Welcome to the setup guide.

To get this plugin setup will only take around 30 mins. This guide will be broken down into steps. You must first do a test transaction using the test ePDQ account. The ePDQ team will supply you with two logins, one for test and the other for live. You can get to both the test and live logins from here.

It is always best practice when setting up a payment gateway to do this in test mode first and run several orders before switching to live mode.


Before and after you start following our setup guide, please do make sure that you have done everything in this list:

 You are using a test ePDQ account, and you will apply everything below on your test ePDQ account.
 I have followed step#1  –  where I activated my plugin and license key.

 I have followed step#2  –  where I have logged in to my test ePDQ back-office account.
 I have followed step#3  –  where I decided to either pick Sale or Authorisation on my Global transaction parameters.

 I have followed step#4  –  where I decided to either pick SHA-256 or SHA-512 as my SHA encryption method, which matches what I chose in my plugin settings.
 I have followed step#5  –  where I set my payment page URL properly and placed my SHA-IN passphrase key, which matches what I placed on my plugin settings.

 I have followed step#6  –  where I made sure to tick the required checkbox, placed my SHA-OUT passphrase key, matches what I placed on my plugins settings, and chose the Dynamic e-Commerce parameter options correctly.
 I have followed step#7  – where I made sure that 3D secure is active on the cards that I wish to use on my website.

 I have followed step#8 –  where I made sure that I processed a sample transaction and it was processed successfully.

Step 1 – Plugin settings.

Install the plugin & activate the license key; once this is done, you want to navigate the plugin settings page. This can be found in the WooCommerce settings:

WooCommerce > Settings > Payments > AG EPDQ Checkout

The key items here for the setup are PSPID, SHA-IN, SHA-OUT & SHA encryption method.

These settings will need to be matched with what you enter in the ePDQ back office.

Step 2 – Login to the test ePDQ back office.

The next set of items are done in the ePDQ back office; you can log in to the test account here. Once logged in, you need to navigate to the technical settings area. It is important to note that whatever changes to make in the test account, you must match in the live account.

From this area, we have access to all the sections we need to change/edit.


As mentioned in the welcome section above, it’s important to make sure you use the plugin in test mode and use the ePDQ test account; linking the plugin in test mode to the live ePDQ account will not work.

How to know if you are using the ePDQ test account? When you have logged in, look at the Barclaycard logo. To the right of it, you will see TEST in red like this:

If you don’t have access to the test account, you/your client will need to email the ePDQ team here: and ask for logins again. It’s also important to note that if the ePDQ account is new, you won’t be able to switch to live mode until you have done several test orders and applied to go live (You will see the option on the main ePDQ Home screen).

Step 3 – Global transaction parameters.

In this section, you need to decide which operation mode you want to run the payment gateway.

Based on these two steps, you can choose between two default operation codes:

  1. Authorization: our system will only ask for authorization to have the authorization and data capture (payment request) steps performed separately at different times (the money remains in the customer’s account until a data capture (payment request) has been performed).
  2. Sale: our system automatically requests the payment (transfer of the amount) immediately after a successful authorization. This procedure is often used for goods/services delivered online.
If you are unsure what to enable, ask your client what they have been using, most users enable the sale method, but it is down to how the business operates.

Step 4 – Global security parameters.

In this section, we pick and match the SHA encryption method we set in the plugin settings.

We recommend using SHA-256 or SHA-512.

Step 5 – Data and origin verification.

We have two items to set/change in this section. The first item sets the payment page URL; this is the last URL on the website before the customer is sent to the ePDQ servers to make the payment; it normally looks like the following.


Change the domain to match your website address; without this set correctly, the payment gateway will not work; it is possible to have multiple domains/websites in this field. Add a ; between the URL’s as shown.

The next item here is the SHA-IN; this must match what you have in the plugin settings; we recommend that you use letters and numbers only in this setting and that it has a maximum of 16 characters. You should follow the NCSC guidance on choosing and storing passwords. from the National Cyber Security Centre (NCSC). You cannot use ^, {, }, [, ], “, ‘, |, <, or >.

You only need to edit the top two fields ‘URL of the merchant page containing the payment form that will call the page…’ and the ‘SHA-IN pass phrase’.

You’ll only be adding an SHA-IN passphrase on the Checks for Barclaycard Direct link section for processing refunds only as we are using the Direct link API to process refunds.<br>See –

Step 6 – Transaction feedback.

Again, in this section, we have only two items. The first one is to make sure that the tick box labeled “I would like to receive transaction feedback parameters on the redirection URLs.” is ticked.

Without this ticked, the ePDQ system won’t send data back to the website. This means you will get orders with pending payment and then fail. This is an important setting.

As a note, there should be nothing in the four fields above this tick box; the plugin will do all the hard work of setting these URLs on its own.

Next is to make sure to untick the box labeled “I would like Barclaycard to display a short text to the customer on the secure payment page if a redirection to my website is detected immediately after the payment process.”

The next item here is the SHA-OUT; you will need to scroll down a little to see the option.

Again, this must match what you have set in the plugin settings; we recommend that you use letters, numbers and it should also have a maximum of 16 characters. You should follow the NCSC guidance on choosing and storing passwords. from the National Cyber Security Centre (NCSC). You cannot use ^, {, }, [, ], “, ‘, |, <, or >.

The final item here is parameters, which will be sent back to the website.

You  only want the following in the selected section:








Step 7 – 3D Secure.

This is very important if you sell products to EU customers. From 14 September 2019, all EU (Brexit does not affect this) credit card transactions could be rejected if your store does not have 3D secure setup.

With the enforcement of Strong Customer Authentication (SCA) & Payment Services Directive (PSD) is important to get the ePDQ back-office set up and ready. Thankfully this is quite simple. Navigate to

Advanced > Fraud detection

And you will see something like the following:

The key here is to ensure that 3D secure is active on the card brands you wish to use on the website.

Step 8 – Test, Test & test.

Well done, you have now finished the setup of the plugin! Now the important thing to do is test the payment gateway a few times before going live.

If your plugin is in test mode, you may see this ACS Challenge simulator.

Don’t be alarmed as this is the expected behavior and you’ll only need to press the Continue Transaction button. Your customers won’t see this if you switch to live mode. To learn more about the ACS Challenge Simulator, kindly refer to this article.

If you have any errors/issues, you first want to check the ePDQ error log section.

In the description field, you will most likely find an error code, something like unknown order/1/r. If you do, you can have a look here at the troubleshooting error codes. There you will find out what the issue is and what is needed to fix it.

If you are still having issues, then enable the plugins to debug log in the settings.

Run some test transactions, and if the plugin finds something wrong with the plugin setup, it will log this and tell you how to fix this. You can find the log by going here:

WooCommerce > Status > Logs

Here we can see the log saying that the transaction is confirmed, no issues were found.

The plugins debug log is coded to log most errors and give you a tip on fixing the issue. It’s important to check these logs if you are having issues.

If you still face issues, then send a support ticket, and we will have a look for you.

Please be ready to send screenshots of the plugin & ePDQ settings and the debug log.

Was this helpful?

Barclays ePDQ

Don't already have the plugin? Get access now.

Still need help?

Our team are on hand to provide fast, helpful and professional support.

Support request