{"id":312381,"date":"2026-06-17T09:37:47","date_gmt":"2026-06-17T09:37:47","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/payment-gateway-accept-blue-for-formidable\/"},"modified":"2026-06-17T09:37:17","modified_gmt":"2026-06-17T09:37:17","slug":"ryanpay-accept-blue-formidable","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/ryanpay-accept-blue-formidable\/","author":23487932,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.8","stable_tag":"1.0.8","tested":"7.0","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"RyanPay Card Payments with accept.blue for Formidable","header_author":"RyanPlugins","header_description":"Accept.blue Hosted Tokenization payment gateway for Formidable Forms with debug logging, and per-form API override.","assets_banners_color":"","last_updated":"2026-06-17 09:37:17","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/ryanplugins.net\/","header_author_uri":"https:\/\/profiles.wordpress.org\/ryanplugins\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":24,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.8":{"tag":"1.0.8","author":"ryanplugins","date":"2026-06-17 09:37:17"}},"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.8"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[215259,11475,17795,1890,507],"plugin_category":[45],"plugin_contributors":[267495],"plugin_business_model":[],"class_list":["post-312381","plugin","type-plugin","status-publish","hentry","plugin_tags-accept-blue","plugin_tags-credit-card","plugin_tags-formidable","plugin_tags-gateway","plugin_tags-payment","plugin_category-ecommerce","plugin_contributors-ryanplugins","plugin_committers-ryanplugins"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/ryanpay-accept-blue-formidable.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Secure Form Checkout<\/strong> connects your Formidable Forms payment forms to the accept.blue payment processing platform. All card data is handled inside a secure accept.blue Hosted Tokenization iFrame \u2014 it never passes through your server, keeping your site PCI-compliant.<\/p>\n\n<p>This is the <strong>free Lite version<\/strong>.<\/p>\n\n<h4>What's Included in Lite<\/h4>\n\n<ul>\n<li><strong>Credit card payments<\/strong> via accept.blue Hosted Tokenization iFrame \u2014 card data never touches your server<\/li>\n<li><strong>Test \/ Sandbox mode<\/strong> \u2014 safely test payments with accept.blue sandbox credentials before going live<\/li>\n<li><strong>Test Connection<\/strong> \u2014 verify your API credentials without leaving WordPress<\/li>\n<li><strong>Debug logging<\/strong> \u2014 dedicated per-month log file with an in-admin log viewer, gated behind a settings toggle<\/li>\n<li><strong>card authentication<\/strong> \u2014 optional EMV card authentication browser-based authentication per Form Action<\/li>\n<li><strong>Per-form API credential override<\/strong> \u2014 run different forms against different accept.blue merchant accounts<\/li>\n<li><strong>Processing overlay<\/strong> \u2014 animated spinner shown on form submit while payment processes<\/li>\n<li><strong>Minified assets<\/strong> \u2014 production-ready JS and CSS; source files served automatically when WP_DEBUG is on<\/li>\n<\/ul>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.0 or higher<\/li>\n<li>PHP 7.4 or higher<\/li>\n<li>Formidable Forms Pro (required for payment fields)<\/li>\n<li>An active accept.blue merchant account (sign up at https:\/\/accept.blue)<\/li>\n<\/ul>\n\n<h3>Source code<\/h3>\n\n<p>The unminified source files for all JavaScript and CSS are included in the plugin's assets\/ directory alongside the minified production files. No separate build step is required to review the source.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the accept.blue payment processing platform. Two distinct accept.blue services are contacted:<\/p>\n\n<h4>1. accept.blue Payment API<\/h4>\n\n<p>Used to authorise and capture credit card payments. When a visitor submits a payment form, the plugin sends a server-side request to the accept.blue API to process the charge.<\/p>\n\n<p>Data sent: a short-lived card nonce token (generated by the Hosted Tokenization iFrame \u2014 never the raw card number or CVV), the payment amount, currency code, and the site's accept.blue API credentials.<\/p>\n\n<p>When data is sent: only when a visitor submits a payment form and the tokenization step has completed successfully.