I have written a shell payment module to access my ecommerce payment gateway. I'm running V4.14. The payment gateway will be used behind the scenes to accept data (via POST)and authorize payment then come back to the INVC. What is the most secure way to pass the confidential data, i.e merchant id & password, cc info, etc?

With an HTTP Post using SSL.

Your module should use an MvCALL out to a secure link, and process the return data with callvalue.

http://smallbusiness.miva.com/support/docs/ScriptGuide_html/ScriptGuide.html#493115

You can also do this with a commerce library:
http://smallbusiness.miva.com/support/docs/api/api_howto/HowToCreate_PayMod.html

I'm running V4.23 and Engine V4.14 and was able to post and return from my payment gateway with hard coded values. I'm now switching over to the actual user inputs. I have all the variables working except for the basket total. I need to add the MVDO command though not sure what to code for the file and the function Basket_Total.

/lib/db.mv contains the Basket_Total() function.

I have the total working now. Thank you. :)

I now have another problem with the credit card input fields not redisplaying the user entry when the user's entries fail the edits in the validate function. The fields are highlighted red, but empty as though it was the first time for the screen. I tried adding the value attribute on the html output from the payment field function, but no luck. Any help would be appreciated.

You would have to store the value to another variable and populate with an Error condition in your MvFUNCTIONRETURN value.

I would strongly suggest you NOT do this, as the credit card number will be plainly visible in the HTML.

Best to just leave it be reset to an empty field.

Thank you for the advice, as I definitely do not want the cc in the HTML.

I'm having no luck with passing the error message from the payment_authorize module back to admin for display on the screen. I tried assigning a variable and passing that in the function return, but that did not work. Is there a special variable I should be populating? By chance do you have an example?

MIVA has instructions on how to write a payment module available in the Developer Docs section of thier website.

I have read all of it and have a working payment module already with my payment gateway. I'm now heavily testing the edits and error conditions; however, if the payment rejects, I'd like to display the message that is returned from my payment gateway to the user.
I call to the payment gateway in the payment_authorize function. The documentation states to pass a 0 or 1 in function return for succcess or failure, though I also would like to pass an error message to be displayed instead of the admin message "unable to authorize payment". Is that possible? I didn't see any reference on how to go about doing it.

No one has replied yet so Ill post my question again.

Does anyone know how to replace the error message "unable to authorize" with a custom one within a custom payment module I have written. I have tried to set the return value to the message and tried setting the variable g.message but neither works. I'm running engine 4.14.