| 12:07 am on Jun 9, 2004 (gmt 0)|
Log in to your authorize.net account, click on "Help" from the links on the left side, then "Sample Simple Integration Methods (SIM) Scripts" at the bottom of the page and download the samples - they're all .ZIP files. They can be modified slightly to work with your web site and away you go.
| 1:22 pm on Jun 10, 2004 (gmt 0)|
does anyone have a live demo of what SIM looks like in action? :)
| 2:27 pm on Jun 10, 2004 (gmt 0)|
Don't use SIM, Use AIM (Advanced Integration Method). Much better way to send/receive data. Your web server's back-end will determine how you do this, if you're on a Windows server I can post some ASP code that will do the trick for you. I wrote a function a long time ago to simplify this, where all you have to do is call the function and get a True or False for whether it was approved or not.
If isCardValid(CardNumber,ExpDate,etc...) = True Then
' transaction approved
' transaction declined
Let me know, I've been using Authorize.Net since 1997. If you're not using a Windows NT or 2000 server, if you want I can post the code anyway and maybe you can figure out how to duplicate it for your own back-end? I'm sending the data to them using the Microsoft XMLHTTP Object (which makes an HTTP POST and receives a comma-delimited string in return).
(I know you said you were using ASP but I need to make sure that you're using it on a WINDOWS server, that Linux ASP emulator crap doesn't work with components)
| 5:31 pm on Jun 10, 2004 (gmt 0)|
They have a pdf manual on how to do it with the AIM method, it includes some code samplesa in asp and php, if my memory is correct.
| 10:50 pm on Jun 10, 2004 (gmt 0)|
Is that http or https with XMLHTTP?
The aim pdf says it needs https, so if XMLHTTP will handle https, I would be a very happy camper.
| 11:50 pm on Jun 10, 2004 (gmt 0)|
Yep, it's 100% HTTPS ... Unfortunately I'm at home now though, I will send you the code tomorrow when I get to the office.
| 5:46 am on Jun 11, 2004 (gmt 0)|
I am using Windows Server. I have enabled Weblink method is that good enough. I find it is quiet simple and easy to integrate. Are there any shortcomings to it? Is it ok to use weblink in the long run.
| 3:06 pm on Jun 11, 2004 (gmt 0)|
|I am using Windows Server. I have enabled Weblink method is that good enough. I find it is quiet simple and easy to integrate. Are there any shortcomings to it? Is it ok to use weblink in the long run. |
I wouldn't - people can see your Authorize.Net username by viewing the source of the page. Not to mention they can tell you're using Authorize.Net. Plus there is no back-end functionality for updating scripts, etc... you're having Authorize.Net's servers do everything and relying on an e-mail receipt from them to determine whether an order came through or not. Do you log in and verify every order? Authorize.Net has been using a standard e-mail message for a while, occasionally I get fake ones that don't match up to an actual order in the system. If I relied on their merchant email receipt, I could have lost some serious cash over the years :(
Code coming up in next post ...
| 3:23 pm on Jun 11, 2004 (gmt 0)|
Ok, I don't know how well this will paste but we'll see. One other thing, it's important to make sure you strip out any "&" signs in the fields that you are submitting. You can do this after you request the variable from the form by using replace(variablename,"&","")
AUTH_NET_LOGIN = YOURLOGIN
AUTH_NET_PASSWORD = YOURPASSWORD
AMOUNT_TO_CHARGE = 25
INVOICE_NUMBER = 123456
CARD_NUMBER = "4111111111111111"
EXP_DATE = "0505"
ADDRESS= "123 4th Street"
DESCRIPTION= "A description of whatever was purchased"
posturl = "https://secure.authorize.net/gateway/transact.dll"
xmlrequest = xmlrequest & "x_Version=3.1"
xmlrequest = xmlrequest & "&x_Delim_Data=True"
xmlrequest = xmlrequest & "&x_Login=" & AUTH_NET_LOGIN
xmlrequest = xmlrequest & "&x_Password=" & AUTH_NET_PASSWORD
xmlrequest = xmlrequest & "&x_Type=AUTH_CAPTURE"
xmlrequest = xmlrequest & "&x_Email_Merchant=True"
xmlrequest = xmlrequest & "&x_Email_Customer=False"
xmlrequest = xmlrequest & "&x_Test_Request=False"
xmlrequest = xmlrequest & "&x_Amount=" & AMOUNT_TO_CHARGE
xmlrequest = xmlrequest & "&x_Invoice_Num=" & INVOICE_NUMBER
xmlrequest = xmlrequest & "&x_Cust_id=" & CUST_ID
xmlrequest = xmlrequest & "&x_First_Name=" & FIRST_NAME
xmlrequest = xmlrequest & "&x_Last_Name=" & LAST_NAME
xmlrequest = xmlrequest & "&x_Card_Num=" & CARD_NUMBER
xmlrequest = xmlrequest & "&x_Exp_Date=" & EXP_DATE
xmlrequest = xmlrequest & "&x_Address=" & ADDRESS
xmlrequest = xmlrequest & "&x_Zip=" & ZIPCODE
xmlrequest = xmlrequest & "&x_Description=" & DESCRIPTION
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
xml.open "post", posturl, false
xml.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
While (xml.readyState <> 4) AND (attempt < 50001)
attempt = (attempt + 1)
If xml.ReadyState <> 4 Then
call ErrorAlert("Time out waiting for remote server")
' Get the response from Authorize.net
ResultHTML = xml.ResponseText
' Split the response into multiple strings
tResults = Split(ResultHTML,",")
responseCode = tResults(0)
responseReason = tResults(3)
AuthNetTransactionID = tResults(6)
Set xml = nothing
The "responseCode" string will be a 1, 2, or 3 - 1 is approved, 2 is declined, and 3 is error. responseReason will be the text associated with the failure, and AuthNetTransactionID is the unique ID authorize.net assigns to each successful transaction. In test mode this will be a zero.
