1. Pre-payment check errors
The following errors may occur before a transaction takes places, in order to block it, preventing unauthorised payments.
- unknown order/1/s/
You will receive this error message if the SHASIGN field sent in the transaction request doesn't match the SHASIGN calculated on our end, using the details of the order combined with the passphrase entered in the "SHA-IN passphrase" field (in your PostFinance account > Configuration > Technical information > “Data and origin verification” tab), either for e-Commerce or DirectLink.
Please ensure that the integration has been performed exactly as per the documented instructions, ensuring all parameters are sent with your request. It is also imperative that the SHASIGN string for encryption is created in alphabetical order.
Typical reasons for this error are:
- The SHA-IN passphrase value configured in the PostFinance back office does not match the value you used to encrypt the transaction data used to create the SHASIGN parameter (please also ensure you are sending transactions to the correct PostFinance environment – TEST or PRODUCTION)
- You have not arranged the parameters in alphabetical order when calculating the SHASIGN in your server-side code
- You have not correctly declared some of the parameters – all parameters and values are case sensitive (all parameter names must be upper case)
- You have set a hash algorthm value that is different to the SHA method used in your server-side script (for example, you have configured SHA-256 in the Technical information page of your PostFinance account while using SHA-1 in your encryption process).
- You have passed additional parameter/value pairs in the HTML form that have not been included in the SHA-IN calculation
- You have not included the SHA-IN passphrase after every name value pair, including the last parameter + value pair.
- unknown order/0/s/
You will receive this error message if the SHASIGN field sent in the transaction request is empty while a passphrase is entered in the "SHA-IN passphrase" field in the “Data and origin verification” tab of the Technical Information page of your PostFinance account, indicating you want to use a SHA signature with each transaction.
- unknown order/1/r/ (only PostFinance e-Commerce)
You will receive this error message if the referrer we detected is not a URL that is entered in the URL field in the “Checks for e-Commerce” section (PostFinance account > Configuration > Technical information > Data and origin verification). You're sending us the form with the hidden fields from a different page than the one(s) entered in the URL field in the “Checks for e-Commerce” section.
- unknown order/0/r/ (only PostFinance e-Commerce)
You will receive this error message if our server has not detected a referrer in the request we received. You're sending us order details, but we don't know where they originated from. Please ensure that no methods are being used that block the referrer information (payment page in pop-up, special web server configuration, customer’s browser configuration, etc.).
If the customer’s browser does not send the referrer information, we can bypass the referrer check if a SHASIGN is present and correct (see SHA-IN Signature).
- unknown order/1/i/ (only PostFinance DirectLink)
You will receive this error message if the IP address from which a request was sent is not an IP address that's entered in the IP address field of the "Data and origin verification" tab, checks for DirectLink section of your Technical Information page. You're sending us a request from a server that's different from the one(s) entered in the IP address field of the "Data and origin verification" tab, "Checks for PostFinance DirectLink"section.
- Connection to API feature not allowed for this user (only PostFinance DirectLink)
You will receive this error message if you have sent us a request with only the PSPID/password or PSPID/administrative user/password as login details. You need to create an API user to send requests to our server.
An API (Application programming interface)-user is a user specifically designed so that an application can send automatic requests to the payment platform.
- PSPID not found or not active
You will receive this error message if the value you have entered in the PSPID field does not exist in the respective environment (test or production), or the account has not yet been activated.
- no <parameter> (for instance: no PSPID)
You will receive this error message if the value you sent for the obligatory <parameter> field is empty.
- <parameter> too long (for instance: currency too long)
You will receive this error message if the value in your <parameter> field exceeds the maximum length.
- amount too long or not numeric: … OR Amount not a number
You will receive this error message if the amount you sent in the hidden fields either exceeds the maximum length, or contains invalid characters such as ‘.’ or ‘,’.
- not a valid currency : …
You will receive this error message if you've sent a transaction with a currency code which is incorrect or doesn't exist.
- The currency is not accepted by the merchant
You will receive this error message if you've sent a transaction in a currency that has not been registered in your account details.
- ERROR, PAYMENT METHOD NOT FOUND FOR: …
You will receive this error message if the value of the PM field you've sent in the hidden fields doesn't match any of the payment methods that are selected in your account, or that the payment method has not yet been activated in your Payment methods page.