Single Barclaycard EPDQ account to work for multiple domains

Few days back I had to integrate EPDQ CPI for 2 domains where the client wanted to use their existing EPDQ account for both domains. The problem integrating EPDQ for multiple domains is, EPDQ allows one url for each account called “Allowed URL” that is the allowed url to POST requests to EPDQ; and also it provides one url called “Post URL” where it sends the response back to the server after the transaction.

The Solution
To solve this problem, there is a section in the EPDQ integration doc called “Jumping page” where they describes the theory of creating a single page for all the domains, which would work as a common gateway between EPDQ and the domains. What they did not mention in their doc is, what about the information returned back to domains? As different domains have their own databases we have to distribute the responses coming back from EPDQ to the corresponding domain that made the payment request.

In this article I am not writing the whole procedure of integrating EPDQ with any e-commerce site. You can find it here. I am considering you already have integrated EPDQ for a single domain.

For your EPDQ account to work with multiple domains, you’ll need to add 2 scripts (I call them gateway scripts). One is the “Allowed URL” and another one is the “POST URL”. Lets call the “Allowed URL” script epdq_request.php and the “POST URL” script epdq_response.php.
Don’t worry, I have added the sample scripts at the end of the article :)
Now follow the steps below:

  1. Put the scripts in any of your domains. Please remember, EPDQ requires the epdq_response.php script to be put in a folder protected by basic authentication (although it worked without any authentication :) ).
  2. While integrating EPDQ, after encrypting your order detail(see the integration document about encrypting) with the encryption tool, on the final step you’ll need to submit the encrypted data to EPDQ server using a form. The “action” url of the form is this –

    Replace this url by your epdq_request.php url which’ll be something like this: https://YOUR_DOMAIN/epdq_request.php. So all the requests from any of your domains will be submitted to this script. Easy!!

  3. Now, how to differentiate among the responses? How do we know which response is made for which domain? At this stage, we need to do some tricks. When we send request to EPDQ encryption tool, we add a field called oid (or order id) which is the order id in our databases. Lets assign different prefixes for each domains and add them with oid field before we send it to EPDQ. This’ll let us know which order is made from which domain. For example, is assigned a prefix D1, similarly domain2, domain3 are assigned prefixes D2, D3 respectively. When any order is made from domain1(let say order id 123456), we add the prefix “D1-” with it. So the EPDQ order id will be “D1-123456” for domain1. In the same way, orders from domain2 and domain3 will have EPDQ order ids like “D2-123456”, “D3-123456” respectively.
  4. There’ll be different scripts in different domains that handle the EPDQ responses and update their corresponding order (or database) depending on orders being successful or not. We will map these scripts in our epdq_response.php script against the domain prefixes. In my script I have built an array like this:

    $domainMap = array(‘D1’ => ‘’,
    ‘D2’ => ‘’,
    ‘D3’ => ‘’);

    Script is given at the end of the article.

  5. Now login to your Barclaycard EPDQ account and set the “Allowed URL” and “POST URL” to http://YOUR_DOMAIN/epdq_request.php and http://YOUR_DOMAIN/PROTECTED_FOLDER/epdq_response.php respectively. Add the username and password for you password protected directory where you have put the epdq_response.php script. Save your settings. EPDQ takes 10 to 15 minutes to update the settings.

That’s all. You are all set to go. Now all the order requests from all the domains will be submitted to epdq_request.php script and it’ll send the requests to EPDQ and all the responses from EPDQ will be sent to epdq_response.php script and it’ll distribute the responses depending on the order id prefix. Hope it helps!!

Download scripts

, ,

  1. #1 by Moyassar Anwar on September 20, 2010 - 5:44 pm

    I tried searching everywhere to guide me on how to set up multiple websites to work with the same epdq but had no luck. Your help is much appreciated and I wish you the best of luck to succeed in life!

  2. #2 by Personal Performance on January 13, 2011 - 5:39 pm

    Hi, thanks for this great little script that I’m trying to use on our site at and
    Both sites are running on Drupal but the message doesn’t seem to be coming back to the script from Barclaycard. Can you think of anything I might have missed and what is the best way to debug this as I think the message is server to server so cant see anything in the browser. I’m assuming server logs but my host doesn’t seem to make these available until 24 hours later.

    BTW the live site doesn’t have the script yet, it’s on the test sites.



  3. #3 by Imran on January 18, 2011 - 5:35 am

    Did you follow the Step 5? You need to tell Barclaycard to send the response to your script.

    As you said, the live site is not using it, I believe you have not updated the ‘Allowed’ and ‘POST’ urls.

