active_accountability_merchant 1.97.1

data/lib/active_merchant/billing/gateways/payeezy.rb

@@ -0,0 +1,410 @@
+module ActiveMerchant
+  module Billing
+    class PayeezyGateway < Gateway
+      class_attribute :integration_url
+
+      self.test_url = 'https://api-cert.payeezy.com/v1'
+      self.integration_url = 'https://api-cat.payeezy.com/v1'
+      self.live_url = 'https://api.payeezy.com/v1'
+
+      self.default_currency = 'USD'
+      self.money_format = :cents
+      self.supported_countries = %w(US CA)
+
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :jcb, :diners_club]
+
+      self.homepage_url = 'https://developer.payeezy.com/'
+      self.display_name = 'Payeezy'
+
+      CREDIT_CARD_BRAND = {
+        'visa' => 'Visa',
+        'master' => 'Mastercard',
+        'american_express' => 'American Express',
+        'discover' => 'Discover',
+        'jcb' => 'JCB',
+        'diners_club' => 'Diners Club'
+      }
+
+      def initialize(options = {})
+        requires!(options, :apikey, :apisecret, :token)
+        super
+      end
+
+      def purchase(amount, payment_method, options = {})
+        params = payment_method.is_a?(String) ? { transaction_type: 'recurring' } : { transaction_type: 'purchase' }
+
+        add_invoice(params, options)
+        add_reversal_id(params, options)
+        add_payment_method(params, payment_method, options)
+        add_address(params, options)
+        add_amount(params, amount, options)
+        add_soft_descriptors(params, options)
+        add_stored_credentials(params, options)
+
+        commit(params, options)
+      end
+
+      def authorize(amount, payment_method, options = {})
+        params = {transaction_type: 'authorize'}
+
+        add_invoice(params, options)
+        add_reversal_id(params, options)
+        add_payment_method(params, payment_method, options)
+        add_address(params, options)
+        add_amount(params, amount, options)
+        add_soft_descriptors(params, options)
+        add_stored_credentials(params, options)
+
+        commit(params, options)
+      end
+
+      def capture(amount, authorization, options = {})
+        params = {transaction_type: 'capture'}
+
+        add_authorization_info(params, authorization)
+        add_amount(params, amount, options)
+        add_soft_descriptors(params, options)
+
+        commit(params, options)
+      end
+
+      def refund(amount, authorization, options = {})
+        params = {transaction_type: 'refund'}
+
+        add_authorization_info(params, authorization)
+        add_amount(params, (amount || amount_from_authorization(authorization)), options)
+
+        commit(params, options)
+      end
+
+      def store(payment_method, options = {})
+        params = {transaction_type: 'store'}
+
+        add_creditcard_for_tokenization(params, payment_method, options)
+
+        commit(params, options)
+      end
+
+      def void(authorization, options = {})
+        params = {transaction_type: 'void'}
+
+        add_authorization_info(params, authorization, options)
+        add_amount(params, amount_from_authorization(authorization), options)
+
+        commit(params, options)
+      end
+
+      def verify(credit_card, options={})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(0, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Token: )(\w|-)+), '\1[FILTERED]').
+          gsub(%r((Apikey: )(\w|-)+), '\1[FILTERED]').
+          gsub(%r((\\?"card_number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r((\\?"cvv\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r((\\?"account_number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r((\\?"routing_number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r((\\?card_number=)\d+(&?)), '\1[FILTERED]').
+          gsub(%r((\\?cvv=)\d+(&?)), '\1[FILTERED]').
+          gsub(%r((\\?apikey=)\w+(&?)), '\1[FILTERED]').
+          gsub(%r{(\\?"credit_card\.card_number\\?":)(\\?"[^"]+\\?")}, '\1[FILTERED]').
+          gsub(%r{(\\?"credit_card\.cvv\\?":)(\\?"[^"]+\\?")}, '\1[FILTERED]').
