Generating the payment request form using Perl

To generate the payment request form using Perl please see the code below:

#!/usr/bin/perl -w

use strict;

# Prerequisites
# In order to be able to calculate the HMAC MD5 digest, we use a function hmac_md5_hex below.
#  1. Install Digest::MD5 from
#  2. Install Digest::HMAC_MD5 from
# Other perl packages may be available
# With CPAN :
# (sudo) perl -MCPAN -e shell;
# install Digest::MD5
# install Digest::HMAC_MD5
# install Digest::SHA1
# exit
# Note: Digest::SHA1
# this will also install Digest::HMAC_SHA1

use Digest::HMAC_SHA1 qw(hmac_sha1_hex);

print "content-type: text/html\n\n";

print <<END_HEADER;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "" >
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      Hosted Checkout: Sample Perl Payment Form with SHA-1
    <style type="text/css">
      label {
          display: block;
          margin: 5px 0px;
          color: #AAA;
       input {
          display: block;
       input[type=submit] {
          margin-top: 20px;


    Hosted Checkout: Sample Perl Payment Form with SHA-1

  <form action="" method="POST">

      my $x_amount = "595.99";
      my $x_login = "WSP-#####-##";  # Take from Payment Page ID in Payment Pages interface
      my $transaction_key = "###############"; # Take from Payment Pages configuration interface
      my $x_currency_code = "CAD"; # Needs to agree with the currency of the payment page
      my $x_fp_sequence = int(rand 5000) + 1000;
      my $x_fp_timestamp = time; #  needs to be in UTC. Make sure webserver produces UTC

      #  The values that contribute to x_fp_hash
      my $hmac_data = $x_login . "^" . $x_fp_sequence . "^" . $x_fp_timestamp . "^" . $x_amount . "^" . $x_currency_code;

      my $x_fp_hash = hmac_sha1_hex($hmac_data, $transaction_key);

      print('<label>x_login</label> <input name="x_login" value="' . $x_login . '">' );
      print('<label>x_amount</label> <input name="x_amount" value="' . $x_amount . '">' );
      print('<label>x_fp_sequence</label> <input name="x_fp_sequence" value="' . $x_fp_sequence . '">' );
      print('<label>x_fp_timestamp</label> <input name="x_fp_timestamp" value="' . $x_fp_timestamp . '">' );
      print('<label>x_fp_hash (with SHA-1)</label> <input name="x_fp_hash" value="' . $x_fp_hash . '" size="50">' );
      print('<label>x_currency_code</label> <input type="hidden" name="x_currency_code" value="' . $x_currency_code . '">');

     print <<END_REST
      <input type="hidden" name="x_show_form" value="PAYMENT_FORM">
      <input type="hidden" name="x_test_request" value="TRUE">

      <input type="submit" value="Pay with Hosted Checkout">

Have more questions? Submit a request


  • 0

    Is it necessary to use Digest::HMAC_MD5? Also not installed on my server, and I am not able to add additional modules.

  • 0

    It says on the payment pages set up, that the encryption type can be either MD5 or SHA1. I guess I'm confused about integration it HMAC isn't available.

  • 0
    Support E-xact

    Hi there,

    An HMAC is required, whether you choose MD5 or SHA1 as the hashing algorithm.  Digest::HMAC may not be the only Perl implementation around, but you'd need to install a library at any rate (unless you want to try rolling your own! :)

    E-xact Support

Please sign in to leave a comment.
Powered by Zendesk