I tried MIGS mastercard intergration in python django. I went through lot of problems. Here is my experience with integrating MIGS with My web application. I was using VPC Integration reference 3.1.21.1

1. While implementing Mode1 VPC: I got 400 Bad request. Which is due to Secure hash code for my case. This error occurs if user is sending wrong fields names or non sorted order.

2. Once I resolved Mode1 error, I used external payment selection(EPS), Where I send VPC_card and VPC_gateway additional field with Mode1 VPC parameters. I got 400 Bad request. So after long discussion with MIGS support team. We resolve it by changing vpc_card to vpc_Card and vpc_Gateway. Which was document error.

3. Once I able to bypass card type page. I tried to complete Mode 2 VPC implementation.So, In this case I added vpc_CardNum,vpc_vpc_CardExp,vpc_CardSecurityCode additional fields with above point request. I send GET request. It didnot work. For card details or Mode2 we have to use POST request.

4. For mode2 VPC, we should use POST request with HTTPS not HTTP. Self-signed certificate will be fine. So, I send HTTPS POST request with additional parameter, But It still didnot work, I got 403 forbidden error. Because, Content-type is application/json for my ajax call. So after using default POST content-type. It worked fine.

Sample code for python developer: Here in migs.config.app I am adding system variable which nothing to do with Migs. So User can ignore it.

import hashlib
import urllib, urllib2
from migs.config.app_config import *


'''
This method is for sorting the fields and creating an MD5 secure hash.
@param fields is a map of all the incoming hey-value pairs from the VPC
@param buf is the hash being returned for comparison to the incoming hash
'''


class MigsClient(object):

def __init__(self, secure_token, vpc_url, server_name):
    self.secure_secret  = secure_token
    self.vpcURL = vpc_url
    self.server_name = server_name    

def hash_all_fields(self,fields):
    buf = ""
    # create a list and sort it
    fieldNames = fields.keys();
    fieldNames.sort()
    # create a buffer for the md5 input and add the secure secret first
    buf = buf + self.secure_secret
    for key in fieldNames:
        print key,fields[key]
        buf = buf + fields[key] 
    # iterate through the list and add the remaining field values
    # create the md5 hash and UTF-8 encode it
    try:
        m = hashlib.md5()
        m.update(buf)
        ba = m.hexdigest()
        ba = ba.upper()
        return ba

    except Exception,e:
        import traceback 
        traceback.print_exc()


def setup(self, fields,additional_fields=None):
    #The Page does a redirect to the Virtual Payment Client
    #retrieve all the parameters into a hash map
    # no need to send the vpc url, EnableAVSdata and submit button to the vpc

    '''
    Retrieve the order page URL from the incoming order page and add it to 
    the hash map. This is only here to give the user the easy ability to go 
    back to the Order page. This would not be required in a production system
    NB. Other merchant application fields can be added in the same manner
    '''

    '''
    Create MD5 secure hash and insert it into the hash map if it was created
    created. Remember if self.secure_secret = "" it will not be created
    '''
    if self.secure_secret:
        secureHash = self.hash_all_fields(fields);
        fields["vpc_SecureHash"] = secureHash;

    # Create a redirection URL
    buf = self.vpcURL+'?';
    if not additional_fields:
        buf  = buf + urllib.urlencode(fields)
    else:
        buf  = buf + urllib.urlencode(fields)+"&"+urllib.urlencode(additional_fields) 
    return buf
    #return fields["vpc_ReturnURL"], buf


def post_setup(self,fields, additional_fields=None):

    try:
        if self.secure_secret:
            secureHash = self.hash_all_fields(fields);
            fields["vpc_SecureHash"] = secureHash;

        return self.vpcURL,fields
    except:
        import traceback
        traceback.print_exc()

Above is sample code which user can use to sort and create Get request and POST request and post dictionary.

You could use the Omnipay PHP Library which has support for the MIGS gateway.

