Sage Pay

Server v2.1
for osCommerce Online Merchant v2.3

Sage Pay Server requires you to have your own server to communicate with our payment systems and to store additional transaction information. You won't need to handle card details but it is recommended that you get an SSL certificate. Shoppers will be redirected to Sage Pay's payment pages during the checkout process.

  • Collect and store additional transaction information on your server
  • Develop your own transaction reporting
  • Build your own automated transaction functions
  • Card details are handled by Sage Pay
  • Simplified PCI compliance requirements

Apply for a Sage Pay Account

Sage Pay Server is bundled with osCommerce Online Merchant and is also available as a separate Add-On package existing store owners can use to upgrade to.

The Sage Pay Server payment module supports the following features:

  • PayPal payments
  • SSL Certificate verified transactions


PayPal Payments

PayPal payments can be accepted as a payment method through Sage Pay. This requires PayPal to be added as a supported payment method to your Sage Pay account and your PayPal seller account to be linked to your Sage Pay account.

Please refer to Linking PayPal to Your Account for instructions on how to link PayPal to your account.

SSL Certificate Verified Transactions

All secured API transaction calls sent to Sage Pay are performed by verifying Sage Pay's SSL certificates to guarantee the identity of Sage Pay. This is performed by using the following public keys in order if they are available:

  • ext/modules/payment/sage_pay/
  • includes/cacert.pem (public key bundle)
  • the web server configured public key bundle

A test connection link is available on the payment module configuration page which can be used to test if API transaction calls to Sage Pay can be verified from your web server. If the test connection fails, please contact your hosting provider as they may need to update your web server configuration. The SSL certificate verification can also be disabled on the payment module configuration page however it is highly discouraged to disable.

Configuration Settings

Parameter Description Default
Enable Sage Pay Server Module Setting this parameter to True makes the payment method available to customers during the checkout procedure. True
Vendor Login Name The vendor login name used to connect to the transaction gateway with.
Profile Payment Page Profile page to use for the payment page.
Redirect the customer to the payment page hosted at Sage Pay.
Load the Sage Pay payment page through an iframe in the checkout procedure.
Transaction Method The following transaction methods are available to process transactions with:
The Authenticate transaction method only verifies the card and card holder using the 3D-Secure mechanism provided by the card-schemes and card issuing banks. Authorisations and Settlements of transactions are performed manually on the My Sage Pay Admin interface.
The Deferred transaction method verifies and authorises the transaction and is captured manually on the My Sage Pay Admin Interface.
The Payment transaction method verifies, authorises, and transfers the funds to your Merchant account via batch settlement.
Set Order Status The orders status will be updated to this value when a successful transaction has been made. Default Order Status
Transaction Order Status Transactions are logged in this private order status level. Sage Pay [Transactions]
Payment Zone If set, this payment method will only be available to orders made within the defined zone.
Transaction Server The following transaction servers are available to process transactions through:
The Live server is used in production environments to process and receive payments from customers.
The Test server is only used to test transactions with. No transactions are processed and no payments are made when transactions are being tested.
Verify SSL Certificate Verify Sage Pay's identity when API communication calls are sent. True
Proxy Server Send API communication calls through this proxy server.
Debug E-Mail Address Send invalid transaction parameters to this e-mail address.
Sort Order The position to show the payment method on the checkout payment page against other available payment methods.

Add-On Package

The separate Sage Pay Server Add-On package is available at:

Online Demonstration

An online demonstration is available at:

For the online demonstration, Sage Pay Server has been configured with Sage Pay's test server environment and requires a test payment card to purchase an order.

Manual Installation (as an Add-On)

After extracting the Add-On package, copy the files located in the catalog directory to your osCommerce installation directory on the server. The files must be copied in the correct directory structure as extracted from the Add-On package.

The file listing is as follows:

  • ext/modules/payment/sage_pay/checkout.php
  • ext/modules/payment/sage_pay/errors.php
  • ext/modules/payment/sage_pay/redirect.php
  • ext/modules/payment/sage_pay/server.php
  • includes/languages/english/modules/payment/sage_pay_server.php
  • includes/modules/payment/sage_pay_server.php

The standard language definitions in English are provided in the Add-On package. For additional languages, copy the English language definition file to the appropriate language directory and open the file with a text editor to edit the language definitions. The location of the language definition file must be in:

  • includes/languages/LANGUAGE/modules/payment/sage_pay_server.php

When the files have been copied to their appropriate locations, the payment module will be available on the Administration Tool -> Modules -> Payment -> Install Module page where it can be installed, or on the Administration Tool -> Modules -> Payment page if the module was already previously installed.

If the module was already previously installed, it is important to visit the module configuration page to make sure new parameters are automatically installed in the database.


v2.1 09-Jun-2014
v2.2 compatibility updates (jQuery is now injected into the page when it has not been loaded).
v2.0 01-Jun-2014
Use API 3.00.
Use a stateless NotificationURL to verify transactions.
Label public title with test tag when in testing mode.
Allow debug transaction information to be sent in an e-mail for failed transactions.
Include transaction information in a private order status level.
Add Test API Server Connection link in module configuration page.
Verify SSL connections with public key certificate.
v1.2 07-Sep-2012
Fixed generated URLs (tep_href_link() produces & in URLs which need to be replaced with & in the payment module)
v1.1 01-Sep-2009
Fixed Live/Production Transaction Server parameter value to "Live".
Added "SWITCH" to the verification of the "CardType" parameter (this was not noted in the API documentation)
v1.0 28-Aug-2009
Initial Release