I just received an email this morning from SagePay to warn of their latest payment system update. For those of you who don’t know – SagePay is the (relatively) new name for ProtX since Sage bought them. ProtX developed a system back in 2008 called VSP Access, which was designed to allow you to programmatically access payment details for payments that have been put through using one of their payment systems (Form, Server or Direct (previously VSP Form, VSP Server and VSP Direct)). For some reason, ProtX used to be downright secretive about this system and were difficult to get the information out of about it. However, this is very useful for one of my clients as it allows us to confirm payments have actually gone through, keep track of refunds and spot any that somehow made it through without being logged by any of my systems (I don’t think that has ever actually happened, but it is a good double-check). They use that report for entering payments into their accounts software.
Anyway, back to the email I got today… SagePay are warning that they are upgrading their systems between 27th and 29th August and first of all, if anyone has IP addresses of their payment gateways hard coded, they need to update them (sounds like a bad idea anyway), and secondly, to say that if anyone is using the Reporting and Admin API then please check the Reporting and Admin API Protocol document (linked to in the email) as the code may need updating.
First of all, a couple of minor observations: -
- They are allowing 14 days notice to make these changes. That isn’t a great deal of time as many systems have a schedule of upgrades that are rolled out. If anyone is in the middle of a big upgrade that could be a real pain in the neck.
- The new name is rubbish – which marketing guy thought that “Reporting and Admin API” is easier to remember than “Access”?
However, that’s not the real problem. The real problem came when I looked at the document.
The document says
All requests are sent to one gateway at address:
https://test.sagepay.com/access/access.htm (Test)https://live.sagepay.com/access/access.htm (Live)
The XML field will contain the XML message, which always takes the following format:<vspReporting and Admin API><command>whatever</command><vendor>Vendor Name</vendor><user>User name</user><other command specific parameters in here…./><signature>MD5 Hash Signature</signature></vspReporting and Admin API>