse0881231234The customer's full home phone number
x_customer_dobDateFalse1980-12-01The customer's date of birth in iso8601 standard date 2016-12-01
18 years and older
x_customer_address_unitStringFalse1The customer's address (unit number)
x_customer_address_street_numberStringFalse97The customer's address (street number)
x_customer_address_street_nameStringFalsePirieThe customer's address (street name)
x_customer_address_street_typeStringFalseStreetThe customer's address (street type)
x_customer_suburbStringFalseAdelaideThe customer's address (suburb)
x_customer_stateStringFalseACT, NSW, QLD, SA, TAS, NT, VIC, WAThe customer's address (state)
x_customer_postcodeIntegerFalse5000The customer's address (postcode)
x_customer_countryStringFalseAU, NZ, etcWill default to AU if not specified
x_customer_postcodeIntegerFalseFullTime = 1
PartTime = 2
Casual = 3
SelfEmployed = 4
AgedPensioner = 5
VeterenPensioner = 6
SelfFundedRetiree = 7
NotEmployed = 8		Employment type of the customer
x_customer_employment_hours_per_weekDecimalFalse38Customer's total working hours in a week

(Not required for APC, VPC, SFR)
x_customer_employer_nameStringFalseBHP BillitonCustomer's employer

(Not required for APC, VPC, SFR)
x_customer_employer_suburbStringFalseAdelaideCustomer's employer suburb

(Not required for APC, VPC, SFR)
x_customer_work_phoneStringFalse0882345678Customer's work phone number
x_customer_abnStringFalse99 888 888 888Customer's Australian Business Number (or ACN)

Only if Self Employed
x_customer_last_pay_dateDateFalse2018-05-01Customer's last pay date

For all Employment Types
x_customer_id_typeIntegerFalse1: Driver's License
3: Age Pension Card
4: Veteran Affairs Card		Identity type provided by the customer
x_customer_id_stateStringFalseSAState where the Customer's Identity issued (if applicable)
x_customer_id_expiry_dateDateFalse2020-01-01Expiry date of Customer's Identity card (if applicable)
x_customer_id_numberStringFalseabc255qIdentity card number
x_customer_id_referenceStringFalse123Additional identity card number/reference

ie, NSW Drivers Licence Card Number
x_url_cancelString (200)Falsehttps://example.com/CancelThe location that the client is redirected to if the transaction is cancelled or an error occurs.
x_url_completeString (200)Falsehttps://example.com/APIThe location that our API will call as part of a background process for either outcome (Approved or Declined)

Return Result

KeyTypeDescription
x_account_idStringYour humm Merchant Number
x_purchase_numberStringYour purchase number for this transaction
x_referenceStringYour originating reference for this transaction
x_guidGuidYour originating GUID reference for this transaction
x_testBooleanTest mode enabled flag
x_amountDecimalThe purchase amount of the transaction
x_depositDecimalThe deposit amount required for this transaction

Note: This might be a higher amount than your initial deposit
x_timestampDateTimeSystem timestamp for the transaction
x_resultStringResponse code from the transaction

- Pending
- Approved
- Cancelled
- Declined
- Errors
- Expired
x_signatureStringSignature for this payload. Your application should verify this signature to ensure veracity of the response

HTML Generation Sample Code

Below is a code snippet that demonstrates how the webpage that posts to Humm might be generated:

private function postToCheckout($checkoutUrl, $payload)
{
  echo
  "<html>
  <body>
  <form id='form' action='$checkoutUrl' method='post'>";
  foreach ($payload as $key => $value) {
      echo "<input type='hidden' id='$key' name='$key' value='$value'/>";
  }
  echo
  '</form>
  </body>';
  echo
  '<script>
      var form = document.getElementById("form");
      form.submit();
  </script>
  </html>';
}

Http responses sent from humm should be validated upon receipt. Make sure to use case-insensitive comparison when verifying the provided x_signature values.

Should the signature verification process fail, a 401 – Unauthorised error will be sent.


Signature Generation

All requests and responses must be signed/verified using HMAC-SHA256.

The message is a string of all key-value pairs that start with x_ prefix, sorted alphabetically, and concatenated without separators. This is then digested through the HMAC-SHA256 algorithm using the API key; the resulting code is hex-encoded and placed into the x_signature field.

Below is a code snippet that demonstrates how a signature might be generated:

function EziPay_sign($query, $api_key )
{
    $clear_text = '';
    ksort($query);
    foreach ($query as $key => $value) {
        if (substr($key, 0, 2) === "x_") {
            $clear_text .= $key . $value;
        }
    }
    $hash = hash_hmac( "sha256", $clear_text, $api_key);
    return str_replace('-', '', $hash);
}

Testing

The merchant API has a test page for constructing a valid POST message at https://uat-seller.shophumm.com.au/TEST/API. Make sure each request has a unique (GUID) API reference. You may want to use a form auto-filler such as Chrome recorder as this is a very large form.

📘

Need Sandbox Credentials

If you require Sandbox Credentials for the testing of the API, please reach out to us via the Integration Assistance From.

Updated 22 days ago