To activate 2CheckOut, navigate to Setup > Payments > Payment Gateways and choose 2CheckOut from the All Payment Gateways tab.
You will then be asked to provide the require configuration parameters for 2CheckOut.
To setup the callback process for 2CheckOut to automatically mark invoices paid, you will need to login to your 2CheckOut account and click the Notifications tab:
- First click Enable All Notifications
- In the Global URL field, enter the url http://www.yourdomain.com/whmcs/modules/gateways/callback/tco.php . Replacing http://www.yourdomain.com/whmcs/ with the actual URL of your WHMCS installation.
- Click Apply
In order to return clients back to your WHMCS installation after a successful payment you must configure Direct Return within the 2CheckOut control panel:
- Navigate to Account tab > Site Management
- Under the Direct Return heading, select the Header Return option
- In the Approved URL field set the URL to
- Be sure to replace **http://www.yourdomain.com/whmcs/** with the actual URL of your WHMCS installation.
Two checkout styles are made available as part of 2CheckOut configuration:
- Inline Checkout - Inline Checkout is an iframe payment option which displays a secure payment form as an overlay when your client is making payment. This allows for payment to be taken from a client without them leaving your site. WHMCS recommends this checkout style when using 2CheckOut.
- Standard Checkout - Standard Checkout will redirect a client to the 2CheckOut site to make payment before they are redirected back to your site.
For Security, a secret word is set inside your 2CheckOut account @ Account > Site Management. This must be entered in the Secret Word section of the 2CheckOut configuration in order for notifications and client redirects to be successful.
If you wish to be able to use the recurring billing and/or automatic refunds functionality within WHMCS, then you must setup a 2CheckOut API user and enter the details in these fields.
To setup an API user, you will need to login to your 2CheckOut account and go to Account > User Management
- Click Create Username
- Enter an email address, username & password, security question & answer.
- Select the permissions for the user. You just need to select API Access & API Updating for the permissions.
- Enter the same username & password that you just created into the appropriate API username and API password fields inside WHMCS.
When ticked clients will only be able to make one-time payments (subscriptions disabled). For recurring services they will be required to login and pay each invoice.
When enabled clients will only be able to make recurring payments when applicable (one-time payments disabled). This means future payments will be sent automatically without the need for manual intervention.
When unticked the standard spurchase routine will be used. Tick this option to use the more modern purchase checkout process which includes the option for clients to pay via PayPal.
Skip 2CO Fraud Check
Ticking this option will prevent 2Checkout from performing their fraud checks on payments. It can result in faster processing of payments, but may potentially increase your exposure to fraudulent orders and charge-backs.
Should a payment that has been recorded in WHMCS later be determined to be fraudulent, manual action would be required to reverse the payment recorded in WHMCS and suspend any services as appropriate.
In order to use demo mode, the "Demo Setting" in your 2CheckOut account should be set to "Parameter" under Account > Site Management. Demo mode can then be enabled by ticking the checkbox in WHMCS under Setup > Payments > Payment Gateways.
Please note that when using demo mode, all callbacks from 2CheckOut will fail with the error MD5 Hash Failure if a secret word is specified. This is done intentionally by 2Checkout to protect those who sell digital goods from fraudulent purchases through their demo mode.
In Demo Mode, valid credit card data must be submitted in order to properly perform the request. Credit cards will not be charged during this process.
MD5 Hash Failure
An MD5 Hash Failure error under Billing > Gateway Log indicates that the Secret Word in Setup > Payments > Payment Gateways does not match the Secret Word in the 2CheckOut control panel. Double check your entry is exactly right, and check for any invisible trailing spaces if so.
This error in the Gateway Log indicates that either the secret word, API username, or API password are incorrect. These may be reconfigured at Setup > Payments > Payment Gateways. For further information on this configuration see above.