+          gsub(%r{(\\?"apikey\\?":)(\\?"[^"]+\\?")}, '\1[FILTERED]')
+      end
+
+      private
+
+      def add_invoice(params, options)
+        params[:merchant_ref] = options[:order_id]
+      end
+
+      def add_reversal_id(params, options)
+        params[:reversal_id] = options[:reversal_id] if options[:reversal_id]
+      end
+
+      def amount_from_authorization(authorization)
+        authorization.split('|').last.to_i
+      end
+
+      def add_authorization_info(params, authorization, options = {})
+        transaction_id, transaction_tag, method, _ = authorization.split('|')
+        params[:method] = method == 'token' ? 'credit_card' : method
+
+        if options[:reversal_id]
+          params[:reversal_id] = options[:reversal_id]
+        else
+          params[:transaction_id] = transaction_id
+          params[:transaction_tag] = transaction_tag
+        end
+      end
+
+      def add_creditcard_for_tokenization(params, payment_method, options)
+        params[:apikey] = @options[:apikey]
+        params[:ta_token] = options[:ta_token]
+        params[:type] = 'FDToken'
+        params[:credit_card] = add_card_data(payment_method)
+        params[:auth] = 'false'
+      end
+
+      def is_store_action?(params)
+        params[:transaction_type] == 'store'
+      end
+
+      def add_payment_method(params, payment_method, options)
+        if payment_method.is_a? Check
+          add_echeck(params, payment_method, options)
+        elsif payment_method.is_a? String
+          add_token(params, payment_method, options)
+        else
+          add_creditcard(params, payment_method)
+        end
+      end
+
+      def add_echeck(params, echeck, options)
+        tele_check = {}
+
+        tele_check[:check_number] = echeck.number || '001'
+        tele_check[:check_type] = 'P'
+        tele_check[:routing_number] = echeck.routing_number
+        tele_check[:account_number] = echeck.account_number
+        tele_check[:accountholder_name] = "#{echeck.first_name} #{echeck.last_name}"
+        tele_check[:customer_id_type] = options[:customer_id_type] if options[:customer_id_type]
+        tele_check[:customer_id_number] = options[:customer_id_number] if options[:customer_id_number]
+        tele_check[:client_email] = options[:client_email] if options[:client_email]
+
+        params[:method] = 'tele_check'
+        params[:tele_check] = tele_check
+      end
+
+      def add_token(params, payment_method, options)
+        token = {}
+        token[:token_type] = 'FDToken'
+
+        type, cardholder_name, exp_date, card_number = payment_method.split('|')
+
+        token[:token_data] = {}
+        token[:token_data][:type] = type
+        token[:token_data][:cardholder_name] = cardholder_name
+        token[:token_data][:value] = card_number
+        token[:token_data][:exp_date] = exp_date
+        token[:token_data][:cvv] = options[:cvv] if options[:cvv]
+
+        params[:method] = 'token'
+        params[:token] = token
+      end
+
+      def add_creditcard(params, creditcard)
+        credit_card = add_card_data(creditcard)
+
+        params[:method] = 'credit_card'
+        params[:credit_card] = credit_card
+      end
+
+      def add_card_data(payment_method)
+        card = {}
+        card[:type] = CREDIT_CARD_BRAND[payment_method.brand]
+        card[:cardholder_name] = payment_method.name
+        card[:card_number] = payment_method.number
+        card[:exp_date] = format_exp_date(payment_method.month, payment_method.year)
+        card[:cvv] = payment_method.verification_value if payment_method.verification_value?
