NAB Transact XML API Implemented In ASP.NET

NAB Transact XML API Implemented In ASP.NET

This is a blog post for those wanting to implement the eCommerce product supplied by National Australia Bank (NAB), namely NAB Transact, using their XML API method via ASP.NET. This method is by the far the most ownerous in that this method means you as the owner of the website are now storing credit card data, even if it is only temporary, and must now comply with the Payment Card Industry Data Security Standard (PCI DSS) (Link at the bottom of the post). These standards are by no means easy to comply with as they encumber you with infrastructure and security requirements depending on your category as defined under the standard and involves a very lengthy questionaire which is more than 70 pages in length from memory...[insert inward groan here]. On top of setting up the required system and network infrastructure you also need to develop the website interface, error handling, validation, data parsing and XML document structures to handle requests and responses...enter ActsIntuitively stage left. We have developed a DLL file with the associated documentation to make this aspect of the development very easy which is as simple as including it in the ASP .NET websites you own that will process your transactions and then assigning data to the associated tags.

Our XML API DLL has been configured to allow echo (is the NAB server alive checks), payment, refund and preauthorisation transactions which are the most common required. In case you are not aware, you will need the hosting / configured website to be served on a valid domain which is accessible from the internet (intranet only is not permissible) secured using an SSL certificate (no restrictions however a minimum of 2048 bit is suggested but this should suit your circumstances). Once these prerequisites have been fulfilled our XML API can be intergrated into your eCommerce website or gateway website. Take special note that your NAB consultant will expect to verify that your website complies with their "checklist" and they expect to see a normal eCommerce something unusual at your own risk as you will likely not be liasing with an IT professional. Please be aware that most payment systems these days including NAB Transact also require you to include terms and conditions on your website such as privacy, refund, delivery and transactional terms which are required for compliance and can cause substantial delays for approval of these systems if they do not have been warned.

NAB makes available an integration manual for XML APIs which describes generically how to interface with their system. This manual can be accessed along with the associated documentation once you have started the process to create a NAB Transact account and are provided access to their demo web platform or a copy of the guide is available at the bottom of the post however this may not be the most current. While NAB does provide some sample code and manuals to support this method it is by no means an ideal solution. Given the range of functionality, scalaibility and maintenance concerns it was our preference to maintain our approach to interface with NAB Transact via ASP server side .NET code (VB / C#) using Visual Studio 2012 or better. Our approach to the XML API was to take the guess work out and simplify the implementation such that the majority of error checking, validation and processing was contained within the DLL with a standard data structure for all transaction requests and resposes.

Our XML API is designed to take data from any source and expects that the data will be extracted and parsed into it from the code side of a ASP .NET webpage which allows transaction calls to occur in parallel from multiple clients. A common scenario would be to have data stored in a database, the ASP .NET webpage is called using a unique key as a query parameter in the URL (i.e. https://domain?id=value) which is used to allow the website to independantly call and extract the required data to process a transaction. The only error checking required external to the API is to determine if a valid data was found from your source or, in our example, a database record (i.e. does a record exist, is the database server running or multiple records found?) to allow bypassing of a transaction request so that time isn't wasted waiting for an invalid transaction to be processed. All other error checking and validation on your transaction will be performed internal to the DLL and any processing errors returned in the response. The response data is then posted back to the database for access from other website functions or applications.

NAB Transact XML API DLL Flowchart - ActsIntuitively (Bunbury, WA)

We have developed our NAB Transact solution in a way that allows a customer to implement a reliable and consistent approach whether they use our services to develop a solution or choose to purchase a license to do it themselves. If you would like to purchase the XML API DLL with documentation to implement yourself then you can do so through our Digital Shop after the 16th November 2018. If you are interested in finding out more about what we can do for you then please feel free to visit our main website or contact us. Thank you for your time, for reading our blog post and it would be great if you feel the need to share or like our articles via one of our social media platforms with the @ActsIntuitively tag as applies.

Brent Webster
Technical Services Manager

Bunbury, WA

ActsIntuitively Website | Psychological Services Website | Shop | Digital Shop | Blog Home

Outbound links:

  1. Payment Card Industry Data Security Standards Council Website

  2. NAB Transact - XML API for Payments Integration Guide (29/12/2017)