Difference between revisions of "Token Plus"

From TMM Wiki
Jump to navigationJump to search
 
(49 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 
{{NATS4 Manual
 
{{NATS4 Manual
 
| show_sites_admin_section = true
 
| show_sites_admin_section = true
 +
| show_billers_admin_section = true
 
}}
 
}}
 +
  
 
Token Plus is a feature in [[NATS4]] that allows [[Ct#Member|members]] of [[Token Sites]] to purchase additional tokens for their account, without requiring them to re-input their payment information. This lets your existing [[Ct#Member|members]] complete additional token transactions quickly and easily, eliminating additional steps in the process.
 
Token Plus is a feature in [[NATS4]] that allows [[Ct#Member|members]] of [[Token Sites]] to purchase additional tokens for their account, without requiring them to re-input their payment information. This lets your existing [[Ct#Member|members]] complete additional token transactions quickly and easily, eliminating additional steps in the process.
 +
 +
To do this, you can give the following link to your users in order for them to purchase more tokens:
 +
<pre>
 +
http://<linkdomain>/signup/tokenplus.php?site=<siteid>&username=<username>
 +
</pre>
 +
 +
Replace ''<linkdomain>'' with your [[Ct#Site|site's]] actual [[Ct#Linkdomain|linkdomain]], then replace ''<siteid>'' with the [[Ct#Site|site's]] [[NATS]] site ID number. Finally, you must replace ''<username>'' with the user's [[NATS]] username.
  
 
== Enabling Token Plus ==
 
== Enabling Token Plus ==
  
Before you can enable Token Plus in [[NATS]], you must first have a [[Token Sites|Token Site]] set up in the [[NATS4 Sites Admin|Sites Admin]]. If you do not already have one up, please see our [[Token Sites]] wiki article for more information on setting one up.
+
Before you can enable Token Plus in [[NATS]], you must first have a [[Token Sites|Token Site]] set up in the [[NATS4 Sites Admin|Sites Admin]]. If you do not already have one, please see our [[Token Sites]] wiki article for more information on setting one up.
  
Once you have [[Token Sites]] set up in [[NATS]], you can enable Token Plus by editing settings in the [[NATS4 Sites Admin|Sites Admin]]. To begin, navigate to the [[NATS4 Sites Admin|Sites Admin]], locate the [[Token Sites|Token Site]] you want to enable Token Plus on, and click the "Set Join Options" action icon for that [[Ct#Site|site]]. This will bring you to the "Join Options for this Site" page, where you'll see every [[Ct#Join Option|join option]] that you have set up. Edit an existing [[Ct#Join Option|join option]], or create a new join option that you want to have Token Plus enabled for.
+
Once you have [[Token Sites]] set up in [[NATS]], you can enable Token Plus by editing settings in the [[NATS4 Sites Admin|Sites Admin]]. To begin, navigate to the [[NATS4 Sites Admin|Sites Admin]], locate the [[Token Sites|Token Site]] you want to enable Token Plus on, and click the "Set Join Options" action icon for that [[Ct#Site|site]]. This will bring you to the "Join Options for this Site" page, where you'll see every [[Ct#Join Option|join option]] that you have set up. Edit an existing [[Ct#Join Option|join option]], or create a new join option on which you want to have Token Plus enabled.
  
 
[[File:New join option token rebuy.PNG|450px|Enabling Token Rebuys]]
 
[[File:New join option token rebuy.PNG|450px|Enabling Token Rebuys]]
  
You will see a setting marked "Token Rebuy Allowed" -- just fill in this box to enable the repurchasing of tokens by existing [[Ct#Member|members]]. Once you have set that, configure the rest of your [[Ct#Join Option|join option]] settings, and save your changes.
+
You will see a setting marked "Token Rebuy Allowed" -- check this box to enable the repurchasing of tokens by existing [[Ct#Member|members]]. Once you have set that, configure the rest of your [[Ct#Join Option|join option]] settings, and save your changes.
  
Token Plus will now be enabled for your chosen [[Ct#Join Option|join option]]. You can enable Token Plus for any [[Ct#Join Option|join option]] you set up for a [[Token Sites|token site]] in [[NATS]]. Just edit the [[Ct#Join Option|join option]] for any [[Ct#Site|site]] and check the "Token Rebuy Allowed" box to do so.
+
Token Plus will now be enabled for your chosen [[Ct#Join Option|join option]]. You can enable Token Plus for any [[Ct#Join Option|join option]] you set up for a [[Token Sites|token site]] in [[NATS]]. To do so, edit the [[Ct#Join Option|join option]] for any [[Ct#Site|site]] and check the "Token Rebuy Allowed" box.
  
 
[[File:Edit join option token rebuy.PNG|450px|Editing Join Options With Token Plus]]
 
[[File:Edit join option token rebuy.PNG|450px|Editing Join Options With Token Plus]]
Line 28: Line 37:
  
 
You can also use [[NATS4 Rules|rules]] to offer your Token Plus [[Ct#Join Option|join option]] for a specific duration of time, letting you use it as a limited promotion. Please see our [[NATS4 Rules]] wiki article for more information on this feature.
 
You can also use [[NATS4 Rules|rules]] to offer your Token Plus [[Ct#Join Option|join option]] for a specific duration of time, letting you use it as a limited promotion. Please see our [[NATS4 Rules]] wiki article for more information on this feature.
 +
 +
=== Additional Settings ===
 +
 +
As of NATS version 5.0.2.7, you can (optionally) enable the TOKENPLUS_SKIP_HIDDEN_JOIN_OPTIONS configuration setting on the config admin -> surfer page in the 'one click systems' section to prevent NATS from showing hidden join options on the /signup/tokenplus.php page unless that join option is passed in via the optionid variable.  This feature has no impact on processing, only on display.
  
 
== Additional Security ==
 
== Additional Security ==
Line 37: Line 50:
 
Use the ''MEMBER_STRING_AUTH_TOKENPLUS'' variable to choose whether or not you wish to use the new [[Ct#Member|member]] auth strings available in [[NATS]] 4.1. These strings contain a variety of information, and are designed to prevent unwanted token purchasing attempts by outside sources.
 
Use the ''MEMBER_STRING_AUTH_TOKENPLUS'' variable to choose whether or not you wish to use the new [[Ct#Member|member]] auth strings available in [[NATS]] 4.1. These strings contain a variety of information, and are designed to prevent unwanted token purchasing attempts by outside sources.
  
You can find this variable setting in the ''signup'' directory on your [[NATS]] server, located at ''nats_4/www/signup/tokenplus.php''. Locate the following setting:
+
This feature will be set to off by default. If you want to enable this feature for your Token Plus transactions, you can add the following necessary code to the ''config.php'' script on your [[NATS]] server:
  
 
<pre>
 
<pre>
$config['MEMBER_STRING_AUTH_TOKENPLUS'] = 0;
+
$config['MEMBER_STRING_AUTH_TOKENPLUS'] = 1;
 
</pre>
 
</pre>
  
This setting will be set to off by default. Change the value for this setting from 0 to 1 to activate the ''MEMBER_STRING_AUTH_TOKENPLUS'' setting to use additional security for your [[Ct#Member|member]] authorization strings.
+
This will activate the ''MEMBER_STRING_AUTH_TOKENPLUS'' setting to use additional security for your [[Ct#Member|member]] authorization strings. Do not add the provided code if you want to leave this feature disabled.
  
 
Once you have activated this setting, you must use the ''get_member_token_rebuy_string'' API call to get the correct auth string for the [[Ct#Member|member]] you want to enable Token Plus for. Please see our [[NATS4 API Get Member Token Rebuy String]] wiki article for more information on this process.
 
Once you have activated this setting, you must use the ''get_member_token_rebuy_string'' API call to get the correct auth string for the [[Ct#Member|member]] you want to enable Token Plus for. Please see our [[NATS4 API Get Member Token Rebuy String]] wiki article for more information on this process.
  
 
This function will return the auth string that is required for your [[Ct#Member|members]] to get authenticated for the Token Plus process. Include the auth string in the link for your [[Ct#Member|member]], and they will be able to use the Token Plus feature with the ''MEMBER_STRING_AUTH_TOKENPLUS'' security setting enabled.
 
This function will return the auth string that is required for your [[Ct#Member|members]] to get authenticated for the Token Plus process. Include the auth string in the link for your [[Ct#Member|member]], and they will be able to use the Token Plus feature with the ''MEMBER_STRING_AUTH_TOKENPLUS'' security setting enabled.
 +
 +
<pre>
 +
http://<linkdomain>/signup/tokenplus.php?site=<siteid>&username=<username>&authstring=<authstring>
 +
</pre>
  
 
=== Join Form Verification ===
 
=== Join Form Verification ===
Line 55: Line 72:
 
The Token Plus feature verifies [[Ct#Member|member]] e-mail addresses by default on the [[Ct#Join Form|join form]], but you can also add a switch to choose between verifying a [[Ct#Member|member's]] e-mail address, password, or both e-mail address and password.
 
The Token Plus feature verifies [[Ct#Member|member]] e-mail addresses by default on the [[Ct#Join Form|join form]], but you can also add a switch to choose between verifying a [[Ct#Member|member's]] e-mail address, password, or both e-mail address and password.
  
Locate the following code in your ''tokenplus.php'' script:
+
This feature will verify [[Ct#Member|member]] e-mail addresses by default. If you want to enable this feature for your Token Plus transactions, you can add the necessary code in the ''config.php'' script on your [[NATS]] server:
  
 
<pre>
 
<pre>
$config['TOKENPLUS_REQUIRED_FIELDS'] = 0;
+
$config['TOKENPLUS_REQUIRED_FIELDS'] = 1;
 
</pre>
 
</pre>
  
Change this setting to '1' if you want Token Plus to verify [[Ct#Member|member]] passwords. Change this to '2' if you want Token Plus to verify [[Ct#Member|member]] passwords and e-mail addresses. Leave this on the default setting ('0' or blank) if you want Token Plus to verify [[Ct#Member|member]] e-mail addresses.
+
Add this setting with a value of '1' if you want Token Plus to verify [[Ct#Member|member]] passwords. Change this to a value of '2' if you want Token Plus to verify both [[Ct#Member|member]] passwords and e-mail addresses. Do not add the provided code if you want to keep authenticating [[Ct#Member|member]] e-mail addresses.
  
 
This lets you choose what [[Ct#Member|member]] information you want [[NATS]] to verify on the [[Ct#Join Form|join form]] itself, preventing anyone from submitting a Token Plus [[Ct#Join Form|join form]] with an incorrect e-mail address, password, or both.
 
This lets you choose what [[Ct#Member|member]] information you want [[NATS]] to verify on the [[Ct#Join Form|join form]] itself, preventing anyone from submitting a Token Plus [[Ct#Join Form|join form]] with an incorrect e-mail address, password, or both.
Line 67: Line 84:
 
=== Using $_POST ===
 
=== Using $_POST ===
  
Token Plus also offers another security feature, allowing you to change the method of submitting data from $_REQUEST to $_POST to further authenticate your [[Ct#Member|members']] information. If you wish to use $_POST to authenticate your [[Ct#Join Form|join form]] transactions, modify the following code in your ''tokenplus.php'' script:
+
Token Plus also offers another security feature, allowing you to change the method of submitting data from $_REQUEST to $_POST to further authenticate your [[Ct#Member|members']] information.
 +
 
 +
This feature is set to use $_REQUEST by default. If you wish to use $_POST to authenticate your [[Ct#Join Form|join form]] transactions, add the following code to your ''config.php'' script:
  
 
<pre>
 
<pre>
$config['TOKENPLUS_POST_ONLY'] = 0;
+
$config['TOKENPLUS_POST_ONLY'] = 1;
 
</pre>
 
</pre>
  
Change this setting to '1' if you want Token Plus to use $_POST to authenticate your [[Ct#Member|members]]. Leave this on the default setting ('0' or blank) if you want Token Plus to use $_REQUEST when authenticating your [[Ct#Member|members]].
+
Add this setting with a value of '1' if you want Token Plus to only allow $_POST when authenticating your [[Ct#Member|members]]. If you want to use $_REQUEST when authenticating [[Ct#Member|members]], you do not have to add the provided code.
  
 
=== Throttling ===
 
=== Throttling ===
Line 82: Line 101:
  
 
For more information on this feature, please see our '''[[Throttling]]''' wiki article.
 