+        card
+      end
+
+      def format_exp_date(month, year)
+        "#{format(month, :two_digits)}#{format(year, :two_digits)}"
+      end
+
+      def add_address(params, options)
+        address = options[:billing_address]
+        return unless address
+
+        billing_address = {}
+        billing_address[:street] = address[:address1] if address[:address1]
+        billing_address[:city] = address[:city] if address[:city]
+        billing_address[:state_province] = address[:state] if address[:state]
+        billing_address[:zip_postal_code] = address[:zip] if address[:zip]
+        billing_address[:country] = address[:country] if address[:country]
+
+        params[:billing_address] = billing_address
+      end
+
+      def add_amount(params, money, options)
+        params[:currency_code] = (options[:currency] || default_currency).upcase
+        params[:amount] = amount(money)
+      end
+
+      def add_soft_descriptors(params, options)
+        params[:soft_descriptors] = options[:soft_descriptors] if options[:soft_descriptors]
+      end
+
+      def add_stored_credentials(params, options)
+        if options[:sequence]
+          params[:stored_credentials] = {}
+          params[:stored_credentials][:cardbrand_original_transaction_id] = options[:cardbrand_original_transaction_id] if options[:cardbrand_original_transaction_id]
+          params[:stored_credentials][:sequence] = options[:sequence]
+          params[:stored_credentials][:initiator] = options[:initiator] if options[:initiator]
+          params[:stored_credentials][:is_scheduled] = options[:is_scheduled]
+          params[:stored_credentials][:auth_type_override] = options[:auth_type_override] if options[:auth_type_override]
+        end
+      end
+
+      def commit(params, options)
+        url = base_url(options) + endpoint(params)
+
+        if transaction_id = params.delete(:transaction_id)
+          url = "#{url}/#{transaction_id}"
+        end
+
+        begin
+          response = api_request(url, params)
+        rescue ResponseError => e
+          response = response_error(e.response.body)
+        rescue JSON::ParserError
+          response = json_error(e.response.body)
+        end
+
+        Response.new(
+          success_from(response),
+          handle_message(response, success_from(response)),
+          response,
+          test: test?,
+          authorization: authorization_from(params, response),
+          avs_result: {code: response['avs']},
+          cvv_result: response['cvv2'],
+          error_code: error_code(response, success_from(response))
+        )
+      end
+
+      def base_url(options)
+        if options[:integration]
+          integration_url
+        elsif test?
+          test_url
+        else
+          live_url
+        end
+      end
+
+      def endpoint(params)
+        is_store_action?(params) ? '/transactions/tokens' : '/transactions'
+      end
+
+      def api_request(url, params)
+        body = params.to_json
+        parse(ssl_post(url, body, headers(body)))
+      end
+
+      def post_data(params)
+        return nil unless params
+        params.reject { |k, v| v.blank? }.collect { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
+      end
+
+      def generate_hmac(nonce, current_timestamp, payload)
+        message = [
+          @options[:apikey],
+          nonce.to_s,
+          current_timestamp.to_s,
+          @options[:token],
+          payload
+        ].join('')
+        hash = Base64.strict_encode64(OpenSSL::HMAC.hexdigest('sha256', @options[:apisecret], message))
+        hash
+      end
+
+      def headers(payload)
+        nonce = (SecureRandom.random_number * 10_000_000_000)
+        current_timestamp = (Time.now.to_f * 1000).to_i
+        {
+          'Content-Type' => 'application/json',
+          'apikey' => options[:apikey],
+          'token' => options[:token],
+          'nonce' => nonce.to_s,
+          'timestamp' => current_timestamp.to_s,
+          'Authorization' => generate_hmac(nonce, current_timestamp, payload)
+        }
+      end
+
+      def error_code(response, success)
+        return if success
+        response['Error'].to_h['messages'].to_a.map { |e| e['code'] }.join(', ')
+      end
+
+      def success_from(response)
+        if response['transaction_status']
+          response['transaction_status'] == 'approved'
+        elsif response['results']
+          response['results']['status'] == 'success'
+        elsif response['status']
+          response['status'] == 'success'
+        else
+          false
+        end
+      end
+
+      def handle_message(response, success)
+        if success && response['status'].present?
+          'Token successfully created.'
+        elsif success
+          "#{response['gateway_message']} - #{response['bank_message']}"
+        elsif %w(401 403).include?(response['code'])
+          response['message']
+        elsif response.key?('Error')
+          response['Error']['messages'].first['description']
+        elsif response.key?('results')
+          response['results']['Error']['messages'].first['description']
+        elsif response.key?('error')
+          response['error']
+        elsif response.key?('fault')
+          response['fault'].to_h['faultstring']
+        else
+          response['bank_message'] || response['gateway_message'] || 'Failure to successfully create token.'
