Redirecting to a new page with the API

Options

Howdy! I have a custom form built on my own site that submits to Convio via the API. I've populated the error_redirect and success_redirect fields, but the form still just returns a patch of XML data instead of hopping to one of those pages.

Can anyone think of something obvious that I might be missing?

Thanks so much,

Steve

Tagged:

Comments

  • The form arguments look correct to me. I don't have anything currently set up for a donation API test, so it could be a day or two before I can set up something to get a more in depth look.

    It looks like you are submitting the forms to your server as part of the flow that you've created. You should be aware that once a credit card number is passed through a server, it will fall under the domain of PCIDSS. This is true whether you persist the card number or not. This is kind of a big responsibility to assume. If you want to do a multi-step flow on anything other than on the Convio secure pages, you should probably collect the card number in the very last step so that you do not have to pass it into your servers.

    I'd also be happy to walk you through the javascript API that we have in beta now. It should let you use the API in a mock AJAX style rather than using the redirect URLs.

  • I took another look at your form this morning. What is happening is that when you submit to your server and then redisplay a page with an onload action to submit to us that page does not contain error_redirect or success_redirect as an argument. If you run the last page of your form with javascript disabled or under Firebug, you'll see what I mean.

    I also verified that the error_redirect and success_redirect are working correctly by running directly to the API with the form contents that you were submitting back to your server.

    I do want to reemphasize that passing the credit card info into your servers is not a good idea and does have PCIDSS implications for you.

  • DavidHart :

    I took another look at your form this morning. What is happening is that when you submit to your server and then redisplay a page with an onload action to submit to us that page does not contain error_redirect or success_redirect as an argument. If you run the last page of your form with javascript disabled or under Firebug, you'll see what I mean.

    I also verified that the error_redirect and success_redirect are working correctly by running directly to the API with the form contents that you were submitting back to your server.

    I do want to reemphasize that passing the credit card info into your servers is not a good idea and does have PCIDSS implications for you.

    Ah! You know, I must be losing my marbles. Thanks for taking a look at this.

    We have other systems internally that process credit cards, so we're PCIDSS compliant on the server side. We're not doing any storage of the #'s in this case, and only passing the #'s over a secure encrypted connection. But thanks for pointing this out... it's something I'm unfamiliar with, but fortunately we have some folks well versed in this on site.

Categories