Monday, June 26, 2017
Link Link Link

Site Design by

Authorize.net Connect Script!

This script is listed @ The CGI Resource Index

This script is listed @ ScriptSearch.com

Are you looking to integrate payment into your site with Authorize.net?

We have the solutions.  Web site owners need ways to do more than give customers information on their services and products.  Many need to offer sales online.

Even if you have an existing web site and would like to do the work yourself, we offer solutions to meet your needs.  We have developed a very easy to implement cgi library for interfacing with Authorize.net using the AIM method of integration.

The Authorize.net connect script is available to outside parties for $49.99.  If we are designing and hosting your site, it will be included in our design solutions for you.


You may purchase the Authorize.net connect script via PayPal here:

(Download is not automatic, scripts are sent out daily - please indicate in the notes if you would like us to send the script to a different address than is listed on your PayPal account)

For those interested in more information, find below a reference on the script and it's features.  Please feel free to contact us with any questions.


Documentation and Reference Guide
Authorizenet_lib.pl - cgi library for interfacing with authorize.net
using the AIM (Direct Response) method by Chris Costa.

Table Of Contents:




CONFIGURING authorizenet_lib.pl FOR USE







authorizenet_lib.pl is a cgi script that allows easy integration to the Authorize.net payment gateway using their AIM (Advanced Integration Method), or Direct Response method of connection.

Authorize.net highly recommends AIM as the preferred method of connection for optimized security and flexibility, however information on implementing this connection method is sparse at best.  For more informatoin on the AIM connection method, please reference the "Advanced Integration Method (AIM) Implementation Guide" available from Authorize.net.  Although this reference gives all necessary details of fields, field names, and responses, there is little information on actually implementing AIM through your web site.

The authorizenet_lib.pl script allows very easy integration of AIM with your web site.  It is not intended as a complete transaction processing system, however with this script implementing the AIM method is actually easier than implementing the Authorize.net SIM method (Simple Integration Method).  There is no need to assemble data twice (as you need to do with SIM, once outgoing and again for the post back), and this script yields a much more flexible system.  

This script, in addition to allowing easy integration of AIM, has some built in features to allow easy display of transaction results.  An error display page is built in, and in addition to displaying the results from Authorize.net, it also appends a more detailed message relating to errors and offers suggestions for correction to the customer.  This is much better than the generic and sometimes confusing error messages received with the SIM method.  You may also tailor these messages to your specific needs.

Transaction success messages are pre-formatted in either a complete page display, complete display variable, or receipt information variable which can easily be included in a receipt page designed by you.

Summary - If you are considering using Authorize.net as your payment gateway and are looking at using the SIM method because you do not have the resources to develop applications to allow the AIM method (namely the ability to develop a script to initiate secure SSL client-site and server-side connections), this script will allow you to connect using AIM with implementation ease comparable if not easier than the SIM method.  It also formats the responses from Authorize.net so they are easy to use and offers some built in features for results display.



Use of this script requires that your hosting server have installed:

  • Perl v5.004

  • A secure server (SSL Certificate)

  • Net::SSLeay - (Net::SSLeay also requires the SSLeay or OpenSSL packages, visit http://www.openssl.org for information)

This script has been tested on UNIX systems, use on other systems may require modification and cannot be guaranteed.

Contact your hosting company to check if you have the requirements above.  If Net:SSLeay is not currently installed on your server, many hosting companies will install it simply if you ask them to.  They may obtain Net::SSLeay from http://www.cpan.org/ 



authorizenet_lib.pl offers these features:

  • Ease of implementation -  If you can set up basic form processing scripts such as necessary for the SIM implementation, then you can configure this script for AIM.  It is not a complete transaction processing system, and does require some knowledge in setting up and configuring cgi scripts, html forms, as well as an understanding of the Authorize.net system and it's required fields (reference the Authorize.net documentation).

  • Uses the AIM method, which is the preferred method recommended by Authorize.net.

  • The customer never leaves your web site using the AIM method.  This means they do not need to bounce from your site to the authorize.net site and back again.  This results in less buttons to press, less pages to view for the customer, and keeps you in control of their experience.

  • Formats the Authorize.net responses - this allows you to easily use the information received back from Authorize.net not only to determine if the transaction was successful, but also to use the information received for display/logging/etc.

  • Pre-formatted results display - this allows you to display the results of the transaction selectively.  You may choose the pre-formatted success page or design your own using the returned responses formatted for easy use.  You may use the pre-formatted error page, or again use the returned responses formatted for easy use in your own html pages.