+        end
+      end
+
+      def authorization_from(params, response)
+        if is_store_action?(params)
+          if success_from(response)
+            [
+              response['token']['type'],
+              response['token']['cardholder_name'],
+              response['token']['exp_date'],
+              response['token']['value']
+            ].join('|')
+          else
+            nil
+          end
+        else
+          [
+            response['transaction_id'],
+            response['transaction_tag'],
+            params[:method],
+            response['amount']&.to_i
+          ].join('|')
+        end
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def response_error(raw_response)
+        parse(raw_response)
+      rescue JSON::ParserError
+        json_error(raw_response)
+      end
+
+      def json_error(raw_response)
+        {'error' => "Unable to parse response: #{raw_response.inspect}"}
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/payex.rb

@@ -0,0 +1,410 @@
+require 'nokogiri'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class PayexGateway < Gateway
+      class_attribute :live_external_url, :test_external_url, :live_confined_url, :test_confined_url
+
+      self.live_external_url = 'https://external.payex.com/'
+      self.test_external_url = 'https://test-external.payex.com/'
+
+      self.live_confined_url = 'https://confined.payex.com/'
+      self.test_confined_url = 'https://test-confined.payex.com/'
+
+      self.money_format = :cents
+      self.supported_countries = ['DK', 'FI', 'NO', 'SE']
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover]
+      self.homepage_url = 'http://payex.com/'
+      self.display_name = 'Payex'
+      self.default_currency = 'EUR'
+
+      TRANSACTION_STATUS = {
+        sale:       '0',
+        initialize: '1',
+        credit:     '2',
+        authorize:  '3',
+        cancel:     '4',
+        failure:    '5',
+        capture:    '6',
+      }
+
+      SOAP_ACTIONS = {
+        initialize: { name: 'Initialize8', url: 'pxorder/pxorder.asmx', xmlns: 'http://external.payex.com/PxOrder/' },
+        purchasecc: { name: 'PurchaseCC', url: 'pxconfined/pxorder.asmx', xmlns: 'http://confined.payex.com/PxOrder/', confined: true},
+        cancel: { name: 'Cancel2', url: 'pxorder/pxorder.asmx', xmlns: 'http://external.payex.com/PxOrder/' },
+        capture: { name: 'Capture5', url: 'pxorder/pxorder.asmx', xmlns: 'http://external.payex.com/PxOrder/' },
+        credit: { name: 'Credit5', url: 'pxorder/pxorder.asmx', xmlns: 'http://external.payex.com/PxOrder/' },
+        create_agreement: { name: 'CreateAgreement3', url: 'pxagreement/pxagreement.asmx', xmlns: 'http://external.payex.com/PxAgreement/' },
+        delete_agreement: { name: 'DeleteAgreement', url: 'pxagreement/pxagreement.asmx', xmlns: 'http://external.payex.com/PxAgreement/' },
+        autopay: { name: 'AutoPay3', url: 'pxagreement/pxagreement.asmx', xmlns: 'http://external.payex.com/PxAgreement/' },
+      }
+
+      def initialize(options = {})
+        requires!(options, :account, :encryption_key)
+        super
+      end
+
+      # Public: Send an authorize Payex request
+      #
+      # amount         - The monetary amount of the transaction in cents.
+      # payment_method - The Active Merchant payment method or the +store+ authorization for stored transactions.
+      # options        - A standard ActiveMerchant options hash:
+      #                  :currency          - Three letter currency code for the transaction (default: "EUR")
+      #                  :order_id          - The unique order ID for this transaction (required).
+      #                  :product_number    - The merchant product number (default: '1').
+      #                  :description       - The merchant description for this product (default: The :order_id).
+      #                  :ip                - The client IP address (default: '127.0.0.1').
+      #                  :vat               - The vat amount (optional).
+      #
+      # Returns an ActiveMerchant::Billing::Response object
+      def authorize(amount, payment_method, options = {})
+        requires!(options, :order_id)
+        amount = amount(amount)
+        if payment_method.respond_to?(:number)
+          # credit card authorization
+          MultiResponse.new.tap do |r|
+            r.process { send_initialize(amount, true, options) }
+            r.process { send_purchasecc(payment_method, r.params['orderref']) }
+          end
+        else
+          # stored authorization
+          send_autopay(amount, payment_method, true, options)
+        end
+      end
+
+      # Public: Send a purchase Payex request
+      #
+      # amount         - The monetary amount of the transaction in cents.
