If isCardValid(CardNumber,ExpDate,etc...) = True Then
' transaction approved
else
' transaction declined
End If

Let me know, I've been using Authorize.Net since 1997. If you're not using a Windows NT or 2000 server, if you want I can post the code anyway and maybe you can figure out how to duplicate it for your own back-end? I'm sending the data to them using the Microsoft XMLHTTP Object (which makes an HTTP POST and receives a comma-delimited string in return).

(I know you said you were using ASP but I need to make sure that you're using it on a WINDOWS server, that Linux ASP emulator crap doesn't work with components)

Is that http or https with XMLHTTP?

The aim pdf says it needs https, so if XMLHTTP will handle https, I would be a very happy camper.

Plumsauce

I am using Windows Server. I have enabled Weblink method is that good enough. I find it is quiet simple and easy to integrate. Are there any shortcomings to it? Is it ok to use weblink in the long run.

I wouldn't - people can see your Authorize.Net username by viewing the source of the page. Not to mention they can tell you're using Authorize.Net. Plus there is no back-end functionality for updating scripts, etc... you're having Authorize.Net's servers do everything and relying on an e-mail receipt from them to determine whether an order came through or not. Do you log in and verify every order? Authorize.Net has been using a standard e-mail message for a while, occasionally I get fake ones that don't match up to an actual order in the system. If I relied on their merchant email receipt, I could have lost some serious cash over the years :(

Code coming up in next post ...

AUTH_NET_LOGIN = YOURLOGIN
AUTH_NET_PASSWORD = YOURPASSWORD
AMOUNT_TO_CHARGE = 25
INVOICE_NUMBER = 123456

CUST_ID= "1"
FIRST_NAME= "Joe"
LAST_NAME= "Blow"
CARD_NUMBER = "4111111111111111"
EXP_DATE = "0505"
ADDRESS= "123 4th Street"
ZIPCODE= "12345"
DESCRIPTION= "A description of whatever was purchased"

posturl = "https://secure.authorize.net/gateway/transact.dll"

xmlrequest = xmlrequest & "x_Version=3.1"
xmlrequest = xmlrequest & "&x_Delim_Data=True"
xmlrequest = xmlrequest & "&x_Login=" & AUTH_NET_LOGIN
xmlrequest = xmlrequest & "&x_Password=" & AUTH_NET_PASSWORD
xmlrequest = xmlrequest & "&x_Type=AUTH_CAPTURE"

xmlrequest = xmlrequest & "&x_Email_Merchant=True"
xmlrequest = xmlrequest & "&x_Email_Customer=False"
xmlrequest = xmlrequest & "&x_Test_Request=False"

xmlrequest = xmlrequest & "&x_Amount=" & AMOUNT_TO_CHARGE
xmlrequest = xmlrequest & "&x_Invoice_Num=" & INVOICE_NUMBER
xmlrequest = xmlrequest & "&x_Cust_id=" & CUST_ID
xmlrequest = xmlrequest & "&x_First_Name=" & FIRST_NAME
xmlrequest = xmlrequest & "&x_Last_Name=" & LAST_NAME
xmlrequest = xmlrequest & "&x_Card_Num=" & CARD_NUMBER
xmlrequest = xmlrequest & "&x_Exp_Date=" & EXP_DATE
xmlrequest = xmlrequest & "&x_Address=" & ADDRESS
xmlrequest = xmlrequest & "&x_Zip=" & ZIPCODE
xmlrequest = xmlrequest & "&x_Description=" & DESCRIPTION

Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
xml.open "post", posturl, false
xml.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xml.send xmlrequest

While (xml.readyState <> 4) AND (attempt < 50001)
xml.waitForResponse(1000)
attempt = (attempt + 1)
Wend

If xml.ReadyState <> 4 Then
call ErrorAlert("Time out waiting for remote server")
response.end
End If

' Get the response from Authorize.net
ResultHTML = xml.ResponseText

' Split the response into multiple strings
tResults = Split(ResultHTML,",")
responseCode = tResults(0)
responseReason = tResults(3)
AuthNetTransactionID = tResults(6)
Set xml = nothing

The "responseCode" string will be a 1, 2, or 3 - 1 is approved, 2 is declined, and 3 is error. responseReason will be the text associated with the failure, and AuthNetTransactionID is the unique ID authorize.net assigns to each successful transaction. In test mode this will be a zero.

Using this code you can request information from the visitor, shoot it over to Authorize.Net, and figure out their response while the user is still waiting at YOUR site. This is cool when you want to do stuff like send the user to a specific page based on whether they're approced or not, etc. Great for software purchases - if approved you can set a session variable or cookie that allows them access to the download area, sends them an e-mail with the file, etc. Pretty much limitless possibilties.

Set X_TEST_REQUEST to True and play with it in test mode for a little while. If there are any errors let me know, I re-wrote this from scratch this morning as I discovered my function had a lot more custom SQL code in it than I wanted to post here :P

[edited by: DaveAtIFG at 6:29 pm (utc) on June 11, 2004]
[edit reason] Corrected "posturl" string [/edit]

Thank you. I am sure that a lot of readers will benefit from your generosity, including myself of course.

Did you know that the current pdf does not even explicitly mention that the transaction is a POST operation? I had to find that out by searching the net because at first I thought it was a pure socket connection. Nice to have example code that illustrates the core operating requirements and mechanism.

Best Regards,

Plumsauce

As far as providers go, I've never used anyone but Thawte and Verisign. They provide the same functions (they're even the same company now) but the Thawte certificates are at $199 whereas Verisign are around $350 I think. I've never used GeoTrust so I can't give a recommendation for or against them, but I would say stay away from those $50 a year "budget" certs. I just have this thing about never buying the least expensive product. I've seen too many internet companies go out of business because they under-sold their product, and having a reliable SSL issuer is more important to me than saving $150 a year.

(By the way, GeoTrust isn't a budget certificate company I'm just saying I don't know anything about them - perhaps someone else on the board does)

Due to the lack of available resources about it, and since she was already putting so much time into it, she decided to set it up as a free download with plenty of comments and versatility to help others who must be running into similar problems. I'd checked with her previously about posting about it here, since I'm sure others will find it to be useful.

Earlier tonight, she let me know that the code has been released and ready for me to integrate into my site. She's calling it pANT (php Authorize Net webapp Thingamee) and set up a development site for it at www.digitalsorceress.com/pant/

I'm hoping, given that it's a free contribution and entirely on-topic, that this isn't against the TOS for me to post. However, if it is I'll be happy to remove the URL and just let those interested know by sticky mail.

Okay, so I know the original post asked about windows, but if you have a PHP site and can compile/install curl, I've just started an open source (GPL) project to help with the hard bits.

It's not meant to be a 100% ready-to-use application, but if you know some PHP and can either install or compile SSL-enabled curl on your site, it gets you most of the way there. My original intent was to just get Sunshyn a workable set of functions that she could use in her merchant terminal, but somewhere, due to sleep deprivation, and massive amounts of caffiene, It's sort of morphed into my first Open-Source GPL'ed project.

it's called pANT (php Authorize Net webapp Thingamee) ... did I mention sleep deprivation? *grin*

snipped URLs

** After reading the site terms of usage, I too am not sure if it was entirely appropriate for me to post the links and such. No offense was intended, and if it's deemed inappropriate, I'll gladly edit it out.

[edited by: DaveAtIFG at 6:45 pm (utc) on July 20, 2004]

(I haven't touched CF since version 4.5 and never did Ecommerse apps with it)

(I could probably make pANT function just like that tag - just one function call

$result = cf_like_auth_net_request($_POST);