Using this code you can request information from the visitor, shoot it over to Authorize.Net, and figure out their response while the user is still waiting at YOUR site. This is cool when you want to do stuff like send the user to a specific page based on whether they're approced or not, etc. Great for software purchases - if approved you can set a session variable or cookie that allows them access to the download area, sends them an e-mail with the file, etc. Pretty much limitless possibilties.
Set X_TEST_REQUEST to True and play with it in test mode for a little while. If there are any errors let me know, I re-wrote this from scratch this morning as I discovered my function had a lot more custom SQL code in it than I wanted to post here :P
[edited by: DaveAtIFG at 6:29 pm (utc) on June 11, 2004]
[edit reason] Corrected "posturl" string [/edit]
| 4:10 pm on Jun 11, 2004 (gmt 0)|
One error in my post - URL should be https:// not http:// in the PostURL string. Whoops :p
| 11:35 pm on Jun 11, 2004 (gmt 0)|
Thank you. I am sure that a lot of readers will benefit from your generosity, including myself of course.
Did you know that the current pdf does not even explicitly mention that the transaction is a POST operation? I had to find that out by searching the net because at first I thought it was a pure socket connection. Nice to have example code that illustrates the core operating requirements and mechanism.
| 6:39 am on Jun 12, 2004 (gmt 0)|
Thanks a lot DigitalV. So now I will will have to get a SSL certificate for my server I guess. Can you explain me the procedure for that. I am thinking of getting from geotrust.
| 3:37 pm on Jun 12, 2004 (gmt 0)|
Are you running your own server? Or are you hosting somewhere else? If you are with a hosting company, they may have a shared certificate you can use or they can generate a CSR for you and email it to you, which you can then upload to the provider of your choice. If you're running your own server you will need to generate yourself.
As far as providers go, I've never used anyone but Thawte and Verisign. They provide the same functions (they're even the same company now) but the Thawte certificates are at $199 whereas Verisign are around $350 I think. I've never used GeoTrust so I can't give a recommendation for or against them, but I would say stay away from those $50 a year "budget" certs. I just have this thing about never buying the least expensive product. I've seen too many internet companies go out of business because they under-sold their product, and having a reliable SSL issuer is more important to me than saving $150 a year.
(By the way, GeoTrust isn't a budget certificate company I'm just saying I don't know anything about them - perhaps someone else on the board does)
| 7:28 am on Jun 18, 2004 (gmt 0)|
When I was first reading this thread, I'd asked my tech friend what it would take to set up an AIM connection on our server. It turned out to be more of a production than I'd thought. In fact, she took it on as her latest obsession and has been working almost non-stop between her day job and this. Information about setting up the connection turned out to be surprisingly hard to find and she never did find an available example for Apache.
Due to the lack of available resources about it, and since she was already putting so much time into it, she decided to set it up as a free download with plenty of comments and versatility to help others who must be running into similar problems. I'd checked with her previously about posting about it here, since I'm sure others will find it to be useful.
Earlier tonight, she let me know that the code has been released and ready for me to integrate into my site. She's calling it pANT (php Authorize Net webapp Thingamee) and set up a development site for it at www.digitalsorceress.com/pant/
I'm hoping, given that it's a free contribution and entirely on-topic, that this isn't against the TOS for me to post. However, if it is I'll be happy to remove the URL and just let those interested know by sticky mail.
| 2:10 pm on Jun 18, 2004 (gmt 0)|
Sunshyn:: heh I do tend to get obsessive when I'm "in the zone"
Okay, so I know the original post asked about windows, but if you have a PHP site and can compile/install curl, I've just started an open source (GPL) project to help with the hard bits.
It's not meant to be a 100% ready-to-use application, but if you know some PHP and can either install or compile SSL-enabled curl on your site, it gets you most of the way there. My original intent was to just get Sunshyn a workable set of functions that she could use in her merchant terminal, but somewhere, due to sleep deprivation, and massive amounts of caffiene, It's sort of morphed into my first Open-Source GPL'ed project.
it's called pANT (php Authorize Net webapp Thingamee) ... did I mention sleep deprivation? *grin*
** After reading the site terms of usage, I too am not sure if it was entirely appropriate for me to post the links and such. No offense was intended, and if it's deemed inappropriate, I'll gladly edit it out.
[edited by: DaveAtIFG at 6:45 pm (utc) on July 20, 2004]
| 5:39 pm on Jun 18, 2004 (gmt 0)|
One reason I love Cold Fusion is because there is simply a tag written that does all of that for me. Just one nice simple tag. Its beautiful.
| 6:11 pm on Jun 18, 2004 (gmt 0)|
JonR28:: I used to do a lot of Cold Fusion... This single tag you refer to... it is a custom tag or extension, or is it part of the core language?
(I haven't touched CF since version 4.5 and never did Ecommerse apps with it)
(I could probably make pANT function just like that tag - just one function call
$result = cf_like_auth_net_request($_POST);
| 2:19 pm on Jun 21, 2004 (gmt 0)|
custom tag I believe released by Authorize.net. Back when it was Verisign it was even easier. Cold Fusion has free custom tags for everything though. I use it for my ecommerce site and it works great.
| 3:18 pm on Jul 20, 2004 (gmt 0)|
digitaltv, that ASP code you posted was a lifesaver! It works great. I had been struggling with AIM for days. Thank you, thank you, thank you!