Intuit Payment Solutions Module for WebsiteBaker

In July, 2011, I wrote a PHP module to use Intuit Payment Solutions (IPS Hosted PayPage) within WebsiteBaker. I plan to release the module soon because it started with Christoph Marti's GPL code, and thus my code will be GPL.

I'm going to start with pointers for creating an IPS test environment and pointing the Hosted PayPage (HPP) return link to the right place. (There's a reason I'm starting with this.)

The Code

Here is the code, v0.3.0.

2016 Update

Most of the original Intuit developer links are broken. I'm going to very quickly try to get close to the current ones. I'll list the original links below. I may leave placeholders, too, rather than broken links.

Getting a Test Connection Ticket

See the IPS "Get Set Up" process needed to test an application. Note that when you "create an application" (step 2--this should more precisely be called "register your application"), you'll choose the "desktop model" to use my module and NOT the "Hosted Security Model (hosted / web app)." That verbiage is very confusing. The Hosted Security Model assumes that your server has HTTPS certificates verified by a certificate authority. (It probably also assumes one of the older, more expensive CA's.) Even though it seems for all the world that we can't be dealing with a "desktop" model, we are indeed using the desktop model on a web server.

The (encrypted text of the) Connection Ticket you get in Step 4 goes in the value_3 field of mod_bakery_payment_methods. (There is a GUI equivalent of this that I'll look up eventually.)

There are two Intuit accounts involved in creating a test app. One is the developer account and one is the simulated merchant account. Previously, you've used the dev account. To set up the Hosted PayPage and what I'm calling the "backlink" from HPP back to your app, log in as the simulated merchant. Once you log in, "Hosted PayPage" is under "Account" to the lower left, probably off your screen until you scroll. Under "Transaction Results Settings," choose "send the results to the web address below" which will be something like


From "modules" on, the path is fixed unless you've changed something within Bakery or Bakery Payment Methods. Click "Save Changes," of course.

Notes on the Code

mod_bakery_payment_methods fields

I use these fields a bit differently than Marti:

activedirectoryvalue_1value_2value_3 value_4value_5
1qbmsbase URLApp Name (enc) Ticketpage id on success page id on failure


Previous Work

I based my code in part based on Add a new payment method plugin to Bakery (PDF), document version 0.4. This almost certainly isn't the latest document. I post it to give you some idea of what I was thinking.

My code is based on and partially integrates with Christoph Marti's 2010-dated "Bakery Payment Methods" sub-modules for a number of other payment systems. I'll try to elaborate on "partially."

My files are intended to "live in" <your WebsiteBaker-made site>/modules/bakery/payment_methods/qbms Some of my file names are based on Marti's code and the PDF above:

mkdec Script

The mkdec PHP script takes the Connection Ticket as a command line argument within single quotes ('): e.g.
$ ./mkdec 'TGT-67-xvjrJ5ngwHLmxB3pDYmh4g'

The single quotes are needed because some tickets have a $ in them. This will be interpreted by PHP as a variable without the single quotes. (And there are other special characters that could cause problems, too.)

The script will give you the SQL needed to put the encrypted ticket in the database and will create the decrypt.php with the necessary key. The ticket should be encrypted per Intuit Security Guidelines.

Database Changes

I created a table to do a security check between the first two calls to Intuit and the return confirmation. Here is the definition:

CREATE TABLE IF NOT EXISTS mod_bakery_order_security (
order_id INT(6) NOT NULL,
order_total DECIMAL(9,2) NOT NULL,
secret VARCHAR(32) NOT NULL,

Relevant Intuit API Links


A Note on What the Payment System is Called

During the project, I was referring to the Intuit Payment System as the QuickBooks Merchant Services (QBMS) payment system. Intuit's naming seems a bit inconsistent. I do see references to "qbms" in some places on Intuit's site. That's how my folder got the name "qbms." Perhaps it should be called "IntuitHPP," but I think I'll leave it at qbms.

Code Versions

As of August 11, 2011, before any GPL changes, I list my code as version 0.2.0 on my client's test database. That code should probably be at least 0.2.1 because I made the security modifications after that, as I recall. I'll probably call my first GPL release 0.3.0, in any event.

In report.php: // KB 2011/07/12 3:22am - probably v0.2.0 - with extra security checks

In geturl.php: // KB 2011/07/11 6:40am - baseURL error_log entry removed; calling this v0.1.2

Copying this Documentation

This is documentation to GPL code, so please copy it, re-post it, edit it, and package it with the code as needed. Give me credit, and refer back to this page if it still exists. If you modify this, say so. If you totally rewrite this, give me credit for writing the code.

Original 2011 links

Page History

2016/12/05 10:52pm - fixing links

Page started August 11, 2011 ca. 3:30pm EDT (15:30, USA, GMT -4). Posted perhaps 08/12 1:15am. I plan to release the code later tonight.

Valid XHTML 1.0 Strict