Quantum Gateway

From WHMCS Documentation


Quantum Gateway is a merchant gateway solution that supports 3D Secure for Visa & MasterCard Transactions in WHMCS.

If you don't yet have an account, visit www.whmcs.com/partners/quantum-gateway/ for more information.


  • You must use your Quantum gateway login id as your username
  • If you don't have your RestrictKey, you can easily generate it by login into your Quantum Gateway merchant center and going to the Processing settings area. Scroll down until you see the "RestrictKey" area. Click the generate button, check the "Use restriction key" box, and finally click the UPDATE button. That is your new restriction key (Transaction Key).

Supported Features

Type One Time Recurring Refunds 3D Secure
Credit Card Yes Yes Yes Yes

MD5 Hash Verification

The MD5 Hash in the Quantum Gateway module is used to prevent forged callback requests. To set this up in your Quantum Gateway Account:

  • Navigate to Configuration > Processing Settings
  • Scroll down to the MD5-Hash heading
  • Enter a secret key value of your own choosing in the Hash Value field.
  • Set the Include Response In Hash value to "No"
  • Then enter the same value into your WHMCS installation Quantum Gateway config in Setup > Payments > Payment Gateways.

Quantum Vault Service

Supported Features

Type One Time Recurring Refunds 3D Secure
Token Yes Yes Yes No
Remote Update Card Remote Delete Card
Yes Yes

The Vault Solution from Quantum Gateway enables you to accept credit cards through your site while completely avoiding the hassles of PCI compliance and here at WHMCS we were one of the first to offer this new service to Quantum users.

For more information visit the Quantum Vault page

How does it work?

  1. The customer leaves your site to perform 3D Secure authentication (exactly the same as they already do now) but the difference is they enter their card details once they've left your site aswell so that the card details never pass through your site
  2. The customer can still edit their card held on file at any time from the client area
  3. WHMCS can still request the card is rebilled whenever needed meaning fully automated recurring billing can continue as before and manual captures at any time are also still possible - it's just like you have the card details stored locally

Why does it avoid PCI compliance?

  1. No cardholder data ever touches or passes through your Network, Server or WHMCS System
  2. No cardholder data is ever retained or stored on your Network, Server or WHMCS system


You will find the module in the Setup > Payment Gateways area listed as Quantum Vault which you can activate and configure in the same way as the regular module.

For existing Quantum Gateway users, there is also a vault migration script available to transfer all your existing clients card details over to the vault automatically and remove them from your local database. It can be downloaded from https://www.whmcs.com/download/117/quantum-vault-migration-utility

Inside your Quantum Gateway account, you will need to configure and API Username, Key and Vault Key to use the Vault API, and in the Inline Frame API settings where it asks for various urls, you should leave all of those fields blank.

Contrary to what you might think, you should leave the "Disable Credit Card Storage" setting unticked in Setup > General Settings > Security as that will disable entry by a client.

Server Modules
cPanel/WHM - DirectAdmin - Plesk - Helm 3 - Helm 4 - Ensim - InterWorx - WebsitePanel - Cloudmin - VePortal
Lxadmin - Virtualmin Pro - XPanel - HyperVM - FluidVM - SolusVM - Cloudmin - WHMSonic - VPS.Net
CentovaCast - SCPanel - MediaCP - GameCP - TCAdmin - Reseller Central - Auto Release - Heart Internet

Registrar Modules
Enom - ResellerClub - Nominet - OpenSRS - ResellOne - OnlineNIC - PlanetDomain - Affordable Domains
TPP Wholesale - TPPInternet - Stargate - Namecheap - NetEarthOne - Bizcn - InternetBS - GMO Internet
12Register - Registercom - DotDNS - WebNIC - Dot.TK - HexoNet - Realtime Register - Registereu
RRPProxy - ResellerCamp - TransIP - Heart Internet - IPMirror - NetRegistry - OVH - VentraIP Wholesale
Email - 101Domain

Fraud Modules
MaxMind - VariLogiX FraudCall - Telesign

Gateway Modules
2CheckOut - AsiaPay - Auth.net Echeck - Authorize.net - Authorize.net CIM - Bank Transfer
BluePay - BluePay Echeck - BluePay Remote - Boleto - CamTech - CashU - CC Avenue - ChronoPay
Cyberbit - Direct Debit - EMatters - E-Path - eProcessingNetwork
eWAY Tokens - F2B - FastHosts - Finansbank - GarantiBank - Gate2Shop - LinkPoint
IMSP - Inpay - IP.Pay - Kuveytturk - Modulo Moip - Mail In Payment
Merchant Partners - Merchant Warrior - IDEALMollie - Moneris - Moneris Vault
Skrill 1-Tap - SlimPay - NaviGate - NETbilling - Netregistry Pay - NoChex - NTPNow
Offline Credit Card - Optimal Payments - PagSeguro - Payflow Pro - Pay Junction
Paymate AU and NZ - Payment Express - Paymex - PayPal - PayPal Express Checkout - PayPal Payments Pro
PayPoint.net (SecPay) - Payson - Payza - Planet Authorize - SagePay - ProtX VSP Form - PSIGate
Quantum Gateway - Quantum Vault - SagePay - SagePay Tokens - SecPay - SecurePay - SecurePay AU
Secure Trading - TrustCommerce - USA ePay - WorldPay - WorldPay Invisible