    If you have already done it, you may check your server access log to check if barclaycard ever sent anything to the script or not.

  4. #4 by Steve on January 24, 2011 - 5:51 pm

    Your information is very helpful, but I wanted to check something, we want to integrate with WHMCS, ( we have had epdq running with an OsCommerce shop for a few years ok)

    So the urls for OsCommerce shop is POSTURL =

    and ALLOWED URL =

    Our WHMCS url is

    so which urls would we include in the $domainMap array in epdq_response.php ?

  5. #5 by Arup Chakraborty on January 28, 2011 - 7:56 pm

    Hello Imran,

    I have gone through your blog it is quite helpful. But currently I am working on a project where I need to integrate Single Barclaycard EPDQ MPI account for multiple domain. Since I don’t have any experience with this payment gateway hence I would like to take your advice to do this work. Please guide me.
    I have few queries……
    1) Will the step will be same for MPI account for multiple domain? (since your example is for CPI account)
    2) How the hidden values will be send to the Barclaycard payment gateway?
    3) How return url will back to the partcular domain in case of multiple domain?

    Expecting your favourable response. And if possible send me few sample codes.

    Arup Chakraborty

  6. #6 by Imran on January 31, 2011 - 5:26 pm

    Hi Arup

    1. I have not worked on MPI account but it should work. The basic idea is to route the requests from different domains to a single page and similarly get the response to a single page and send them to its originating domain by adding domain prefix (described in step 4).

    2. Any kind of filed (hidden or not) can be sent via curl.

    3. Check step 4.

    Thank you

  7. #7 by Andrew Loose on March 25, 2011 - 7:23 pm

    Hello Imran!

    I’m heading towards a situation such as you describe. What you have written makes a lot of sense – and for the script I thank you.

    I have a question: How does one add the D1, D2, etc to the oid values coming from (in my case) two different sources? Presumably I have to alter the payment gateway scripts (from different software suppliers) for my two modules in some way. Please help!

    Many thanks

  8. #8 by Imran on March 25, 2011 - 8:01 pm

    Hi Andrew,

    You are right. You need to modify the payment gateway scripts to add the order id prefixes (D1, D2) before the order information is encrypted. (step 3)

  9. #9 by Steve on March 28, 2011 - 7:04 pm


    The scripts are fantastic…

    However… (you knew that was coming *grin*)

    I am trying to implement the above and its failing… I am using a drupal module designed for epdq.

    The server sends a respose to the epdq_respose.php script which seems to be arriving, but then the browser is being redirected to the same epdq_response.php and generating an error.

    Should it have three scripts? 1 to send, 1 for the responce from the transaction and 1 for the responce the user’s browser should show.

    The return url is trying to access the passworded directory script as well which fails due to the directory being passworded.

    Or am i missing something….

    I will have a read at the developer doc’s.

    Any help would be appreciated.



  10. #10 by Steve on March 28, 2011 - 7:22 pm

    Forgot to mention… I have 2 sites using zen cart and one using drupal ubercart…

    Zen cart would need a lot of work to add a prefix of “D1-” to the order ID so I thought of using order id’s as such…

    site 1 = 1000001
    site 2 = 2000001
    Site 3 = 3000001

    There are limitations to this method i.e. when the order id gets to 1999999 but zen cart v3 which is in the pipelines is supposed to have a very flexible order id facilites.

    I was also thinking of changing the scrips to add the prefixed and then remove them when posting back to the originating website.

    Hope that makes sense too.



  11. #11 by Steve on March 28, 2011 - 10:39 pm

    Hmm, my initial idea is not going to work; well, not with drupal… the oid is encrypted before it hits the script… and I don’t fancy hacking the drupal module :(

  12. #12 by Imran on March 29, 2011 - 9:42 am

    Hi Steve,

    Sorry for replying late.

    Not sure why your browser is redirecting to epdq_response.php as there is no code in the script to redirect the browser. User cannot see or realize that EPDQ has sent the data in epdq_reponse.php, this is a backend work to create the order. Please make sure you have added it on POST URL field in epdq admin.

    Adding the order prefix in Zencart is not very hard. You need to edit the EPDQ payment module file “includes/modules/payment/epdq.php”. I am not good in drupal, sorry can’t help you.

    You already have found that, you cannot add the prefix on the request script as the order id is encrypted before it is sent to EPDQ.


  13. #13 by Andrew on April 15, 2011 - 12:57 am

    I had to leave my eCommerce venture for awhile – in fact I gave up on CubeCart and have moved to CsCart instead.

