Introduction
GoldMoney is a payment system in which customers and merchants exchange grams of
gold (gg) with in the GoldMoney system. This method of payment, although not
widely used in the United States, offers some advantages over credit card
systems: It does not have a charge-back system, so sales are final.
Denominating purchases in gold grams eliminates the hassle of unsupported
currencies, and the transaction costs are minimal.
In this article I will set out to explain how to implement the GoldMoney Online
Merchant Interface (OMI) using ASP.NET and C#. The OMI interface allows you to
automatically submit and receive notification of successful payments.
Using the code
The OMI interface implementation shown here has 3 parts:
- Collection of user information.
- Posting of data to GoldMoney for user purchase authorization.
- Receiving notification of successful payment.
Collect User Information
The first part is just a page, GMCollect.aspx
, to collect user
information such as name and email address. GoldMoney does not require any user
information from the merchant this is only to allow the merchant to fulfill the
order. The purchase button on the collection page calls the redirection page
with the item ID and any data that was collected on this page.
private void btnPurchase_Click(object sender, System.EventArgs e)
{
int itemID = 1;
int orderID = 100;
string url = string.Format("GMRedirect.aspx?ITEM={0}&EMAIL={1}&FIRST={2}&LAST={3}&ORDERID={4}"
,itemID
,TextEmailGold.Text
,HttpUtility.UrlEncode(TextGoldFirstName.Text)
,HttpUtility.UrlEncode(TextGoldLastName.Text)
,orderID
);
Response.Redirect(url);
}
Send Information to GoldMoney
The second part is the posting of data to the GoldMoney website. As many have
found out when using ASP.NET you cannot simple put a form button within the
code-behind and expect it to work. What I’ve done here is take the easiest
route and created a redirection page, GMRedirect.aspx
. When
GMRedirect.aspx
is called it will post to the GoldMoney site.
The redirection page is responsible for taking the collected data along with the
items purchase price and putting it in the variables to be posted to the
GoldMoney site.
private void Page_Load(object sender, System.EventArgs e)
{
try
{
string memo = string.Empty;
string tmp = Request.Params["ITEM"];
if (null != tmp && tmp.Length > 0)
{
int id = int.Parse(tmp);
int orderID = 0;
tmp = Request.Params["ORDERID"];
if (null != tmp && tmp.Length > 0)
{
orderID = int.Parse(tmp);
}
OMI_MERCHANT_REF_NO.Value = orderID.ToString();
string itemName = "Widget";
double itemCost = 42.42;
double itemShipping = 1.00;
memo = "Payment for " + itemName;
MERCHANT_FIELD_1.Value = id.ToString();
OMI_CURRENCY_AMT.Value = string.Format("{0:0.00}",itemCost + itemShipping);
}
string emailStr = Request.Params["EMAIL"];
if (null != emailStr)
{
MERCHANT_FIELD_EMAIL.Value = emailStr;
}
string firstName = Request.Params["FIRST"];
if (null != firstName)
{
firstName = HttpUtility.UrlDecode(firstName);
MERCHANT_FIELD_FIRSTNAME.Value = firstName;
}
string lastName = Request.Params["LAST"];
if (null != lastName)
{
firstName = HttpUtility.UrlDecode(lastName);
MERCHANT_FIELD_LASTNAME.Value = lastName;
}
OMI_MERCHANT_MEMO.Value = memo;
}
catch (Exception ex)
{
}
}
GoldMoney Notifications
The third part is the magic automation. GoldMoney will post to this page, GMNotify.aspx
,
with all the parameters of a successful payment and the merchant variables you
passed up to it. This example assumes that GoldMoney is posting to an SSL
secure page so the variables cannot be intercepted. The notification page
validates that the message came from GoldMoney by checking a shared secret key
between your website and GoldMoney. This secret key and the URL to this
page is set in the OMI settings of your GoldMoney account. After
validating the order, place in any code you need to fulfill the order.
private void Page_Load(object sender, System.EventArgs e)
{
string _secretKey = "verybadsecretkey";
string holdingNo = "12-34-56-A";
try
{
if (Request.Form["OMI_SECRET_KEY"].CompareTo(_secretKey) == 0)
{
if (Request.Form["MERCHANT_FIELD_EMAIL"].Length > 0)
{
string email = Request.Form["MERCHANT_FIELD_EMAIL"];
if (Request.Form["OMI_MERCHANT_HLD_NO"].CompareTo(holdingNo) == 0)
{
int orderID = int.Parse(Request.Form["OMI_MERCHANT_REF_NO"]);
int itemID = int.Parse(Request.Form["MERCHANT_FIELD_1"]);
int currencyCode = int.Parse(Request.Form["OMI_CURRENCY_CODE"]);
double amount = double.Parse(Request.Form["OMI_CURRENCY_AMT"]);
string firstName = Request.Form["MERCHANT_FIELD_FIRSTNAME"];
string lastName = Request.Form["MERCHANT_FIELD_LASTNAME"];
}
}
else
{
}
}
else
{
}
}
catch
{
}
}
Security Concerns
I abbreviated a number of security checks in this code for clarity. It should be
noted that the transfer of data from GMCollect.aspx
to GMRedirect.aspx
can be intercepted and changed by the user. A safer method, such as session
variables or hash checks is recommended.
Another security issue is to validate that the order information and the price
being sent from GoldMoney match. It might be possible, although unlikely, for
the customer to adjust the price of the transaction from GoldMoney but retain
the same order ID.
More Information
To setup a free GoldMoney account visit GoldMoney.com
. GoldMoney OMI implementation documentation is located
here.
Disclaimer
This documentation and the accompanying files are provided "as is" with no
expressed or implied warranty. No responsibilities for possible damages, or
side effects in its functionality. The user must assume the entire risk of
using this code. The author and Screaming Bee LLC accepts no liability if it
causes any damage to your computer, website, software, reputation or your love
life. Use at your own risk.