For more information on this feature, please see our '''[[Throttling]]''' wiki article.
 +
 +
== Pass Through Data ==
 +
 +
'''Note: this feature works for ALL billers that have a NATS Tokenplus integration via a backend call. Only the following billers that have a NATS Tokenplus integration via a redirect have this functionality'''<br>
 +
Epoch - 5.0.2.7<br>
 +
SegPay - 5.0.2.7<br>
 +
 +
As of version 5.0.2.7, NATS allows you to send subscription pass through data for each token rebuy transaction.  You can use any of the available subscription pass through fields.  For example, to send the member_subscription->passthrough2 field, you need to add the following to your tokenplus.php link.
 +
 +
<pre>
 +
&member_extra[<optionid>][subscription_passthrough2]=<your value here>
 +
</pre>
 +
 +
You will also need to make sure that your Tokenplus templates have the following code.
 +
 +
<pre>
 +
{if !empty($memberExtra) && is_array($memberExtra)}
 +
{foreach from=$memberExtra key=member_extra_key item=member_extra_val}
 +
{if is_array($member_extra_val)}
 +
{foreach from=$member_extra_val key=member_extra_key2 item=member_extra_val2}
 +
<input type="hidden" name="member_extra[{$member_extra_key|escape:'htmlall'}][{$member_extra_key2|escape:'htmlall'}]" value="{$member_extra_val2}"/>
 +
{/foreach}
 +
{else}
 +
<input type="hidden" name="member_extra[{$member_extra_key|escape:'htmlall'}]" value="{$member_extra_val}"/>
 +
{/if}
 +
{/foreach}
 +
{/if}
 +
</pre>
 +
 +
For the <optionid> value you can use the specific [[NATS4_Join_Option|NATS Option ID]] value to have the pass through value recorded only if the member purchases that specific option.  Alternatively, you can use 0 for the <optionid> value to have the pass through value apply to any option that the member decides to purchase.
 +
 +
Additionally, you can use the TOKENPLUS_INHERIT_SUBSCRIPTION_PASSTHROUGH_DATA config setting (config admin -> surfer page, one-click systems section) to tell NATS how to record subscription pass through data from the previous subscription.
 +
{| class="wikitable"
 +
|Do Not Inherit (default)
 +
|do not use the subscription pass through values from the previous subscription, only use the values from the member_extra array
 +
|-
 +
|Inherit and Override
 +
|use the subscription pass through values from the previous subscription, values from the member_extra array will override existing values
 +
|-
 +
|Inherit and Override blank values
 +
|use the subscription pass through values from the previous subscription, values from the member_extra array will override existing values only if the existing value is blank (0 is not blank)
 +
|-
 +
|Inherit Only
 +
|use the subscription pass through values from the previous subscription, values from the member_extra array will be ignored
 +
|}
 +
 +
== Redirect and Postback URLs ==
 +
 +
As of NATS version 5.0.2.7, Token Plus supports overriding approval and denial redirect urls as well as additional approval and denial postback urls.  This feature will work for any biller that does not require a redirect to their system to complete the token rebuy process.  To use this feature, you will need to add the additional[] array to your /signup/tokenplus.php link.  For example, adding <code><kbd><nowiki>&additional[approvalurl]=https://somedomain.com/somepage.html</nowiki></kbd></code> will redirect the member to the <kbd><nowiki>https://somedomain.com/somepage.html</nowiki></kbd> url if the token purchase is successful instead of redirecting to the token rebuy url from the NATS site admin or showing the NATS page_approval template.  Here are all of the available variables:
 +
 +
* <code>additional[approvalurl]=<url>?<query_string></code> - url to redirect to if token purchase successful
 +
* <code>additional[denialurl]=<url>?<query_string></code> - url to redirect to if token purchase is not successful
 +
* <code>additional[approvalposturl]=<url>?<post_data></code> - url to send a post to if token purchase is successful (this is in addition to not instead of the postback url defined in the NATS site admin)
 +
* <code>additional[denialposturl]=<url>?<post_data></code> - url to send a post to if token purchase is not successful (this is in addition to not instead of the postback url defined in the NATS site admin)
 +
 +
In order to use this feature, you need to set the signature password via the ADDITIONAL_SIGN_KEY config setting on the config admin -> surfer page in the one click systems section, sign the additional array in the url and provide the signature (<code>additional[signature]=<signature></code>) in your request.  Also, please make sure to remove the signature password value (<code>additional[password]</code>) from your request.  Here is an example script.
 +
<pre>
 +
<?php
 +
 +
$data = Array();
 +
$data['additional'] = Array();
 +
$data['additional']['password'] = '<value of the ADDITIONAL_SIGN_KEY config setting>';
 +
$data['additional']['approvalurl'] = '<value>';
 +
$data['additional']['denialurl'] = '<value>';
 +
$data['additional']['approvalposturl'] = '<value>';
 +
$data['additional']['denialposturl'] = '<value>';
 +
 +
ksort($data['additional']);
 +
$dataString = implode('~~~', $data['additional']);
 +
$data['additional']['signature'] = hash('sha512', $dataString);
 +
 +
unset($data['additional']['password']);
 +
 +
$query = http_build_query($data);
 +
</pre>
 +
 +
You will also need to make sure you have the following code on your tokenplus templates
 +
<pre>
 +
{if !empty($additionalData) && is_array($additionalData)}
 +
{foreach from=$additionalData key=additional_key item=additional_val}
 +
<input type="hidden" name="additional[{$additional_key|escape:'htmlall'}]" value="{$additional_val}"/>
 +
{/foreach}
 +
{/if}
 +
</pre>
 +
 +
 +
[[Category:NATS4 Configuration Admin]]
 +
[[Category:NATS4 Sites]]

Latest revision as of 15:40, 7 October 2020

NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
Sites Admin
The Sites Admin
Sites
Site Setup
Site Templates
Tour Setup
Join Options
No Cost Registration
Special Pricing Options
Join Option Rules
Post URL Usage
Post URLs in NATS4
Approval/Upgrade/Denial Variables
Approval/Upgrade/Denial Template Variables
Mobile Tours
Token Sites
ID Numbers
Site Partner
Site User Management
Example Postbacks for Site User Management
Configure Redirects
Split A-B Testing
Username Checking
Form Validation
Post-Biller Templates
Send Information To Special Biller
Join Option Box vs Button
Qualified Join Page Hits
Allowed languages
Customize Join Form
Package Plus
Token Plus
Signup Plus
Type-In Traffic
Coupon Codes
Setting Rules
Site Groups
Options Simulator
ATVOD Verification Process
Billers Admin
The Billers Admin
Biller
Biller Fees
Taxes
NATS Cascades
Add Cascade
Cascade Weight
Autocascade
Hidden Cascades
Geo-Targeting Cascades
Post-Biller Templates
HTTPS Gateways
Timed Cascade Rules
Upgrade Plus
Token Plus
Gateway One Step Join
Extra Biller Fields
Send Information To Special Biller
Setting Rules
Cross Sell Supported Billers
Upsell Supported Billers
Packageplus Supported Billers
Tokenplus Supported Billers


Token Plus is a feature in NATS4 that allows members of Token Sites to purchase additional tokens for their account, without requiring them to re-input their payment information. This lets your existing members complete additional token transactions quickly and easily, eliminating additional steps in the process.

To do this, you can give the following link to your users in order for them to purchase more tokens:

http://<linkdomain>/signup/tokenplus.php?site=<siteid>&username=<username>

Replace <linkdomain> with your site's actual linkdomain, then replace <siteid> with the site's NATS site ID number. Finally, you must replace <username> with the user's NATS username.

Enabling Token Plus

Before you can enable Token Plus in NATS, you must first have a Token Site set up in the Sites Admin. If you do not already have one, please see our Token Sites wiki article for more information on setting one up.

Once you have Token Sites set up in NATS, you can enable Token Plus by editing settings in the Sites Admin. To begin, navigate to the Sites Admin, locate the Token Site you want to enable Token Plus on, and click the "Set Join Options" action icon for that site. This will bring you to the "Join Options for this Site" page, where you'll see every join option that you have set up. Edit an existing join option, or create a new join option on which you want to have Token Plus enabled.

Enabling Token Rebuys

You will see a setting marked "Token Rebuy Allowed" -- check this box to enable the repurchasing of tokens by existing members. Once you have set that, configure the rest of your join option settings, and save your changes.

Token Plus will now be enabled for your chosen join option. You can enable Token Plus for any join option you set up for a token site in NATS. To do so, edit the join option for any site and check the "Token Rebuy Allowed" box.

