How is payment gateway integrated into an ecommerce site?
jerseyboy
10:20 pm on Feb 23, 2012 (gmt 0)
I have built my own ecommerce site up to the point of the checkout screen. I added product catalog and shopping cart, etc in ASP.NET MVC3.
I spoke with Authorize.net about their payment gateway. They said they have an API.
Anyone have any tips or resources to learn HOW this is done?
Many thanks. Chris
ssgumby
2:44 am on Feb 24, 2012 (gmt 0)
authorize.net has sample code for almost all languages that you can use to integrate.
However, writing your own checkout and integrating authorize.net is bad bad bad bad bad, did I mention bad?
PCI and PA-DSS are required by Visa/Mastercard and to get PA-DSS on YOUR shopping cart solution is an expensive venture.
jerseyboy
3:07 am on Feb 24, 2012 (gmt 0)
So what do you recommend?
ssgumby
4:54 pm on Feb 24, 2012 (gmt 0)
There are many shopping cart systems out in the market that already have auth.net integration that are also PA-DSS.
ecommerce templates is one that is on the low end of cost aspdotnetstorefront is one that is a bit more expensive
Many others im sure, those are two I am familiar with though.
rocknbil
5:14 pm on Feb 24, 2012 (gmt 0)
writing your own checkout and integrating authorize.net is bad bad bad bad bad, did I mention bad?
Please expand. If you don't store CC information on your server and use A.N.'s best practices (and their examples as starters,) force SSL on all checkout areas, more information is needed to define why it's bad. It's exactly what existing cart software does.
The PCI compliance scans apply to existing shopping cart software as well, and a non-compliant server will cause the scans to fail just as easily. If you host the site in a PCI compliant environment, securing a script to pass a PCI scan is not all that difficult (and makes a more aware coder out of you.)
Of course, the cheap and cheesy solution is to just pass the customer to the Authorize.net payment page on checkout.
ssgumby
5:47 pm on Feb 24, 2012 (gmt 0)
First, storing CC is not just the issue. Accepting and transmitting CC data is also considered high in PCI terms.
PCI is not just about the server anymore, your cart is required to be PA-DSS certified. Getting PA-DSS is not cheap from what ive heard.
"PCI-DSS (the PCI’s own Data Security Standards) now requires that applications be PA-DSS validated as well. PCI standards include the transmission of data using SSL encryption, protecting cardholder information, and creating and enforcing strict security policies."
jerseyboy
5:50 pm on Feb 24, 2012 (gmt 0)
very helpful. Guess I'll chuck my code and d/l Magento. Don't need to re-invent the wheel if its that involved. Having a solid payment service is most crucial to me.
jrockfl
3:36 am on Feb 25, 2012 (gmt 0)
Magento is not in .net though. Authorize.net provides an api along with example code.
You pretty much make a request and get back a response. I wrote our entire e-commerce application in .net.
Now, I'm working on the mobile version.
jerseyboy
4:37 am on Feb 25, 2012 (gmt 0)
jrockfl - was it fairly easy to get your checkout working w/ authorize.net's API and your custom .net site?
jrockfl
1:03 pm on Feb 25, 2012 (gmt 0)
Yes, I thought so. Keep in mind I have been working with Authorize.net for over 10 years.
They provide a nice api with sample code which makes it pretty easy.
Sign up for a developer account and you do all of your testing in a their development environment.
They also have a forum which is pretty helpful too. In my opinion, Authorize.net is the best one to work with. Nice samples, large developer following and have been around for years.