  • Additional information for error messages - the default errors displayed by Authorize.net sometimes leave a bit to be desired.  Customers receiving error messages sometimes misinterpret them or don't understand the outcome of the transaction or what to do next.  This script adds additional text to the error messages from Authorize.net to further explain what happened and, if applicable, offer suggestions.  This text is also customizable by editing the contents of the script if you choose to do so.

  • Pre-formatted results variables - this script takes the results from Authorize.net and places each one into a corresponding variable which can then be called easily for display in html pages or for logging/emails, etc.

  • Security - using the AIM method allows you to operate your authorize.net account in "password required" mode.  Your login and password is passed by the script for every transaction.  Your login information is added to the rest of the information you collect in your forms automatically by this script just before transmission to authorize.net and is deleted from the list of defined variables right after transmission for enhanced security.


CONFIGURING authorizenet_lib.pl FOR USE

Setting this script up for use is extremely easy.  In the top of the script there are user variables that you must set prior to use.  Set them, upload to your server and you're ready to use authorizenet_lib.pl

Complete list of user variables:

The following variable may or may not be required in your implementation:

Next, we will set version, login, and password by replacing the appropriate variables in quotes below.  These variables are set inside the script, invisible to the user, and should never be passed in your forms or the html code of your pages where they may be seen:

  • # required Authorize.net information:
    %ANET = ("x_Version" => "3.1",
    "x_Login" => "yourloginhere",
    "x_Password" => "yourpasswordhere");

And last, these variables should not be changed unless changes with the Authorize.net systems require modification:

  • # The Authorize.net post url, script and port
    $anethost = "secure.authorize.net";
    $anetscript = "/gateway/transact.dll";
    $anetport = "443"; 

That's it!  These variables complete the configuration section.  

In addition, you must make one configuration setting in your Authorize.net control panel.  Log into your account, under Settings>>Direct Response (or AIM):

  • Delimited Response - Choose "yes"

  • Default Field Seperator - Choose "|(pipe)"



Submitting transactions to authorize.net is equally easy and occurs in two steps.

Step 1 - require the authorizenet_lib.pl file in your form processing script:

  • Simply place a line like this in your processing script just before you wish to process charges:

    • require "../cgi-bin/authorizenet_lib.pl";

Step 2 - Call the subroutine to process the charges by passing a reference to the information:

  • Simply call the authorize subroutine like this:

    • &authorize(\%FORM); 

    where FORM is the name of the hash holding all of the information needed by authorize.net (as well as any additional information you may require or desire).  Notice the need for the backslash \ before the %hash name to pass as a reference.

    Example - if your form data is stored in a %form_data hash (you reference the information as $form_data{fieldname}) then you would call &authorize(\%form_data);

    If your form data is stored in a %FORM hash (you reference the information as $FORM{fieldname}), you would call &authorize(\%FORM);

    If your form data is stored in a %in hash (you reference the information as $in{fieldname}), you would call &authorize(\%in);

That's it.  This will run through the authorizenet_lib.pl script subroutine to connect, submit, and receive response for the transaction.



The authorizenet_lib.pl authorize subroutine receives and formats the response so that it may be used in a variety of ways.  Available after submission are the following:

  • All Authorize.net data in the @response array.  This is the unformatted reply data from the transaction.  Reference the Authorize.net AIM implementation guide if you wish to use the data in this array, each position in the array holds specific information.  This information is also formatted as described below for easier use.  It is likely you will never use the @response array in favor of the results formatted by the authorizenet_lib.pl script below.

  • Basic result message is returned in these variables:

    • $result{'result'} = Approved, Declined or Error

    • $result{'Transaction ID'} = Transaction ID (only if successful)

    • $result{'reason_text'} = system generated brief text description

    • $result{'reason_subtext'} = user defined text to provide more information about errors and possible suggestions.  This text is set by the authorizenet_lib.pl script.

  • All Authorize.net data is formatted into the %anet_resp hash with field names corresponding to the Authorize.net AIM implementation guide.  Field names are as shown in the implementation guide, however no spaces are used and are replaced with an underscore_.


    •  Authorize.net documentation notes position 1 response is:
      "Response Code".  
      This script will assign that response to:

    • Authorize.net documentation notes position 5 response is:
      "Approval Code".  
      This script will assign that response to:

    • Authorize.net documentation notes position 7 response is: 
      "Transaction ID".  
      This script will assign that response to: 

    For a complete list of the assignments, reference the Authorize.net AIM implementation guide and reference the sub format_auth_resp in the authorizenet_lib.pl file, which is where the assignments take place. 