Editing Join Options With Token Plus

To disable Token Plus for your members, simply uncheck the "Token Rebuy Allowed" checkbox for your join options.

Setting Rules

The Rules feature lets you offer your Token Plus join options only to members referred from different tours, programs, affiliates, countries, and billers.

Setting Rules for Token Plus Join Options

You can also use rules to offer your Token Plus join option for a specific duration of time, letting you use it as a limited promotion. Please see our NATS4 Rules wiki article for more information on this feature.

Additional Settings

As of NATS version 5.0.2.7, you can (optionally) enable the TOKENPLUS_SKIP_HIDDEN_JOIN_OPTIONS configuration setting on the config admin -> surfer page in the 'one click systems' section to prevent NATS from showing hidden join options on the /signup/tokenplus.php page unless that join option is passed in via the optionid variable. This feature has no impact on processing, only on display.

Additional Security

Token Plus also contains additional security features, which allow you to further secure the transactions occurring on your join forms. For example, you can use API calls to get secure member authorization strings, verify surfer information on the join form, and change the input source to use POST instead of GET.

MEMBER_STRING_AUTH_TOKENPLUS

Use the MEMBER_STRING_AUTH_TOKENPLUS variable to choose whether or not you wish to use the new member auth strings available in NATS 4.1. These strings contain a variety of information, and are designed to prevent unwanted token purchasing attempts by outside sources.

This feature will be set to off by default. If you want to enable this feature for your Token Plus transactions, you can add the following necessary code to the config.php script on your NATS server:

$config['MEMBER_STRING_AUTH_TOKENPLUS'] = 1;

This will activate the MEMBER_STRING_AUTH_TOKENPLUS setting to use additional security for your member authorization strings. Do not add the provided code if you want to leave this feature disabled.

Once you have activated this setting, you must use the get_member_token_rebuy_string API call to get the correct auth string for the member you want to enable Token Plus for. Please see our NATS4 API Get Member Token Rebuy String wiki article for more information on this process.

This function will return the auth string that is required for your members to get authenticated for the Token Plus process. Include the auth string in the link for your member, and they will be able to use the Token Plus feature with the MEMBER_STRING_AUTH_TOKENPLUS security setting enabled.

http://<linkdomain>/signup/tokenplus.php?site=<siteid>&username=<username>&authstring=<authstring>

Join Form Verification

You can also add additional security checks when offering Token Plus options for your members registered to Token Sites.

The Token Plus feature verifies member e-mail addresses by default on the join form, but you can also add a switch to choose between verifying a member's e-mail address, password, or both e-mail address and password.

This feature will verify member e-mail addresses by default. If you want to enable this feature for your Token Plus transactions, you can add the necessary code in the config.php script on your NATS server:

$config['TOKENPLUS_REQUIRED_FIELDS'] = 1;

Add this setting with a value of '1' if you want Token Plus to verify member passwords. Change this to a value of '2' if you want Token Plus to verify both member passwords and e-mail addresses. Do not add the provided code if you want to keep authenticating member e-mail addresses.

This lets you choose what member information you want NATS to verify on the join form itself, preventing anyone from submitting a Token Plus join form with an incorrect e-mail address, password, or both.

Using $_POST

Token Plus also offers another security feature, allowing you to change the method of submitting data from $_REQUEST to $_POST to further authenticate your members' information.

This feature is set to use $_REQUEST by default. If you wish to use $_POST to authenticate your join form transactions, add the following code to your config.php script:

$config['TOKENPLUS_POST_ONLY'] = 1;

Add this setting with a value of '1' if you want Token Plus to only allow $_POST when authenticating your members. If you want to use $_REQUEST when authenticating members, you do not have to add the provided code.

Throttling

Throttling is a security setting available in NATS 4.1, which allows you to lock out surfers for a specified period of time if they make too many attempts on certain pages in NATS.

You can use the Throttling feature to help secure your tokenplus.php page, preventing surfers from forcing transactions without the correct auth string. Just go to the "Security" configuration page, found in the Configuration Admin.

For more information on this feature, please see our Throttling wiki article.