    They’re quoting a post url which refers to the SENDING php script but has a long string after it LIKE this:

    Can you comment on how this post url will fit with your scheme of things…. I’m baffled as this epdq.php file is the one doing the sending to ePDQ which I would have thought would be the allowed url.

    However, in the CsCart package the allowed url is quoted as the main index.php file which seems to call two other php files which initialise the whole package on entry to the store website.

  14. #14 by Andrew on April 19, 2011 - 5:05 pm

    Please ignore my comment #13 above – I must have had a “senior moment” as we say!

    I am currently stuck with getting a “Not a valid URL” message when trying to access ePDQ from epdq_request.php. I’ve set the new URL etc at ePDQ but no joy as yet.

    It cannot be long before I’ve cracked it though. Yur basic method is very helpful.


  15. #15 by Imran on April 20, 2011 - 1:30 pm

    Hi Andrew,

    Where did you see the “Not a valid URL” message? On your apache log or somewhere?
    Is it coming from EPDQ? Make sure your changes in EPDQ are affective. EPDQ takes some time to update their database.


  16. #16 by Andrew on April 22, 2011 - 9:55 pm


    Yes! I found that out the hard way. When ePDQ says update has been successful they don’t actually mean it! The update process, I’ve discovered, is as you say…. it takes time.

    Redirecting to ePDQ is working OK now. I’m now looking at the epdq_response.php file.

    Putting in the POST URLs in the array is OK. Somewhere, though, I need to take out the prefix D1, D2 ect from the oid which it receives back otherwise the shopping cart program won’t recognise the oid in its database.

    As a newbie to php I’m on a steep learning curve. I normally use modules (Joomla) and shopping carts I pay for! Here the tweeking is in PHP and that’s what I’m now teaching myself. (All good fun and good for my retired brain, no doubt.)

    Nearly there…..

  17. #17 by Andrew on April 22, 2011 - 10:21 pm


    In your epdq_response.php script, am I to assume that the line:

    if(preg_match(‘/^’ . $key . ‘\-/i’, $_POST[‘oid’])){

    means that you expect the D1, D2 prefixes to be followed by a dash?

    e.g. oid is D1-13906 or D2-P3568

    If not, then the \- is baffling me! (and that’s easy to do at the moment.)


  18. #18 by SAMIR KUNDU on April 26, 2011 - 5:43 am

    Hello Imran
    RE: Barclaycard ePDQ (MPI)
    Reading your blog, is breath of fresh air to me. Since, I don’t have any experience and I am not a software expert so, please help. It’s fora commercial reason I am writing to you.
    I need to integrate single Barclaycard ePDQ (MPI) for three websites.
    Obviously, I would pay for solving my Ecommerce problem. Either yourself or someone who would be prepare to undertake my project. If I may have your telephone number, so I can discuss over the phone.
    Look¬ forward to hearing from you soon.
    Thank you.
    Tel: +44 (0) 191 514 2483

  19. #19 by Rob on October 9, 2011 - 4:47 pm

    Hello Imran,

    I have a question about the multi site epdq (very glad I found it BTW!). Am I right that the prefix code is added to the existing site scripts before it gets to request.php and then stripped out again after response.php? I think that’s right but not quite sure…


  20. #20 by Imran on October 11, 2011 - 1:24 pm

    Hi Rob,

    Yes your are correct. The prefix is just to differentiate the requests from different domains. Thanks for your comment, and sorry for the late reply.

  21. #21 by Dev on October 16, 2011 - 6:22 pm

    Hi Imran

    This is very useful thank you,

    ICan you clarify to me what the epdq_handler.php does, my understanding is the epdq_response.php posts all the payment data to it, then I use epdq_handler.php to updates my database based on the transactionstatus.

    Also will the returnURL page show after the epdq_handler.php is done?

    Thank you

  22. #22 by Imran on October 16, 2011 - 9:33 pm

    Hi Dev,

    You are correct about epdq_handler.php, these are the files, that update the order databases of corresponding domains.

    The ReturnURL is not related to epdq_handler.php. The “return url” is sent (as a hidden field) along with the order information while user checks out. For multiple domains, you should set domain specific “return url” and user will be returned back to that page after they have made the payment. It is generally the checkout success page that site owner wants to show the user after they have made the order.

  23. #23 by David on January 28, 2012 - 5:04 pm

    I have this almost working 😉

    I am integrating in with WHMCS and OsCommerce

    The OsCommerce payments are going from our shop via your script (on another domain) to epdq ok, the payment is being taken successfully but the path back does not work

    the customer gets an error message of “Invalid Access !!!”

    Looked and this in code for epdq_response.php

    the url has an order id from our shop tagged on i.e. epdq_response.php?oid=38575

    What could we have wrong that would cause this error ?

