Table of contents

Set up a live ePDQ account

Please read the guidance on what to do before you switch to live first.

You should follow these instructions in order.

You can also read about setting up live Smartpay and Worldpay accounts.

Add payment methods to your account

Sign in to the ePDQ admin site. On the landing page, go to Configuration then Payment methods and select Choose new payment methods. Select Add next to all relevant payment methods.

On the Contract data tab:

  1. specify whether you have signed a contract for distance selling with an acquiring bank
  2. complete the Affiliation number (UID/Merch ID/VP number) field
  3. select Submit

On the PM Activation tab:

  1. select Yes for Activation
  2. select Submit

Set up account security parameters

Set up hashing method

On the ePDQ admin site, go to Configuration.

  1. On the Technical Information page, select the Global security parameters tab.
  2. For the Hash algorithm, choose SHA-512.
  3. For the Character encoding, choose UTF-8 and select Save.

Set up checks for “e-Commerce & Alias Gateway”

On the ePDQ admin site, go to Configuration.

  1. On the Technical information page, select the Data and origin verification tab.
  2. Go to the Checks for e-Commerce & Alias Gateway section.
  3. Leave the following field blank: URL of the merchant page containing the payment form that will call the page: orderstandard.asp.
  4. Enter a strong SHA-IN passphrase in plaintext. Do not use a hash. You will need to copy this passphrase into the GOV.UK Pay account credentials page later.

    A strong passphrase has at least 16 characters, contains at least 4 different characters, at least one letter (a-z), and at least one number (0-9) or symbol (&, @, #, !, etc.). You cannot use ^, {, }, [, ], “, ‘, |, <, or >.

  5. Go to the Checks for Barclaycard Direct Link section.

  6. Leave the IP address blank.

  7. Enter the same SHA-IN passphrase as in the Checks for e-Commerce & Alias Gateway section and select Save.

Set up notification settings

Set up Direct HTTP server to server requests

On the ePDQ admin site, go to Configuration.

  1. On the Technical information page, select Transaction feedback.
  2. Go to e-Commerce and the Direct HTTP server-to-server request section.
  3. Leave Timing of the request on the default No request setting.
  4. Leave the following fields blank:
    If the payment’s status is “accepted”, “on hold” or “uncertain”

    If the payment’s status is “cancelled by the client” or “too many rejections by the acquirer”

  5. Set the Request method to POST.

  6. Go to the e-Commerce then Dynamic e-Commerce parameters section.

  7. Check if “PAYIDSUB” is included in the Selected box. If it is not, find it in the Available box and select > to add it.

Set up security for request parameters

Take note of the passphrase you set in this section. It must be copied into the GOV.UK Pay account credentials page later.

  1. Go to All transaction submission modes and the Security for request parameters section.
  2. Enter a strong SHA-OUT passphrase in plain text. Do not use a hash. You will need to copy this passphrase into the GOV.UK Pay account credentials page later.
  3. Leave the Basic Authentication Credentials field blank.
  4. Set Timing of the request to:
    For each offline status change (payment, cancellation, etc.)
  5. In the URL on which the merchant wishes to receive a deferred HTTP request, should the status of a transaction change offline field, enter:
    https://notifications.payments.service.gov.uk/v1/api/notifications/epdq
  6. Select Save.

Set up an API user

Add a user manager

  1. Go to Configuration then Account.
  2. Go to the Your options tab.
  3. Under the Available options sub-tab, there is a list of IDs with Activate options.
  4. Activate one of the User Manager options.
  5. Select Accept on the General Conditions screen.
  6. Sign out and then sign back in again.

Create an API user

  1. On the Users page, select New User.
  2. Complete the UserID and User’s name fields.
  3. Complete the Email address field. This should contain the email address you want to receive notifications.
  4. In the Profile field, select Admin.
  5. Check the Special user for API (no access to admin.) option.
  6. Enter your own password and select Create.

Store the API user’s username and password securely. You will need to copy them into the GOV.UK Pay account credentials page later.

Set up live GOV.UK Pay credentials

In your GOV.UK Pay account:

  1. Go to My services and select the live service you want to set up.
  2. Go to Settings then Account credentials then Edit credentials.

  3. Complete the following fields:
    PSP ID - enter your PSP ID for ePDQ

    Username enter the API user’s username

    Password - enter the API user’s password

    SHA-IN passphrase - described in Set up account security parameters

    SHA-OUT passphrase - described in Set up notification settings

  4. Select Save credentials.

Test your configuration

  1. Contact your ePDQ account manager to confirm the cards you want to accept are set up.
  2. Make a test transaction on your live account. You can use the GOV.UK Pay API to do this, or use payment links if your service is not yet connected to GOV.UK Pay.
  3. Sign in to your GOV.UK Pay account.
  4. Go to the Transactions page and check your test transaction is in the list of transactions.
  5. Select the test transaction and check if you can refund it.

The refund option may take up to 20 minutes to appear after submitting the transaction.

Set up 3D Secure

To enable 3D Secure payment authentication, sign in to the GOV.UK Pay self-service admin site. Go to My services to select the live service you want to set up. Select Settings, then 3D Secure and then turn 3D Secure on.

3D Secure should be enabled by default on the ePDQ admin site. To check this, go to Configuration then Payment methods and select 3D Secure.