Barclays ePDQ
$39.00

Barclays Has Been Trusted With Money Since 1736.
Your Checkout Shouldn't Look Like It Was Built Last Tuesday.

Full ePDQ integration for J2Commerce — HPP redirect, on-site FlexCheckout, saved cards, subscription renewals, admin Capture/Void/Refund, and SHA-signed callbacks that actually verify. Put the bank behind your Joomla ecommerce store. Properly.

SAQ-A
Lightest PCI tier possible — both integration modes qualify
2
Integration modes — HPP redirect or on-site FlexCheckout, your call
3
Admin ops right on the order screen — Capture, Void, Refund
SHA-512
Every request, every callback, cryptographically signed — no free passes

Everything ePDQ. Nothing Broken. Nothing Missing.

Most ePDQ plugins for Joomla ecommerce were written when "security" meant remembering to close a PHP tag. This one wasn't. Both checkout modes. Saved cards. Subscriptions. SHA signatures that actually match. Admin operations that don't require a separate login.

Hosted Payment Page

Customer clicks "Place Order," lands on a Barclays-hosted payment form, comes back confirmed. Your server never touches a card number. PCI scope drops to SAQ-A — no annual penetration test, no QSA assessor, no quarterly vulnerability scans. That's thousands of pounds per year you're not spending. Yeah. We do that.

FlexCheckout — On-Site Card Form

Card entry happens right on your checkout page — looks like your store the whole time. Under the hood, card data posts straight to Barclays' Alias Gateway. Your server still never sees raw card data. Still SAQ-A. Customers stay on your domain. That's not a compromise — it's both things at once.

Saved Cards — One Click the Second Time

Returning customers see their saved card. They pick it. They pay. Done. The token lives in Barclays' vault, not your database. Re-entry friction is gone. So is the drop-off that comes with it. Customers who don't have to dig out their wallet buy more often. Simple math.

Subscription Renewals That Don't Crash Silently

Automatic renewal charges against stored cards — no customer action needed each cycle. When a renewal succeeds, the order history updates, notification emails fire, and the status is set correctly. When it fails, you get a visible failure record with the reason. Not a silent PHP crash you find out about three weeks later when a customer asks why their access was revoked.

Capture, Void & Refund from the Order Screen

Authorize funds at order time, capture when you ship — right from the J2Commerce order screen. Void an authorization before settlement. Refund full or partial with cumulative tracking that blocks you from accidentally over-refunding. Every operation writes to the order history. No Back Office login. No explaining what a PAYID is to your warehouse team. It just works.

SHA Signatures That Actually Match

Incoming callbacks are cryptographically verified using the correct parameter set for whichever mode you're running — HPP and Alias Gateway use different field lists. Getting that wrong means a guaranteed mismatch on every successful payment. Most Joomla ePDQ plugins get it wrong. Some just disable verification entirely, which means any HTTP request can confirm an order with zero actual payment. This one gets it right, enabled by default.

Server-to-Server Webhook — The Browser Is Irrelevant

Barclays confirms your payments directly to your store's server — independently of whatever chaos the customer's browser is up to. Tab closed. Internet dropped. Back button pressed. Doesn't matter. Barclays called your server. The order confirms. The customer's browser is not in the loop, and that's exactly how it should be.

Geozone & Subtotal Gating

Restrict Barclaycard to specific geographic zones. Set a floor and ceiling on order values. Barclaycard only appears to the customers who can actually use it — no confusing error messages mid-checkout for someone in a country your merchant account doesn't support. The right payment options for the right customers. Automatically.

Surcharge — Recover Processing Costs

Add a percentage fee, a fixed fee, or both — with an optional tax class applied on top. The surcharge shows as a line item on the order. Customers who pick Barclaycard see it; customers on other methods don't. Processing cost recovery, built in, no spreadsheets required.

One Plugin. Two Checkout Modes. No Choosing Wrong.