+      # payment_method - The Active Merchant payment method or the +store+ authorization for stored transactions.
+      # options        - A standard ActiveMerchant options hash:
+      #                  :currency          - Three letter currency code for the transaction (default: "EUR")
+      #                  :order_id          - The unique order ID for this transaction (required).
+      #                  :product_number    - The merchant product number (default: '1').
+      #                  :description       - The merchant description for this product (default: The :order_id).
+      #                  :ip                - The client IP address (default: '127.0.0.1').
+      #                  :vat               - The vat amount (optional).
+      #
+      # Returns an ActiveMerchant::Billing::Response object
+      def purchase(amount, payment_method, options = {})
+        requires!(options, :order_id)
+        amount = amount(amount)
+        if payment_method.respond_to?(:number)
+          # credit card purchase
+          MultiResponse.new.tap do |r|
+            r.process { send_initialize(amount, false, options) }
+            r.process { send_purchasecc(payment_method, r.params['orderref']) }
+          end
+        else
+          # stored purchase
+          send_autopay(amount, payment_method, false, options)
+        end
+      end
+
+      # Public: Capture money from a previously authorized transaction
+      #
+      # money - The amount to capture
+      # authorization - The authorization token from the authorization request
+      #
+      # Returns an ActiveMerchant::Billing::Response object
+      def capture(money, authorization, options = {})
+        amount = amount(money)
+        send_capture(amount, authorization)
+      end
+
+      # Public: Voids an authorize transaction
+      #
+      # authorization - The authorization returned from the successful authorize transaction.
+      # options        - A standard ActiveMerchant options hash
+      #
+      # Returns an ActiveMerchant::Billing::Response object
+      def void(authorization, options={})
+        send_cancel(authorization)
+      end
+
+      # Public: Refunds a purchase transaction
+      #
+      # money - The amount to refund
+      # authorization - The authorization token from the purchase request.
+      # options        - A standard ActiveMerchant options hash:
+      #                  :order_id          - The unique order ID for this transaction (required).
+      #                  :vat_amount        - The vat amount (optional).
+      #
+      # Returns an ActiveMerchant::Billing::Response object
+      def refund(money, authorization, options = {})
+        requires!(options, :order_id)
+        amount = amount(money)
+        send_credit(authorization, amount, options)
+      end
+
+      # Public: Stores a credit card and creates a Payex agreement with a customer
+      #
+      # creditcard - The credit card to store.
+      # options    - A standard ActiveMerchant options hash:
+      #               :order_id          - The unique order ID for this transaction (required).
+      #               :merchant_ref      - A reference that links this agreement to something the merchant takes money for (default: '1')
+      #               :currency          - Three letter currency code for the transaction (default: "EUR")
+      #               :product_number    - The merchant product number (default: '1').
+      #               :description       - The merchant description for this product (default: The :order_id).
+      #               :ip                - The client IP address (default: '127.0.0.1').
+      #               :max_amount        - The maximum amount to allow to be charged (default: 100000).
+      #               :vat               - The vat amount (optional).
+      #
+      # Returns an ActiveMerchant::Billing::Response object where the authorization is set to the agreement_ref which is used for stored payments.
+      def store(creditcard, options = {})
+        requires!(options, :order_id)
+        amount = amount(1) # 1 cent for authorization
+        MultiResponse.run(:first) do |r|
+          r.process { send_create_agreement(options) }
+          r.process { send_initialize(amount, true, options.merge({agreement_ref: r.authorization})) }
+          order_ref = r.params['orderref']
+          r.process { send_purchasecc(creditcard, order_ref) }
+        end
+      end
+
+      # Public: Unstores a customer's credit card and deletes their Payex agreement.
+      #
+      # authorization - The authorization token from the store request.