An example of the off-site payment processing (3-Party) looks like this:

use Omnipay\Omnipay;

$gateway = Omnipay::create('Migs_ThreeParty');
$gateway->setMerchantId('foo');
$gateway->setMerchantAccessCode('foo');
$gateway->setSecureHash('foo');

$response = $gateway->purchase(array('amount' => '10.00', 'currency' => 'AUD'))->send();

if ($response->isRedirect()) {
    // redirect to offsite payment gateway
    $response->redirect();
} else {
    // payment failed: display message to customer
    echo $response->getMessage();
}

//This value submited to the MIGS PAYMENT GATEWAY

        $SECURE_SECRET =  $signature; //value from migs payment gateway
        $accessCode    =  $accesscode;//value from migs payment gateway
        $merchantId    =  $merchantid;//value from migs payment gateway
        $paymentdata = array(
                 "vpc_AccessCode" => $accessCode,
                 "vpc_Amount" => ($amount*100),//our product price , must multipy by 100
                 "vpc_Command" => 'pay',
                 "vpc_Locale" => 'en',// order id
                 "vpc_MerchTxnRef" => random_unique_value(like session),
                 "vpc_Merchant" => $merchantId,
                 "vpc_OrderInfo" => "Some Comment",
                 "vpc_ReturnURL" => "htps://yoursite.com/returnpoint",//here code for db updation, return variable here
                 "vpc_Version" => '1'
                           );

        $actionurl = 'https://migs.mastercard.com.au/vpcpay' . "?";
        $HashData = $SECURE_SECRET;
        $str = 0;
        foreach ($paymentdata as $key => $value) {
            // create the md5 input and URL
            if (strlen($value) > 0) {
                // this ensures the first paramter of the URL is preceded by the '?' char
                if ($appendAmp == 0) {
                    $actionurl .= urlencode($key) . '=' . urlencode($value);
                    $str = 1;
                } else {
                    $actionurl .= '&' . urlencode($key) . "=" . urlencode($value);
                }
                $HashData .= $value;
            }
        }

        if (strlen($SECURE_SECRET) > 0){$actionurl .= "&vpc_SecureHash=" . strtoupper(md5($HashData));}
        header("Location: " . $actionurl);
    }

/////////////////////RETURN VALUE/////////////////////////////////

the return url will be like

https://yoursite.com/returnpoint?vpc_TransactionNo="migs_transaction_number"&vpc_MerchTxnRef="random_unique_value(we post to migs)"&vpc_TxnResponseCode=value&vpc_Message="value"
 if vpc_TxnResponseCode = 0 -- success ,vpc_Message = approved -- paymet is success , All other unsuccessfull payment

implementing migs payment gateway in which we need to post some details to the https://migs.mastercard.com.au/vpcpay? this url with the below datas

    /*"vpc_AccessCode" the accesscode given by Migs
"vpc_Amount" Amount that is multiplied by 100
"vpc_Command" ='pay',default pay
"vpc_Locale" = 'en' // language
"vpc_MerchTxnRef"  orderId // Should be Unique for each payment
"vpc_Merchant"  // merchant ID
"vpc_OrderInfo"  // Desc or and details of Product
"vpc_ReturnURL" // SuccessUrl
"vpc_Version" = '1'
&vpc_SecureHash = // create MD5 of all the values that are passed  */

Creating Url

    $SECURE_SECRET = "YEOCOEN29B0785F1FF1E3C0FA8A3FUJK";  
        $accessCode = '546484645';
        $merchantId = '5465465288';
        if($migs_testmode ==1) {
            $SECURE_SECRET = "YEOCOEN29B0785F1FF1E3C0FA8A3FUJK";
            $accessCode = '98989645';
            $merchantId = '56456456489';
        }
     $amount ='10.00';
    $unique_id = rand(999999,8988888888);//this is a sample random no
        $postdata = array(
                "vpc_AccessCode" => $accessCode,
                "vpc_Amount" => ($amount*100),
                "vpc_Command" => 'pay',
                "vpc_Locale" => 'en',
                "vpc_MerchTxnRef" => $unique_id,
                "vpc_Merchant" => $merchantId,
                "vpc_OrderInfo" => 'this is a product',
                "vpc_ReturnURL" => "https://mywebsite.com/success.php",
                "vpc_Version" => '1');


        $vpcURL = 'https://migs.mastercard.com.au/vpcpay?';
        $md5Hash = $SECURE_SECRET;
        $appendAmp = 0;


        foreach ($wpay_postdata as $key => $value) {

            if (strlen($value) > 0) {

                if ($appendAmp == 0) {
                    $vpcURL .= urlencode($key) . '=' . urlencode($value);
                    $appendAmp = 1;
                } else {
                    $vpcURL .= '&' . urlencode($key) . "=" . urlencode($value);
                }
                $md5Hash .= $value;
            }
        }

        if (strlen($SECURE_SECRET) > 0) {
            $vpcURL .= "&vpc_SecureHash=" . strtoupper(md5($md5Hash));
        }
        header("Location: " . $vpcURL)

for detailed result is available here