Some stores want the full Barclays redirect — customer leaves your domain, pays on an official Barclays-hosted page, comes back confirmed. Maximum trust signal. Zero card data touching your server. UK shoppers recognize that page and they don't hesitate. If that's you, configure HPP. Done.

Other stores want customers on their domain the whole time. FlexCheckout delivers exactly that — an on-site card form that looks native to your checkout while card data posts straight to Barclays' Alias Gateway. Still bank-hosted processing under the hood. Still SAQ-A. Still your URL in the address bar. You switch modes in plugin settings. No code changes. No rebuilding the checkout.

  • HPP: full Barclays-hosted redirect — the name customers trust, on the page they see
  • FlexCheckout: stays on your domain, looks like your store, still SAQ-A
  • Both modes: your server never sees a raw card number. Not once.
  • Switch with a settings change — no developer, no deployment, no drama

Capture. Void. Refund. Your Team Does Not Need a Back Office Login.

Here's the deal: if your operations team needs to log into Barclays' merchant portal every time they want to settle, void, or refund a payment, you've built your payment workflow around a browser bookmark and a password someone probably wrote on a sticky note. That's not a process. That's a liability.

With authorize-first mode enabled, the Capture button appears right on the J2Commerce order screen the moment a payment is authorized. Click it. Barclays settles. Done. Void cancels before settlement. Refunds handle full or partial amounts — the plugin tracks the cumulative refunded total and physically blocks you from going over the original charge. Every operation logs to the order history. Clean audit trail. No sticky notes.

  • Capture authorized funds at shipment — zero Back Office login required
  • Void before settlement — one click, authorization released
  • Full and partial refunds with over-refund protection baked in
  • Every action in the J2Commerce order history — squeaky clean audit trail

Signature Verification Enabled by Default. Because Disabling It Is How Fraud Happens.

SHA-OUT signature verification is the only barrier between your callback URL and someone forging a payment confirmation with a curl command. No actual payment. Just a crafted HTTP request that says "paid." If verification is off — and plenty of Joomla ePDQ plugins ship with it off, or don't implement it at all — your store will confirm those orders. Every time. Without blinking.

This plugin ships with verification enabled and uses the correct field list for whichever mode you're running. HPP callbacks and Alias Gateway callbacks include different parameters — use the wrong list and you get a SHA mismatch on every legitimate payment. That's where most integrations fail. SHA-1, SHA-256, and SHA-512 all supported. Configure the one in your Back Office. They'll align exactly.

  • Verification on by default — forged confirmations rejected before they reach your orders
  • Correct parameter sets for HPP vs Alias Gateway — no guaranteed mismatch on live payments
  • SHA-512 recommended; SHA-256 and SHA-1 also fully supported
  • Debug logs go to the admin directory only — never public, sensitive fields excluded

Real Stores. Real Problems. Real Fixes.

A London specialty retailer already has a Barclaycard merchant account and has been taking ePDQ payments on their old ecommerce platform for years. Moving to J2Commerce, they need ePDQ to keep working without explaining to their merchant services team why they're ripping out the gateway. HPP mode. SHA-512 set to match their Back Office. Sandbox for testing. Their checkout redirects to the familiar Barclays-hosted payment form — and for UK shoppers, that Barclays page is worth more than any trust badge you can slap on a checkout. The hesitation before clicking "Place Order" disappears because they know that page. They trust that bank. Conversion ticks up. Done.

A subscription box retailer runs J2Commerce subscription products with monthly billing. Customers enroll once. Their card is tokenized and stored. The renewal handler charges it on schedule each month. Authorize-only mode covers new signups — authorized at signup, captured on first dispatch. Subsequent renewals charge immediately on the renewal date. When a renewal fails, there's a visible failure record with the exact reason — not a silent crash that shows up three weeks later when a customer emails asking why their box stopped arriving. The admin team can see it, chase it, fix it, and retry — all from the order screen. Subscription stores live and die on renewal reliability. "Works most of the time" is not an acceptable outcome when it's someone's monthly revenue.

A European B2B supplier sells industrial equipment with 3–5 day lead times. Industry standard: authorize at order, capture at dispatch. The Capture button appears on the J2Commerce order screen once the goods are packed. A junior warehouse team member clicks it. No Back Office login. No training session on what a PAYID is. No explaining the merchant portal to someone who just wants to ship boxes. Partial refunds handle backorder situations where only part of the order goes out. Cumulative tracking ensures the finance team cannot accidentally over-refund a partial shipment. Clean. Auditable. No sticky notes on monitors.

A Dutch ecommerce store doesn't want a full-page redirect to a Barclays-hosted page — they want customers on their domain through the entire checkout. FlexCheckout shows a card entry form that looks native to their Bootstrap 5 template. Card data posts straight to Barclays' Alias Gateway. Their server never sees a raw card number. SAQ-A still applies. Returning customers see their saved card in a radio button list — one pick, one confirm, paid. Geozone restriction is configured to Netherlands and Germany because Barclaycard ePDQ isn't set up for every country they ship to. Customers outside those zones see their other configured payment methods. No error messages. No confusion. Just the right payment options for the right customers, automatically. Customers pick. Customers pay. You get paid. Simple.

Put a 290-Year-Old Bank Behind Your Joomla Checkout.

Your store probably shouldn't be built on something younger than the Wi-Fi router in the break room. Full ePDQ integration. Proper SHA signing. Subscription renewals that don't crash silently. Admin refunds that don't require a browser bookmark and a sticky note. Built for J2Commerce. Seriously.

Translated In The Following Languages

Arabic Unitag (ar-AA), Chinese, Traditional (zh-TW), Danish (da-DK), Dutch (nl-NL), English (en-GB), English, USA (en-US), Finnish (fi-FI), French (fr-FR), German (de-DE), Greek (el-GR), Hebrew (he-IL), Italian (it-IT), Japanese (ja-JP), Norwegian Bokmål (nb-NO), Persian Farsi (fa-IR), Polish (pl-PL), Portuguese, Brazil (pt-BR), Portuguese, Portugal (pt-PT), Russian (ru-RU), Spanish (es-ES), Swedish (sv-SE), Turkish (tr-TR)


  • Developer J2Commerce
  • Extension Type Payment
  • J2Commerce Version 6.x, 4.x
  • Joomla Version 4.x, 5.x, 6.x
Language Translations
Arabic UnitagArabic Unitag
Chinese, TraditionalChinese, Traditional
DanishDanish
DutchDutch
EnglishEnglish
English, USAEnglish, USA
FinnishFinnish
FrenchFrench
GermanGerman
GreekGreek
HebrewHebrew
ItalianItalian
JapaneseJapanese
Norwegian BokmålNorwegian Bokmål
Persian FarsiPersian Farsi
PolishPolish
Portuguese, BrazilPortuguese, Brazil
Portuguese, PortugalPortuguese, Portugal
RussianRussian
SpanishSpanish
SwedishSwedish
TurkishTurkish

New Feature Barclaycard ePDQ payment gateway for J2Commerce 6

New Feature Hosted Payment Page (HPP) checkout with SHA-IN/SHA-OUT signing

New Feature FlexCheckout on-site card form via Alias Gateway (SAQ-A)

New Feature Saved cards (Alias) and subscription renewal charges (COF MIT)

New Feature Admin order capture, void, and full/partial refund

New Feature DirectLink maintenance API client with caller-IP whitelist

New Feature SHA-OUT callback signature verification with toggle

New Feature 21-locale language pack (en-US source, en-GB + 19 translations)

Improvement Native Joomla 6 MVC, namespaced extension, vanilla ES6 checkout JS

Update Requires Joomla 6.x + J2Commerce 6.x + a Barclaycard ePDQ PSPID

Fix corrected media folder destination to plg_j2store_payment_epdq

Update J2Commerce/J2Store v4 and Joomla 4/5 plugin support

You may also be interested in these products

Stay Updated

Subscribe for free and be the first to know about the latest features, updates, and new additions.