+      #
+      # Returns an ActiveMerchant::Billing::Response object
+      def unstore(authorization, options = {})
+        send_delete_agreement(authorization)
+      end
+
+      private
+
+      def send_initialize(amount, is_auth, options = {})
+        properties = {
+          accountNumber: @options[:account],
+          purchaseOperation: is_auth ? 'AUTHORIZATION' : 'SALE',
+          price: amount,
+          priceArgList: nil,
+          currency: (options[:currency] || default_currency),
+          vat: options[:vat] || 0,
+          orderID: options[:order_id],
+          productNumber: options[:product_number] || '1',
+          description: options[:description] || options[:order_id],
+          clientIPAddress: options[:client_ip_address] || '127.0.0.1',
+          clientIdentifier: nil,
+          additionalValues: nil,
+          externalID: nil,
+          returnUrl: 'http://example.net', # set to dummy value since this is not used but is required
+          view: 'CREDITCARD',
+          agreementRef: options[:agreement_ref], # this is used to attach a stored agreement to a transaction as part of the store card
+          cancelUrl: nil,
+          clientLanguage: nil
+        }
+        hash_fields = [:accountNumber, :purchaseOperation, :price, :priceArgList, :currency, :vat, :orderID,
+                       :productNumber, :description, :clientIPAddress, :clientIdentifier, :additionalValues,
+                       :externalID, :returnUrl, :view, :agreementRef, :cancelUrl, :clientLanguage]
+        add_request_hash(properties, hash_fields)
+        soap_action = SOAP_ACTIONS[:initialize]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def send_purchasecc(payment_method, order_ref)
+        properties = {
+          accountNumber: @options[:account],
+          orderRef: order_ref,
+          transactionType: 1, # online payment
+          cardNumber: payment_method.number,
+          cardNumberExpireMonth: format(payment_method.month, :two_digits),
+          cardNumberExpireYear: format(payment_method.year, :two_digits),
+          cardHolderName: payment_method.name,
+          cardNumberCVC: payment_method.verification_value
+        }
+        hash_fields = [:accountNumber, :orderRef, :transactionType, :cardNumber, :cardNumberExpireMonth,
+                       :cardNumberExpireYear, :cardNumberCVC, :cardHolderName]
+        add_request_hash(properties, hash_fields)
+
+        soap_action = SOAP_ACTIONS[:purchasecc]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def send_autopay(amount, authorization, is_auth, options = {})
+        properties = {
+          accountNumber: @options[:account],
+          agreementRef: authorization,
+          price: amount,
+          productNumber: options[:product_number] || '1',
+          description: options[:description] || options[:order_id],
+          orderId: options[:order_id],
+          purchaseOperation: is_auth ? 'AUTHORIZATION' : 'SALE',
+          currency: (options[:currency] || default_currency),
+        }
+        hash_fields = [:accountNumber, :agreementRef, :price, :productNumber, :description, :orderId, :purchaseOperation, :currency]
+        add_request_hash(properties, hash_fields)
+
+        soap_action = SOAP_ACTIONS[:autopay]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def send_capture(amount, transaction_number, options = {})
+        properties = {
+          accountNumber: @options[:account],
+          transactionNumber: transaction_number,
+          amount: amount,
+          orderId: options[:order_id] || '',
+          vatAmount: options[:vat_amount] || 0,
+          additionalValues: ''
+        }
+        hash_fields = [:accountNumber, :transactionNumber, :amount, :orderId, :vatAmount, :additionalValues]
+        add_request_hash(properties, hash_fields)
+
+        soap_action = SOAP_ACTIONS[:capture]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def send_credit(transaction_number, amount, options = {})
+        properties = {
+          accountNumber: @options[:account],
+          transactionNumber: transaction_number,
+          amount: amount,
+          orderId: options[:order_id],
+          vatAmount: options[:vat_amount] || 0,
+          additionalValues: ''
+        }
+        hash_fields = [:accountNumber, :transactionNumber, :amount, :orderId, :vatAmount, :additionalValues]
+        add_request_hash(properties, hash_fields)
+
+        soap_action = SOAP_ACTIONS[:credit]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def send_cancel(transaction_number)