You may use any of these variables in any way you wish, displaying them in html pages, writing them to log files, sending them via email, etc.



In addition to the variables listed above that are available after submission, the authorizenet_lib.pl script also offers some pre-formatted response displays.  These response displays are grouped into two categories - errors and success.


  • Errors are displayed by calling the &show_anet_error subroutine.  Simply calling &show_anet_error; will output a pre-formatted html page notifying of the transaction result, reason text, and reason subtext if applicable.  This makes for a very easy and efficient way to display unsuccessful transaction results with no work at all on your part.

  • In addition to this base output, the results may be assigned to a variable by calling the subroutine as $variable = &show_anet_error("no");  You may then print the $variable where and how you would like to.


  • Success is displayed by calling the &show_anet_success subroutine.  Simply calling &show_anet_success; will output a pre-formatted html page notifying of the transaction result and displaying simliar to the following with the transaction values for each field:

    • Cardholder: John Doe

    • Response: This transaction has been approved.

    • Authorization Code: 000000

    • Transaction ID:0000

    • Address Verification: P

    • Amount: 1.00

  • In addition to this base output there are two other options for displaying success, the first is the ability to assign the output to a variable as above by calling $variable=&show_anet_success("no");  You may then print $variable when and how you would like to.

  • The third option is to assign just certain display values to a variable for outputting a receipt.  These variables are:

    • Amount: $anet_resp{Amount}

    • Response: $anet_resp{Response_Reason_Text}

    • Authorization Code: $anet_resp{Approval_Code}

    • Transaction ID: $anet_resp{Transaction_ID}

    • AVS: $anet_resp{AVS_Result_Code}

    To retrieve a pre-formatted list of these variables with the transaction results for the specific transaction, you would call the success routine as:  
    $variable = &show_anet_success("receipt");  
    The $variable would then be available for use in a custom receipt page.



This section will serve to provide you with some example usages of the authorizenet_lib.pl script including some basic usage of the output of the script.

The first step in using the script will always be gathering information from a form.  You should refer to the Authorize.net documentation for required fields for submission including, but not limited to, "x_Amount", "x_Card_Num", "x_Exp_Date".

Remember that in gathering your information you do not need to worry about your login ID, or your password.  These are stored in the script and should not be passed any other way where they will be visible in the source code of the html page.  Once you have gathered your required information, you would post to your form processing script.  In your form processing script you would add code to do the following:

First, we must recognize when we wish to place charges.  To do this you may assign a hidden field to your form as such:

<input type="hidden" name="placecharge" value="yes">

Then in your form processing script you will recognize when you wish to process charges such as:

if ($FORM{placecharge} eq "yes"){

Alternately, you may use one specific form processing script solely to receive charge requests.  You may also add code for enhanced security such as referrer checks, or MD5 verification code.

Then, to go about submitting the transaction you would use something similar to the following:

#Now we recognize we want to place a charge,
# we will do the following:
#1) print "authorizing charges" to let the user know something is happening
#2) call and authorize using the authorizenet_lib.pl script
#3) print "receiving response" to let the user know things are happening
#4) display thank you receipt page or error page

print "Content-Type: text/html\n\n"; #not needed if done earlier in the script.

print qq~
Authorizing Charges.....<br><br>
## require the authorizenet_lib.pl file and do the charge:
require "../cgi-bin/authorizenet_lib.pl";
print qq~
Receiving Response.....

#4) If Good
if ($result{result} eq "Approved"){
#4) If Bad, show error message
} # end if response

} # end if placecharge

This is a very simple, but effective implementation for transaction processing.  It will notify of errors, or place a success page on the screen if approved.

Another more customized implementation of the success routine would be:

if ($result{result} eq "Approved"){
$receipt = &show_anet_success("receipt");

print qq~
<p align="center">
<b>Company Name<br>
Company Address<br>
Company City, State, Zip<br>
Tel: 555-555-5555</b></p>
Thank you!</b></p>

#here we could also do more with the results such as log to a log file, send via email, etc..

}# end if response

  There are many more ways of using the results returned from the call to authorizenet_lib.pl such as including them in a custom html invoice page with details of the order, etc.

Thank you for your interest!


Questions or comments may be directed to the author Chris Costa at: Chris (at) getyourstoreonline.com