  24. #24 by David on January 28, 2012 - 5:13 pm

    On our oscommerce store we have an epdq.php file which handles encoding / returnurls etc

    I originally had as the returnurl specified in there, which gave us the invalid access error

    I have also tried entering the original url in there which is the default payment success url for our oscommerce store of but this takes us back to shopping basket page on our store with the product still in the basket and the url having:-

    where 38577 is the order number

    help 😉 ??

  25. #25 by David on January 28, 2012 - 5:17 pm

    finally in our epdq_response.php we have the prefixes mapped as follows:-
    $domainMap = array(‘D1’ => ‘’,
    ‘D2’ => ‘’);

    the paymentredirect.php file is the epdq handler for whmcs and the epdq_success.php is our oscommerce handler script

    Hopefully there is something trivial here we have wrong 😉

  26. #26 by Imran on January 30, 2012 - 8:05 am

    Hi David,

    Sorry for replying late.
    “Invalid access” should be displayed only when user try to access it directly or technically, if no data has been sent via “POST” method (the way EPDQ sends data)

    Could you please try replacing

    if (strtoupper($_SERVER[“REQUEST_METHOD”]) == “POST”){


    if (isset($_POST)){

    Let me know if this helped.

  27. #27 by David on January 30, 2012 - 3:54 pm

    ok so can you clarify what urls I should have set for the prefixes in epdq_response.php ?

    should D1 and D2 be the standard epdq handler urls set before then ?

  28. #28 by David on January 31, 2012 - 2:26 am

    oh and should the epdq returnurl hidden field specified by our oscommerce site be set to its own internal handler or to the epdq_response.php ?

  29. #29 by David on February 9, 2012 - 6:41 pm

    figured out one issue, our data from the store did not have the domain prefix embedded before being submitted to epdq i.e. we were just sending xxxxx instead of D1-xxxxx

    however still have the issue where the POST is empty ?

    any ideas ?

  30. #30 by ShaGGy on April 18, 2012 - 6:57 pm

    Hi Imran,

    Great script, idea,

    I have managed to modify my ePDQ generation script to add a Prefix($key) to the order id (TZ-xxxx) before generating and sending.
    I now have a problem of how to strip the prefix ($key) TZ- on its return from ePDQ within the epdq_response.php before passing it on to my handler.php script.

    Can you help with stripping out the ($key).


  31. #31 by Imran on April 19, 2012 - 10:05 am

    Hi Shaggy,

    You may add code like following in your epdq_handler script of corresponding domain:

    $_POST[‘oid’] = preg_replace(‘/^TZ\-(.*)/’, ‘\\1’, $_POST[‘oid’]);

    where TZ is your domain prefix.

  32. #32 by saif on November 17, 2012 - 4:39 pm

    plz can any one help in barclays integration ite shows not valid url errorrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

  33. #33 by Anne on November 20, 2012 - 2:51 pm

    Hi Imran,

    I thank you for your blog. It’s very interesting.
    I have only one website and I want to use your scripts but I don’t have handler.php. Can you explain me what there is in this script?

    Thank you.

  34. #34 by Sam on March 25, 2014 - 3:49 pm

    Just to let you guys know, the new version of EPDQ essential supports multiple domains via the semi colon (;). Quote from the domain page:
    You may enter several URLs, separated by “;”.

  35. #35 by Monica on August 24, 2014 - 5:55 pm

    – Ensuring sufferers do their regular physical exercise and supporting wherein needed.
    I have attended training sessions in (insert name of some training you have done in recent years), and am very interested in continuing to
    develop my skills in this area. Phlebotomists can work at hospitals, plasma centers, blood labs and doctor’s offices.

  36. #36 by Gastrophryne olivacea on September 5, 2014 - 4:29 pm

    But they usually beat around the bushes and expect you to do what Arnold does, a million sets and 5 hours of steady pumping iron. Think about the demographic of the user, the size of the space and of course the budget.
    table tennis fitness components, table tennis fitness components.

  37. #37 by best Resort in asia pacific regional office on February 3, 2015 - 9:44 pm

    I absolutely love your blog and find nearly all of your post’s to
    be exactly what I’m looking for. Would you offer guest writers to write content
    in your case? I wouldn’t mind publishing a post or elaborating on many
    of the subjects you write related to here.
    Again, awesome site!

  38. #38 by Original Super Mario on February 19, 2015 - 8:21 pm

    Hi there, the whole thing is going perfectly here and ofcourse every one is sharing
    data, that’s in fact fine, keep up writing.

Comments are closed.