homepage Welcome to WebmasterWorld Guest from 54.161.200.144
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
How is payment gateway integrated into an ecommerce site?
jerseyboy




msg:4421111
 10:20 pm on Feb 23, 2012 (gmt 0)

I have built my own ecommerce site up to the point of the checkout screen. I added product catalog and shopping cart, etc in ASP.NET MVC3.

I spoke with Authorize.net about their payment gateway. They said they have an API.

Anyone have any tips or resources to learn HOW this is done?

Many thanks. Chris

 

ssgumby




msg:4421189
 2:44 am on Feb 24, 2012 (gmt 0)

authorize.net has sample code for almost all languages that you can use to integrate.

However, writing your own checkout and integrating authorize.net is bad bad bad bad bad, did I mention bad?

PCI and PA-DSS are required by Visa/Mastercard and to get PA-DSS on YOUR shopping cart solution is an expensive venture.

jerseyboy




msg:4421192
 3:07 am on Feb 24, 2012 (gmt 0)

So what do you recommend?

ssgumby




msg:4421398
 4:54 pm on Feb 24, 2012 (gmt 0)

There are many shopping cart systems out in the market that already have auth.net integration that are also PA-DSS.


ecommerce templates is one that is on the low end of cost
aspdotnetstorefront is one that is a bit more expensive

Many others im sure, those are two I am familiar with though.

rocknbil




msg:4421412
 5:14 pm on Feb 24, 2012 (gmt 0)

writing your own checkout and integrating authorize.net is bad bad bad bad bad, did I mention bad?


Please expand. If you don't store CC information on your server and use A.N.'s best practices (and their examples as starters,) force SSL on all checkout areas, more information is needed to define why it's bad. It's exactly what existing cart software does.

The PCI compliance scans apply to existing shopping cart software as well, and a non-compliant server will cause the scans to fail just as easily. If you host the site in a PCI compliant environment, securing a script to pass a PCI scan is not all that difficult (and makes a more aware coder out of you.)

Of course, the cheap and cheesy solution is to just pass the customer to the Authorize.net payment page on checkout.

ssgumby




msg:4421418
 5:47 pm on Feb 24, 2012 (gmt 0)

First, storing CC is not just the issue. Accepting and transmitting CC data is also considered high in PCI terms.

PCI is not just about the server anymore, your cart is required to be PA-DSS certified. Getting PA-DSS is not cheap from what ive heard.

"PCI-DSS (the PCI’s own Data Security Standards) now requires that applications be PA-DSS validated as well. PCI standards include the transmission of data using SSL encryption, protecting cardholder information, and creating and enforcing strict security policies."

jerseyboy




msg:4421421
 5:50 pm on Feb 24, 2012 (gmt 0)

very helpful. Guess I'll chuck my code and d/l Magento. Don't need to re-invent the wheel if its that involved. Having a solid payment service is most crucial to me.

jrockfl




msg:4421561
 3:36 am on Feb 25, 2012 (gmt 0)

Magento is not in .net though. Authorize.net provides an api along with example code.

You pretty much make a request and get back a response. I wrote our entire e-commerce application in .net.

Now, I'm working on the mobile version.

jerseyboy




msg:4421580
 4:37 am on Feb 25, 2012 (gmt 0)

jrockfl - was it fairly easy to get your checkout working w/ authorize.net's API and your custom .net site?

jrockfl




msg:4421685
 1:03 pm on Feb 25, 2012 (gmt 0)

Yes, I thought so. Keep in mind I have been working with Authorize.net for over 10 years.

They provide a nice api with sample code which makes it pretty easy.

Sign up for a developer account and you do all of your testing in a their development environment.

[developer.authorize.net...]

They also have a forum which is pretty helpful too.
In my opinion, Authorize.net is the best one to work with. Nice samples, large developer following and have been around for years.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved