Web Order Interface Web Site Requirements
From FloristWiki
|  (→Encryption) | |||
| Line 173: | Line 173: | ||
| <tr> | <tr> | ||
| <td style="padding: 3px; text-align:left; font-size: 9pt;  font-weight: bold;">Delivery Instructions</td> | <td style="padding: 3px; text-align:left; font-size: 9pt;  font-weight: bold;">Delivery Instructions</td> | ||
| - | <td style="padding: 3px; text-align:left; font-size: 9pt;"></td> | + | <td style="padding: 3px; text-align:left; font-size: 9pt;">Goes into Time Detail</td> | 
| <td style="padding: 3px; text-align:left; font-size: 9pt;">250</td> | <td style="padding: 3px; text-align:left; font-size: 9pt;">250</td> | ||
| </tr> | </tr> | ||
Revision as of 13:17, 15 October 2014
| 
 | 
This section will help you understand how to program your Web site so FTD Mercury can retrieve Web orders from your e-commerce email address. Give this information to your Web site designer before you set up the Web Order Interface.
General Requirements
- E-commerce Web site with SMTP capability and symmetric encryption capability.
- A working Internet connection.
- An outgoing SMTP server. You can use FTD’s mail server or your own. This should be set up in Mercury Administration on the MailServer screen.
- An email address for e-commerce Web orders. The account must be accessible via POP3 or IMAP protocols from the Internet. If your ISP has any IP restrictions on which addresses are allowed to communicate with the mail server, then WOI will be unable to pick up these email messages.
- A separate email address for error reporting. It is recommended that this address use the same incoming mail server as your e-commerce email address (for example, if your email address for Web orders is orders@email.com, it is recommended that your Web site for error reporting is errors@email.com). You do not have to use this email address for error reporting only (it can be used for personal use as well).
Field Requirements
The following table lists the requirements for fields on your Web site. Information about the contents of each column is provided below:
- Web Site Field—This column lists the fields that FTD Mercury is able to interpret on your Web site.
- Requirements for Field—This column lists the standards that your field must follow (if any) so that FTD Mercury can properly interpret the information. If no standards are listed, then there are no requirements for this field (the text will be copied into FTD Mercury “as is”).
- Number of Characters—This column lists the maximum number of characters that FTD Mercury can use to obtain information. You may decide to allow your customers to enter more characters than what is listed here; however any number of characters that is greater than what is listed here will be lost.
| Web Site Field | Requirements for Field | Number of Characters | 
| Additional Information | Goes in Special Instructions | 1000 | 
| Bill Address1 | 100 | |
| Bill Address2 | 100 | |
| Bill City | 30 | |
| Bill Country | USA or CND for example | 3 | 
| Bill Fax Area Code | 3 | |
| Bill Fax Number | Prefix plus phone number, or remaining phone number values | 20 | 
| Bill Fax Prefix | Can be left blank | 3 | 
| Bill Name | This field should list the person that is PLACING the order | 50 | 
| Bill Phone Area Code | 3 | |
| Bill Phone Extension | Must be SEPARATE field from Phone Number | 4 | 
| Bill Phone Number | Prefix plus phone number, or remaining phone number values | 20 | 
| Bill Phone Prefix | Can be left blank | 3 | 
| Bill Phone2 Area Code | 3 | |
| Bill Phone2 Extension | Must be SEPARATE field from Phone Number | 4 | 
| Bill Phone2 Number | Prefix plus phone number, or remaining phone number values | 20 | 
| Bill Phone2 Prefix | Can be left blank | 3 | 
| Bill State | 2-digit abbreviation | 2 | 
| Bill Zip Code | 10 | |
| Card Message | 600 | |
| CC Cardholder | (Not Required.) This field should list the same name that is on the CREDIT CARD. If payment is to be applied to a house account, provide house account number. | 30 | 
| CC Company | Credit card company that the number applies to (VISA, DISCOVER, etc.). If payment is to be applied to a house account, supply “INHOUSE” | 10 | 
| CC CVV Code | Credit card security code (on back of card) | 10 | 
| CC Expiration (Month) | 2-digit number | 2 | 
| CC Expiration (Year) | 2- or 4-digit year | 4 | 
| CC Number | Credit card number. If payment is to be applied to a house account, provide house account number. | 20 | 
| Delivery (Day) | 2-digit number | 2 | 
| Delivery (Month) | 2-digit number | 2 | 
| Delivery (Year) | 2- or 4-digit year | 4 | 
| Delivery Charge | Can include the decimal or dollar sign | 8 | 
| Delivery Instructions | Goes into Time Detail | 250 | 
| Discount Amount | Can include the decimal or dollar sign | 8 | 
| E-mail Address | 50 | |
| Occasion Code | 0 = None 1 = Sympathy 2 = Illness 3 = Birthday 4 = Business Gifts 5 = Holiday 6 = Maternity 7 = Anniversary 8 = Other | 2 | 
| Product AmountX | Where X is the line item number of the product | 8 | 
| Product CodeX | Where X is the line item number of the product | 10 | 
| Product DescriptionX | Where X is the line item number of the product | 350 | 
| Product QtyX | Where X is the line item number of the product | 4 | 
| Recipient Address1 | 100 | |
| Recipient Address2 | 100 | |
| Recipient City | 30 | |
| Recipient Company | Populates the company name for the recipient on the order. | 50 | 
| Recipient Country Code | USA or CND for example | 3 | 
| Recipient Name | 100 | |
| Recipient Phone Area Code | 3 | |
| Recipient Phone Extension | Must be SEPARATE field from Phone Number | 4 | 
| Recipient Phone Number | Prefix plus phone number, or remaining phone number values | 20 | 
| Recipient Phone Prefix | Can be left blank | 3 | 
| Recipient State | 2-digit abbreviation | 2 | 
| Recipient Zip Code | 10 | |
| Relay Charge | Can include the decimal or dollar sign | 8 | 
| Retrans Charge | Can include the decimal or dollar sign | 8 | 
| Service Charge | Can include the decimal or dollar sign | 8 | 
| Tax Amount | Can include the decimal or dollar sign | 8 | 
| Total Order Amount | Total order amount should be the total of all products, fees, and taxes minus any discounts. Can include the decimal or dollar sign | 20 | 
Special Instruction Tags for Preauthorized Credit Cards
FTD Mercury supports cards preauthorized via your Web site. When transmitting information to FTD Mercury, information is received in the special instructions for orders received from WOI. Credit card processing is not performed in FTD Mercury if an approval code is transmitted with a WOI order.