Pass Through Data

Note: this feature works for ALL billers that have a NATS Tokenplus integration via a backend call. Only the following billers that have a NATS Tokenplus integration via a redirect have this functionality
Epoch - 5.0.2.7
SegPay - 5.0.2.7

As of version 5.0.2.7, NATS allows you to send subscription pass through data for each token rebuy transaction. You can use any of the available subscription pass through fields. For example, to send the member_subscription->passthrough2 field, you need to add the following to your tokenplus.php link.

&member_extra[<optionid>][subscription_passthrough2]=<your value here>

You will also need to make sure that your Tokenplus templates have the following code.

{if !empty($memberExtra) && is_array($memberExtra)}
	{foreach from=$memberExtra key=member_extra_key item=member_extra_val}
		{if is_array($member_extra_val)}
			{foreach from=$member_extra_val key=member_extra_key2 item=member_extra_val2}
				<input type="hidden" name="member_extra[{$member_extra_key|escape:'htmlall'}][{$member_extra_key2|escape:'htmlall'}]" value="{$member_extra_val2}"/>
			{/foreach}
		{else}
			<input type="hidden" name="member_extra[{$member_extra_key|escape:'htmlall'}]" value="{$member_extra_val}"/>
		{/if}
	{/foreach}
{/if}

For the <optionid> value you can use the specific NATS Option ID value to have the pass through value recorded only if the member purchases that specific option. Alternatively, you can use 0 for the <optionid> value to have the pass through value apply to any option that the member decides to purchase.

Additionally, you can use the TOKENPLUS_INHERIT_SUBSCRIPTION_PASSTHROUGH_DATA config setting (config admin -> surfer page, one-click systems section) to tell NATS how to record subscription pass through data from the previous subscription.

Do Not Inherit (default) do not use the subscription pass through values from the previous subscription, only use the values from the member_extra array
Inherit and Override use the subscription pass through values from the previous subscription, values from the member_extra array will override existing values
Inherit and Override blank values use the subscription pass through values from the previous subscription, values from the member_extra array will override existing values only if the existing value is blank (0 is not blank)
Inherit Only use the subscription pass through values from the previous subscription, values from the member_extra array will be ignored

Redirect and Postback URLs

As of NATS version 5.0.2.7, Token Plus supports overriding approval and denial redirect urls as well as additional approval and denial postback urls. This feature will work for any biller that does not require a redirect to their system to complete the token rebuy process. To use this feature, you will need to add the additional[] array to your /signup/tokenplus.php link. For example, adding &additional[approvalurl]=https://somedomain.com/somepage.html will redirect the member to the https://somedomain.com/somepage.html url if the token purchase is successful instead of redirecting to the token rebuy url from the NATS site admin or showing the NATS page_approval template. Here are all of the available variables:

  • additional[approvalurl]=<url>?<query_string> - url to redirect to if token purchase successful
  • additional[denialurl]=<url>?<query_string> - url to redirect to if token purchase is not successful
  • additional[approvalposturl]=<url>?<post_data> - url to send a post to if token purchase is successful (this is in addition to not instead of the postback url defined in the NATS site admin)
  • additional[denialposturl]=<url>?<post_data> - url to send a post to if token purchase is not successful (this is in addition to not instead of the postback url defined in the NATS site admin)

In order to use this feature, you need to set the signature password via the ADDITIONAL_SIGN_KEY config setting on the config admin -> surfer page in the one click systems section, sign the additional array in the url and provide the signature (additional[signature]=<signature>) in your request. Also, please make sure to remove the signature password value (additional[password]) from your request. Here is an example script.

<?php

$data = Array();
$data['additional'] = Array();
$data['additional']['password'] = '<value of the ADDITIONAL_SIGN_KEY config setting>';
$data['additional']['approvalurl'] = '<value>';
$data['additional']['denialurl'] = '<value>';
$data['additional']['approvalposturl'] = '<value>';
$data['additional']['denialposturl'] = '<value>';

ksort($data['additional']);
$dataString = implode('~~~', $data['additional']);
$data['additional']['signature'] = hash('sha512', $dataString);

unset($data['additional']['password']);

$query = http_build_query($data);

You will also need to make sure you have the following code on your tokenplus templates

{if !empty($additionalData) && is_array($additionalData)}
	{foreach from=$additionalData key=additional_key item=additional_val}
		<input type="hidden" name="additional[{$additional_key|escape:'htmlall'}]" value="{$additional_val}"/>
	{/foreach}
{/if}