Everyone

2Checkout

How to configure the 2Checkout (now Verifone) payment gateway in Opterius Commerce, including HMAC-signed URLs and IPN webhooks.

Last updated 1776211200

Prerequisites

  • A 2Checkout (Verifone) merchant account
  • Commerce accessible over a publicly reachable HTTPS URL

Configuration

Go to Admin → Settings → Payment Gateways → 2Checkout and fill in:

Field Notes
Seller ID Your numeric 2Checkout account ID
Secret Key Your 2Checkout secret key for HMAC signing

Click Save and enable the 2Checkout toggle.

Getting Your Credentials

  1. Log in to the 2Checkout Dashboard (now branded as Verifone)
  2. Go to Integrations → Webhooks & API
  3. Copy your Seller ID (numeric, shown in the page header and integration settings)
  4. To get or generate the Secret Key: navigate to Integrations → Webhooks & API → Secret Key and copy or regenerate it

[!WARNING] Regenerating the Secret Key immediately invalidates the old one. If you regenerate it, update Commerce immediately — in-flight payments that use the old signature will fail until the new key is saved.

Setting Up the IPN Webhook

2Checkout uses IPN (Instant Payment Notification) webhooks to confirm completed orders.

  1. In 2Checkout Dashboard, go to Integrations → Webhooks
  2. Add a new webhook URL: https://yourdomain.com/webhooks/twocheckout
  3. Enable the Order Created event (and optionally Refund Issued)
  4. Save

[!IMPORTANT] The webhook URL slug is twocheckout (no space, no special characters). Commerce registers this route automatically.

How 2Checkout Payments Work

2Checkout uses a redirect flow with HMAC-MD5 signed URL:

  1. Commerce builds a payment URL including all order parameters (seller ID, invoice amount, product description, return URLs)
  2. The URL is signed with an HMAC-MD5 hash using your Secret Key — this prevents tampering
  3. The client is redirected to the 2Checkout payment page
  4. The client enters their payment details on 2Checkout's hosted page
  5. After payment, 2Checkout redirects the client back to Commerce
  6. 2Checkout fires the IPN webhook to https://yourdomain.com/webhooks/twocheckout
  7. Commerce verifies the IPN signature, confirms the order matches the invoice, and marks the invoice paid

[!TIP] Invoice confirmation happens via the IPN webhook, not the return redirect. Clients who close the tab immediately after payment will still have their invoice marked paid once the IPN arrives (usually within a few seconds).

HMAC Signature Verification

Every IPN notification from 2Checkout includes a HASH parameter. Commerce recomputes the HMAC-MD5 over the concatenated IPN fields using your Secret Key and compares it to the received hash. If they do not match, the webhook is rejected with a 400 status and the invoice is not marked paid.

If invoices are not being marked paid after 2Checkout redirects, check storage/logs/laravel.log for signature mismatch errors — this usually means the Secret Key in Commerce does not match the one in your 2Checkout account.

Refunds

Refunds are processed via the 2Checkout API 6.0 through Commerce's refund interface (Admin → Invoice → Payments → Refund). Partial and full refunds are supported.

Sandbox Testing

  1. Create a 2Checkout sandbox account at sandbox.2checkout.com
  2. Get sandbox credentials (Seller ID and Secret Key) from the sandbox dashboard
  3. Enter sandbox credentials in Commerce settings
  4. Test payments go to sandbox.2checkout.com automatically when sandbox credentials are detected

Test card for 2Checkout sandbox:

Field Value
Card number 4111 1111 1111 1111
Expiry Any future date
CVV 123

Supported Currencies

2Checkout supports a wide range of currencies and handles currency conversion for international buyers. Set your preferred settlement currency in the 2Checkout Dashboard under Account → Currency.

Related Topics

Previous
← Mollie
Next
Authorize.net →