+        properties = {
+          accountNumber: @options[:account],
+          transactionNumber: transaction_number,
+        }
+        hash_fields = [:accountNumber, :transactionNumber]
+        add_request_hash(properties, hash_fields)
+
+        soap_action = SOAP_ACTIONS[:cancel]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def send_create_agreement(options)
+        properties = {
+          accountNumber: @options[:account],
+          merchantRef: options[:merchant_ref] || '1',
+          description: options[:description] || options[:order_id],
+          purchaseOperation: 'SALE',
+          maxAmount: options[:max_amount] || 100000, # default to 1,000
+          notifyUrl: '',
+          startDate: options[:startDate] || '',
+          stopDate: options[:stopDate] || ''
+        }
+        hash_fields = [:accountNumber, :merchantRef, :description, :purchaseOperation, :maxAmount, :notifyUrl, :startDate, :stopDate]
+        add_request_hash(properties, hash_fields)
+
+        soap_action = SOAP_ACTIONS[:create_agreement]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def send_delete_agreement(authorization)
+        properties = {
+          accountNumber: @options[:account],
+          agreementRef: authorization,
+        }
+        hash_fields = [:accountNumber, :agreementRef]
+        add_request_hash(properties, hash_fields)
+
+        soap_action = SOAP_ACTIONS[:delete_agreement]
+        request = build_xml_request(soap_action, properties)
+        commit(soap_action, request)
+      end
+
+      def url_for(soap_action)
+        File.join(base_url(soap_action), soap_action[:url])
+      end
+
+      def base_url(soap_action)
+        if soap_action[:confined]
+          test? ? test_confined_url : live_confined_url
+        else
+          test? ? test_external_url : live_external_url
+        end
+      end
+
+      # this will add a hash to the passed in properties as required by Payex requests
+      def add_request_hash(properties, fields)
+        data = fields.map { |e| properties[e] }
+        data << @options[:encryption_key]
+        properties['hash_'] = Digest::MD5.hexdigest(data.join(''))
+      end
+
+      def build_xml_request(soap_action, properties)
+        builder = Nokogiri::XML::Builder.new
+        builder.__send__('soap12:Envelope', {'xmlns:xsi' => 'http://www.w3.org/2001/XMLSchema-instance',
+                                             'xmlns:xsd' => 'http://www.w3.org/2001/XMLSchema',
+                                             'xmlns:soap12' => 'http://www.w3.org/2003/05/soap-envelope'}) do |root|
+          root.__send__('soap12:Body') do |body|
+            body.__send__(soap_action[:name], xmlns: soap_action[:xmlns]) do |doc|
+              properties.each do |key, val|
+                doc.send(key, val)
+              end
+            end
+          end
+        end
+        builder.to_xml
+      end
+
+      def parse(xml)
+        response = {}
+
+        xmldoc = Nokogiri::XML(xml)
+        body = xmldoc.xpath('//soap:Body/*[1]')[0].inner_text
+
+        doc = Nokogiri::XML(body)
+
+        doc.root&.xpath('*')&.each do |node|
+          if node.elements.size == 0
+            response[node.name.downcase.to_sym] = node.text
+          else
+            node.elements.each do |childnode|
+              name = "#{node.name.downcase}_#{childnode.name.downcase}"
+              response[name.to_sym] = childnode.text
+            end
+          end
+        end
+
+        response
+      end
+
+      # Commits all requests to the Payex soap endpoint
+      def commit(soap_action, request)
+        url = url_for(soap_action)
+        headers = {
+          'Content-Type' => 'application/soap+xml; charset=utf-8',
+          'Content-Length' => request.size.to_s
+        }
+        response = parse(ssl_post(url, request, headers))
+        Response.new(success?(response),
+          message_from(response),
+          response,
+          test: test?,
+          authorization: build_authorization(response)
+        )
+      end
+
+      def build_authorization(response)
+        # agreementref is for the store transaction, everything else gets transactionnumber
+        response[:transactionnumber] || response[:agreementref]
+      end
+
+      def success?(response)
+        response[:status_errorcode] == 'OK' && response[:transactionstatus] != TRANSACTION_STATUS[:failure]
+      end
+
+      def message_from(response)
+        response[:status_description]
+      end
+    end
+  end
+end