I'm working on an online store that uses SagePay and I'm currently trying to upgrade the version from 2.23 to 3.00.
I have read through this guide but I'm still none the wiser on a couple of things (and haven't had a response from SagePay in over 48hrs): http://www.sagepay.co.uk/file/10286/download-document/Technical_Guide_to_Update_Sage_Pay_Form_Protocol(2%2023).pdf
The guide suggests that these four fields are mandatory to update:
Transaction Registration:
• VPSProtocol
Sage Pay Response:
• BankAuthCode
• DeclineCode
• ExpiryDate
My problem is that I only use the first field (VPSProtocol) in my whole SagePay integration - does this mean I only need to update this field from 2.23 to 3.00, or do I now need to integrate the other three as well?
If you are successfully integrated at 2.23 using Server or Direct, the only mandatory change is the VPSProtocol value (to 3.00). If you are using Form, you will need to check that your crypt field is AES encrypted (instead of XOR encoded).
The other fields (BankAuthCode, DeclineCode and ExpiryDate) are returned by Sage Pay in the transaction registration response. The main thing is to make sure that your integration can ignore any extra fields without falling over, if you don't want to use that information (you can always get it from My Sage Pay or the Reporting API if you need to).
Update: I should add that when using Server, make sure you are capturing the fields required to generate the signature hash, and compare to that from Sage Pay.