General Technical Information on WAP payment

Summary
  1. How to install the access script
    1. Form optional fields
  2. How to test the payment script
    1. Picture 1: Access button to script
    2. Picture 2: Access script to paid-access product
  3. Securing your paid-access area
    1. How it works
      1. Picture 3: Publishing of the WAP document
    2. Securing a paid-access product
    3. Securing a paid-access area
  4. Errors and return codes
  1. How to install the access script

    The script provided is merely a form. It contains the information needed to display the pricepoints that you selected, and the code-capturing fields.

    Example: a form in format WML:

      <p>
        <anchor>
          Pay with Allopass
          <go href="http://wap.allopass.com/access/script.wml" method="post">
            <postfield name="SITE_ID" value="xxxxxx" />
            <postfield name="DOC_ID" value="xxxxxx" />
    
            <postfield name="LG_SCRIPT" value="uk" />
          </go>
        </anchor>
      </p>
      

    Example: form in format XHTML Mobile ou i-mode:

      <form action="http://wap.allopass.com/access/script.wml" method="post">
        <input type="hidden" name="SITE_ID" value="xxxxxx" />
        <input type="hidden" name="DOC_ID" value="xxxxxx" />
        <input type="hidden" name="LG_SCRIPT" value="uk" />
        <input type="submit" value="Pay with allopass" />
    
      </form>
      

    This field must contain at least 3 fields:

    • The SITE_ID field contains the Allopass ID of your site.
    • The DOC_ID field contains the Allopass ID of your protected product (=protected document).
    • The LG_SCRIPT field contains the displaying language of the script.

    NOTE:

    In previous examples,the value "xxxxxx" should be replaced by the Allopass ID of your site for the field SITE_ID and by the Allopass ID of your protected product (document) for the field DOC_ID.

    The values of these fields are provided in the standard script (see page "Product Script Setup" in the section "My Products").

    Form Submit URL:

    When this form is submitted, this data is sent to the URL http://wap.allopass.com/access/script.wml.

    IMPORTANT:

    Certain mobile platforms reject lengthy URLs, it is mandatory to submit the data with the method "post".

    1. Form optional fields

      You can add several optional fields to this form, which are not present in the standard script. These hidden fields (thus of the HIDDEN type) must respect the format requirements for the type of content of your WAP site.

      For a site in WMLformat :

        <postfield name="RECALL" value="1" />
      
        

      For a site in XHTML format, Mobile or i-mode:

        <input type="hidden" name="RECALL" value="1" />
      
        

      The optional fields that you can add to this form are identical to those used for One-Time payment scripts. Consult the list of optional fields.

  2. How to test the access script

    Once you are done with installing the script, a "Pay with Allopass" button should display on your access page (see Picture 1 below).

    Picture 1: Access button to script
    Illustration 1

    When clicking the "Pay with Allopass" button, your visitors are redirected to a script hosted on our servers (see Picture 2 below). This script enables your customer to dial the surcharged number associated to the country they selected, and to insert their Allopass code. Once the code is validated, your customers will be able to consult your paid-content.

    NOTE:

    Just before the access script to your paid-content displays, a standard disclaimer will appear and state that: Access to surcharged numbers is reserved to major persons.

    If you dispose of our own disclaimer and wish to deactivate Allopass one, you must ask our customer support first at: contact@allopass.com.

    Picture 2: Access Script to paid-document (product)
    Illustration 2

    If you are redirected to an error page "Script unavailable" instead of your access script, it means that your form was ill-installed (see: Product Script Setup). This error page displays the list of error codes which meaning is explained in section Errors and return codes.

  3. Securing a paid-access product

    You can secure access to your paid-product by checking the Allopass platform. This requires specific manipulations, as explained hereafter.

    1. How it works

      The goal is to prevent visitors from accessing your product without prior checking by the Allopass code capturing form.
      To do so, you must use the RECALL optional field so as to pass to your return page the Allopass code(s) nserted.

      Once your return page has received this information, you dispose of 1 minute to check the validity of the code(s) by checking our platform.

      Illustration 3: Edition de documents WAP
      Illustration 3

      You can send a HTTP request to a script hosted on our platform in order to check the validity of the code(s).

      This script is available at the followingURL :

      http://www.allopass.com/check/vf.php4

      and takes two parameters:

      • CODE contains the code(s) to be checked
      • AUTH contains the ID of your product (document) (see. picture 3)

      The server can answer:

      OK
      Valid code
      NOK
      Erroneous code
      ERR
      The request was not understood (The ID of your document may be erroneous).

      For more details, see the PHP example below .

    2. Securing a paid-access product

      Your access form displays as:

      In WML:

        <p>
          <anchor>
            Pay with allopass
            <go href="http://wap.allopass.com/access/script.wml" method="post">
              <postfield name="SITE_ID" value="12" />
              <postfield name="DOC_ID" value="34" />
      
              <postfield name="LG_SCRIPT" value="uk" />
              <postfield name="RECALL" value="1" />
            </go>
          </anchor>
        </p>
        

      In XHTML Mobile or i-mode:

        <form action="http://wap.allopass.com/access/script.wml" method="post">
          <input type="hidden" name="SITE_ID" value="12" />
          <input type="hidden" name="DOC_ID" value="34" />
      
          <input type="hidden" name="LG_SCRIPT" value="uk" />
          <input type="hidden" name="RECALL" value="1" />
          <input type="submit" value="Payer par allopass" />
        </form>
        

      If your product (return page) is a script named return.php, this script will be called when a valid code is inserted. You'll find there the variable HTTP named RECALL, of the GET type, which contains the code inserted.

      Here is how the up-end of your script should look like return.php:

      <?php
      
        session_start();
      
        $RECALL = !empty( $_GET["RECALL"] ) ? trim( $_GET["RECALL"] ) : false;
      
        if( $RECALL === false )
        {
          // Missing RECALL parameter
      
          // Customer is redirected to an error page
      
          header( "Location: 
      
      http://mobile.mydomain.com/error.wml" );
          exit(1);
        }
      
        // $RECALL contains the access code(s)
      
        // $AUTH contains the ID of your document (product)(see. Picture 3)
      
        $RECALL = urlencode( $RECALL );
        $AUTH = urlencode( "1234/5678/91011" );
      
      
      
        /**
         * Consult Allopass platform to check the code(s) collected
         * in $RECALL. The content of the variable $result will look like a table 
         * in the format below:
         * 
         * // In case of 1-code product
         * 
         *   Array( 0 => "OK", 1 => "FR" );
         * 
         * // In case of a multicode product (2 codes)
         * 
         *   Array(
         *     0 => "OK", 
         *     1 => "FR", 
         *     2 => "OK", 
         *     3 => "FR"
         *   );
         *
         * in $result[1] and $result[3] you'll have the code of the customer's country (FR, BE, UK, DE, CH, CA, LU, IT, 
      
      ES, AT, ...)
         */
      
      
        $scriptURL = "http://www.allopass.com/check/vf.php4";
        $result = @file( "{$scriptURL}?
      
      CODE={$RECALL}&AUTH={$AUTH}" );
      
        // testing of the server answer
      
        for( $lineIndex = 0; 
      
      $lineIndex < sizeof( $result ); $lineIndex+=2 )
        {
           if( trim( $result[$lineIndex] ) != "OK" ) 
           {
              // The server answered ERR or NOK
      
              // Access is denied
      
              header( "Location: 
      
      http://mobile.mydomain.com/error.wml" );
              exit(1);
           }
        }
      
       
        /**
         * The code is valid !
         * A session variable named CODE_OK is initiated, with  
         * value 1. In the following pages, you'll just have to test the 
         * presence of this variable. If present, the 
         * customer is authorized, otherwise they'll be redirected to an error page.
         */
      
      
      
        $_SESSION["CODE_OK"] = "1";
      
      ?>
      
    3. Securing a paid-access area

      In the paid-access area's page, you can check if the session variable (CODE_OK) initiated in your return page is present (see Securing a paid-access product).

      <?php
      
        session_start();
      
        if( !isset( $_SESSION
      
      ["CODE_OK"] ) || $_SESSION["CODE_OK"] != "1" )
        {
           // The session variable CODE_OK is not initiated
      
           // or isn't equal to 1. Access is denied.
      
           header( "Location: 
      
      http://mobile.mydomain.com/error.wml" );
           exit(1);
        }
      
      ?>
      
      
  4. Errors and return codes

    Code Signification
    210x Format issues affecting optional fields
    2100 NDEfield is not valid
    2101 RECALLfield is not valid
    2102 RECALL_CA field is not valid
    2103 DATAS field is not valid
    2104 AP_CA field is not valid
    2105 AP_CA_IDCn, AP_CA_MNTn and AP_CA_MAPn fields are wrongly configured
    2106 AP_CA_IDCnfield is not valid
    2107 AP_CA_MNTnfield is not valid
    2108 AP_CA_MAPn field is not valid
    211x Missing mandatory fields
    2110 unspecified site ID ( SITE_ID field )
    2111 unspecified document ID ( DOC_ID field )
    2112 unspecified script language ( LG_SCRIPT field )