<\/p>\n\n<ul>\n<li>API endpoint (live): https:\/\/api.accept.blue\/api\/v2\/<\/li>\n<li>API endpoint (sandbox): https:\/\/api.sandbox.accept.blue\/api\/v2\/<\/li>\n<li>accept.blue website: https:\/\/accept.blue<\/li>\n<li>API documentation: https:\/\/docs.accept.blue\/api\/v2<\/li>\n<li>Terms of Service \/ Privacy Policy: https:\/\/accept.blue\/terms-of-use\/<\/li>\n<\/ul>\n\n<h4>2. accept.blue Hosted Tokenization Service<\/h4>\n\n<p>Used to securely capture card details inside an iFrame. When a visitor views a payment form, the browser loads a secure iFrame from accept.blue's tokenization service. The visitor enters their card number, expiry, and CVV directly into this iFrame. That card data is sent from the visitor's browser directly to accept.blue \u2014 it never passes through your WordPress server.<\/p>\n\n<p>Data sent: raw card details (card number, expiry, CVV) sent from the visitor's browser directly to accept.blue's tokenization servers. Your server receives only a short-lived nonce in return.<\/p>\n\n<p>When data is sent: when the visitor enters card details and submits the payment form.<\/p>\n\n<ul>\n<li>Tokenization endpoint (live): https:\/\/tokenization.accept.blue\/tokenization\/v0.3\/<\/li>\n<li>Tokenization endpoint (sandbox): https:\/\/tokenization.sandbox.accept.blue\/tokenization\/v0.3\/<\/li>\n<li>Terms of Service \/ Privacy Policy: https:\/\/accept.blue\/terms-of-use\/<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to \/wp-content\/plugins\/ or install via Plugins &gt; Add New &gt; Upload Plugin.<\/li>\n<li>Activate via Plugins &gt; Installed Plugins.<\/li>\n<li>Go to Formidable &gt; Global Settings &gt; Accept.Blue.<\/li>\n<li>Enter your credentials:\n\n<ul>\n<li>API Key \u2014 from your accept.blue portal under API Keys<\/li>\n<li>PIN \u2014 if your API key requires one (optional)<\/li>\n<li>Hosted Tokenization Key \u2014 from accept.blue Settings &gt; Hosted Tokenization<\/li>\n<\/ul><\/li>\n<li>Click Save Changes and use the Test Connection button to confirm your credentials work.<\/li>\n<li>Create or open a Formidable Form.<\/li>\n<li>Drag the Accept.Blue Card field onto the form canvas.<\/li>\n<li>Open Form Actions and add the Accept.Blue Payment action.<\/li>\n<li>Set your amount and currency.<\/li>\n<li>Click Update and publish your form.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20store%20card%20numbers%20on%20my%20server%3F\"><h3>Does this store card numbers on my server?<\/h3><\/dt>\n<dd><p>No. Card data is tokenised entirely within the accept.blue Hosted Tokenization iFrame. Your server only ever receives a short-lived nonce token. No card numbers, CVVs, or expiry dates are stored on your server or in your database.<\/p><\/dd>\n<dt id=\"can%20i%20use%20this%20in%20test%2Fsandbox%20mode%3F\"><h3>Can I use this in test\/sandbox mode?<\/h3><\/dt>\n<dd><p>Yes. Enable Test \/ Sandbox Mode in Formidable &gt; Global Settings &gt; Accept.Blue and use your accept.blue sandbox credentials. No real charges are made. Disable the setting and switch to live credentials when you are ready for production.<\/p><\/dd>\n<dt id=\"what%20statuses%20does%20the%20plugin%20use%3F\"><h3>What statuses does the plugin use?<\/h3><\/dt>\n<dd><p>complete \u2014 charge captured and settled; auth \u2014 authorised but not yet captured; failed \u2014 charge declined or errored; voided \u2014 authorisation cancelled before capture; refunded \u2014 charge refunded in full or in part.<\/p><\/dd>\n<dt id=\"does%20debug%20logging%20store%20sensitive%20data%3F\"><h3>Does debug logging store sensitive data?<\/h3><\/dt>\n<dd><p>API request and response bodies are logged when debug logging is enabled. Card numbers are never present (they are handled by the accept.blue iFrame and never reach your server), but disable debug logging once you have finished troubleshooting.<\/p>\n\n<p>No card data is stored on your server. All sensitive payment data is handled exclusively by accept.blue's PCI-compliant infrastructure.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>Docs: Removed Paay external service section from readme. Replaced all \"3D Secure\" references with \"card authentication\".<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>Fix: Added phpcs:ignore annotations for frm_payment_status_complete (Formidable Forms own hook) and $frmProErrors (Formidable Forms core global) \u2014 these cannot be renamed as they are part of Formidable Forms API.<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Fix: All plugin identifiers (functions, classes, constants, options, transients, AJAX actions, script\/style handles, shortcodes, DB table) renamed from frm_ab_lite_ \/ Frm_AB_Lite_ \/ FRM_AB_LITE_ to ryancapa_ \/ Ryancapa_ \/ RYANCAPA_ to satisfy the WordPress.org 4-character unique prefix requirement.<\/li>\n<li>Fix: Include files and asset files renamed to match new prefix (class-ryancapa-*.php, ryancapa-card.js, ryancapa.css).