| These fields also apply to Florists Online (FOL) orders. | 
The following tags are available for preauthorized credit cards using WOI or FOL (you must have previously provided the credit card number, type, and expiration date to use these tags):
| Tag | Requirements/Notes | Characters | 
| APPROVAL CODE | If this contains a value, the approval code is displayed in the Payments window for the order. The order will not be reprocessed unless the order total is changed. | 1024 (AP, DECLINED, ERROR) | 
| AVS RESPONSE | Must be either Y or N | 1 (alpha) | 
| CARD CODE | Always blank | |
| CARD CODE RESPONSE | Always blank | |
| CC MESSAGE | Stored in Order Notes | 48 | 
| CLIENT REFERENCE ID | 64 (alphanumeric) | |
| RESPONSE CODE | AP or DC (approved or declined) or blank. NOTE: If this is blank and both Transaction ID and Client Reference ID are not blank, a query of CCAPI will be performed to receive the updated status. If this is blank and Transaction ID and Client Reference ID are blank, the order will be availble for normal credit card processing in FTD Mercury. | 2 (alpha) | 
| TRANSACTION ID | CCAPI Transaction ID# (required if approval codeexists) | 9 (numeric) | 
Other Formatting Considerations
- Because the Web Order Interface is doing key/value parsing of the email, the email must be in plain text. HTML or rich text formatted (RTF) email cannot be handled and will cause error.
- Email messages with the given subject line that have been successfully processed will be deleted from the given email server. If the email causes an error of any kind, it will be forwarded onto the error email address configured in Mercury Administration. If the attempt to forward this email fails, the mail will be left on the email server.
- Email messages that do not have the given subject line will be forwarded to the error email address provided in Mercury Administration.
- Whether encrypted or not, everything should reside within the body of the email. If the email body is encrypted, it should be Base64 encoded (care should be taken by the Web developer to ensure correct line block length). Attachments will be ignored.
- Do not use special characters, except in the email address (for example, do not use #, $, %, ^, &, etc.).
- If you are not using the Product Description field for a product description, enter the product code in both the Product Description field and the Product Code field.
- If a field in the Web order form is unused, that field should still be included in the generated email.
- Given the above table, a valid email body would look like this:
Bill Name: Joe Customer Bill Address1: 12345 Main Street Bill Address2: Bill City: Anytown Bill State: IL Bill Country: USA Bill Zip Code: 60515 Bill Phone Area Code: 630 Bill Phone Prefix: 555 Bill Phone Number: 7890 Bill Phone Extension: 1028 ...etc.
| There is no space between the heading and the colon, and there is a space between the colon and the relevant information. | 
Encryption
- The cipher mode used for all encryption types is CBC.
- The padding mode used for all encryptions is PKCS7.
- Only a user-friendly password will be required for configuration by the user. This password will be used to generate both the key and initialization vector required by the encryption process.
- If the password is longer than necessary, it will be truncated to fit.
- If the password is shorter than necessary, it will be right padded with asterisks (*).
- The valid lengths that will determine truncation or padding are defined as being the maximum length allowed for each respective algorithm. Currently, those lengths are defined as follows:
- Valid key lengths:
- DES - 8 bytes
- RC2 - 16 bytes
- Rijndael - 32 bytes
- TripleDES - 24 bytes
 
- Valid IV lengths:
- DES, RC2, TripleDES - 8 bytes
- Rijndael - 16 bytes
 
For example, the key and IV that should be used for a password of “flower,” for example the TripleDES encryption algorithm:
Key: “flower******************” IV: “flower**”
| Since a weak key provided to TripleDES will cause an error, the FTD Mercury encryption library will predetermine whether or not the key is weak. If the key is found to be weak, encryption will be processed via the DES algorithm, not TripleDES. This will not impact the user in any way. | 


