Welcome to WebmasterWorld Guest from

Forum Moderators: buckworks

Message Too Old, No Replies

Simple 'flowchart' explaining gateway, merchant account, etc.

5:49 pm on Aug 17, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 8, 2003
votes: 0

I am hoping someone can explain to me the various aspects of running an ecommerce store, specifically regarding handling credit carts online.

I want the user to stay on my store, so no redirects to someone elses checkout.

I'm looking for an explanation of a gateway, merchant account? etc.


User adds an item to the cart, clicks on checkout. Enters cc information, clicks submit. Data is sent to #*$!x, then to #*$!x, etc.

5:55 pm on Aug 17, 2009 (gmt 0)

Full Member

5+ Year Member

joined:Aug 31, 2006
votes: 0

First, google "authorize.net how it works". They have a nice diagram there.

A quick overview.

1. user adds item to cart
2. user clicks checkout
3. user fills out name, addr
4. user selects shipping
5. user enters credit card info
6. user clicks submit
7. cc info is encrypted and set to gateway (auth net is one)
8. gateway sends info to merchant provider
9. merchant provider contacts customers cc company for approval
10. approval comes back to gateway
11. gateway checks address for validity
12. gateway sends response back to cart
13. customer gets a confirmation page

3:14 am on Aug 18, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
votes: 0

I want the user to stay on my store, so no redirects to someone elses checkout.

I don't know why it would redirect to someone else's cart, but from ssgumby's list, you can perform steps 7 through 12 without the visitor leaving your site through what's called silent post (or, one of the names for it.)

To throw a buzzword into the mix, the interface set up by the gateway for you to process transactions is called an API.

On 'nix systems there is a program called curl. What it does is goes out and gets a page, or in this case posts data to a page/location, and acquires a response.

An SSL cert is required for Authorize.net, LinkPoint, NetBilling, and other processors to use curl with their API. It will be rejected and will not respond if you don't "curl" a response over SSL.

So when the customer hits submit, your programming executes a curl command to send the submitted data to the gateway, and gets a response; although other data is returned, the main thing you listen for is the response code (approved, declined, etc.) You will also use other aspects of the response to limit fraud, etc. - billing address/zip match, etc. Based on the response, you return a success response page or return to the form with an appropriate message - never telling them EXACTLY what went wrong, as this reveals info to potential hackers.

curl is supported by most languages since it's executed via command line, I use it n Perl and PHP.