<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Fix: Dependency notice (Formidable Forms required) now shown only on the Plugins screen instead of every admin page, complying with Guideline 11.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Fix: Card config delivery rewritten to be JS-optimizer-proof. Configs are now collected across all card fields on the page and output as a single <code>wp_add_inline_script( 'before' )<\/code> block that travels with the registered script handle, preventing WP Rocket \/ Autoptimize \/ LiteSpeed from stripping or deferring it. <code>wp_localize_script<\/code> retained as a secondary fallback for strict-CSP environments.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Fix: Replaced raw inline <code>&lt;style&gt;<\/code> tag in card field output with <code>wp_add_inline_style()<\/code> per WP enqueue best practices.<\/li>\n<li>Fix: Replaced raw inline <code>&lt;script&gt;<\/code> config output (printf) with <code>wp_add_inline_script()<\/code> per WP enqueue best practices.<\/li>\n<li>Fix: Added nonce verification (<code>wp_verify_nonce<\/code>) to the log viewer GET handler; all log viewer links updated to use <code>wp_nonce_url()<\/code>.<\/li>\n<li>Docs: Updated External Services documentation.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Fix: Multisite \/ Network activation \u2014 payments table now created for every subsite; settings stored per-site so each subsite has independent API credentials.<\/li>\n<li>Fix: Card iframe now loads correctly on all themes \u2014 CSS overrides prevent themes from collapsing the iframe to zero height; MutationObserver forces visibility the instant the SDK injects the iframe.<\/li>\n<li>Fix: JS config (ryancapaCardConfigs) output as a direct inline script in form HTML, immune to WP Rocket \/ Autoptimize \/ LiteSpeed JS optimizers stripping wp_localize_script data.<\/li>\n<li>Fix: Nonce refresh via admin-ajax (same session context) instead of REST endpoint, preventing -1 \/ HTTP 403 errors after authentication challenge.<\/li>\n<li>Fix: AJAX payment call migrated from jQuery.post() to fetch() with X-Requested-With header, preventing Apache 403 blocks on some server configurations.<\/li>\n<li>Fix: 10-second ready timeout with actionable error message; HTTP detection shows clear admin notice when page is not HTTPS.<\/li>\n<li>Tested: Verified working on WordPress Multisite with Network activation.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Fixed: Added nonce verification to settings save path in route() to prevent CSRF<\/li>\n<li>Fixed: Removed recurring, installment, and trial fields from prepare()\/get_defaults() \u2014 recurring is not implemented in Lite and was dead code<\/li>\n<li>Fixed: Updated accept.blue Terms of Service and Privacy Policy URLs to correct paths (\/terms-of-use\/ (contains both terms and privacy policy))<\/li>\n<li>Fixed: Updated admin upsell notice and readme to accurately reflect which features are in Lite vs Pro<\/li>\n<li>Fixed: card authentication and per-form API credential override are fully functional in Lite \u2014 moved from Pro-only list to Lite feature list<\/li>\n<li>Fixed: Removed recurring-related JavaScript toggle code from admin panel (no recurring UI in Lite)<\/li>\n<li>Fixed: Removed screenshot reference to recurring payment settings panel (no such UI in Lite)<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial Lite release based on Pro v1.0.0<\/li>\n<li>Core credit card payments via accept.blue Hosted Tokenization iFrame (PCI-minimised)<\/li>\n<li>Debug logging with in-admin log viewer and Clear Log function<\/li>\n<li>card authentication browser-based authentication per Form Action<\/li>\n<li>Per-form API credential override for multi-merchant support<\/li>\n<li>Licensing system fully removed<\/li>\n<li>All PHP identifiers prefixed with _lite (classes, functions, constants, options, hooks, DB tables)<\/li>\n<li>Plugin entry file renamed to formidable-acceptblue-lite.php<\/li>\n<li>All include files renamed to class-ryancapa-*.php<\/li>\n<\/ul>","raw_excerpt":"Accept credit card payments through accept.blue directly inside your Formidable Forms.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/312381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=312381"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/ryanplugins"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=312381"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=312381"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=312381"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=312381"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=312381"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=312381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}