|
Authorize.net
Connect Script!
This script is listed @
The CGI Resource
Index
This script is listed @
ScriptSearch.com
Are you looking
to integrate payment into your site with Authorize.net?
We have the solutions. Web site owners need
ways to do more than give customers information on their services and products.
Many need to offer sales online.
Even if you
have an existing web site and would like to do the work yourself, we
offer solutions to meet your needs. We have developed a very
easy to implement cgi library for interfacing with Authorize.net
using the AIM method of integration.
The
Authorize.net connect script is available to outside parties for
$49.99. If we are designing and hosting your site, it will be
included in our design solutions for you.
For those
interested in more information, find below a reference on the script
and it's features. Please feel free to contact us with any
questions.
authorizenet_lib.pl
Documentation and
Reference Guide
Authorizenet_lib.pl - cgi library for interfacing with authorize.net
using the AIM (Direct Response) method by Chris Costa.
Table Of Contents:
INTRODUCTION
REQUIREMENTS FOR USE
FEATURES
CONFIGURING authorizenet_lib.pl FOR USE
TRANSACTION SUBMISSION USING authorizenet_lib.pl
USING RESPONSES
USING PRE-FORMATTED RESPONSE DISPLAYS
EXAMPLES
COMMENTS/SUGGESTIONS
INTRODUCTION
authorizenet_lib.pl is a cgi script that
allows easy integration to the Authorize.net payment gateway using their AIM
(Advanced Integration Method), or Direct Response method of connection.
Authorize.net highly recommends AIM as the
preferred method of connection for optimized security and flexibility, however
information on implementing this connection method is sparse at best. For
more informatoin on the AIM connection method, please reference the
"Advanced Integration Method (AIM) Implementation Guide" available
from Authorize.net. Although this reference gives all necessary details of
fields, field names, and responses, there is little information on actually
implementing AIM through your web site.
The authorizenet_lib.pl script allows very easy
integration of AIM with your web site. It is not intended as a complete
transaction processing system, however with this script implementing the AIM
method is actually easier than implementing the Authorize.net SIM method (Simple
Integration Method). There is no need to assemble data twice (as you need
to do with SIM, once outgoing and again for the post back), and this script yields a much more flexible system.
This script, in addition to allowing easy
integration of AIM, has some built in features to allow easy display of
transaction results. An error display page is built in, and in addition to
displaying the results from Authorize.net, it also appends a more detailed message relating to
errors and offers suggestions for correction to the customer. This is much better than the
generic and sometimes confusing error messages received with the SIM
method. You may also tailor these messages to your specific needs.
Transaction success messages are
pre-formatted in either a complete page display, complete display variable, or
receipt information variable which can easily be included in a receipt page
designed by you.
Summary - If you are considering using
Authorize.net as your payment gateway and are looking at using the SIM method
because you do not have the resources to develop applications to allow the AIM
method (namely the ability to develop a script to initiate secure SSL
client-site and server-side connections), this script will allow you to connect
using AIM with implementation ease comparable if not easier than the SIM
method. It also formats the responses from Authorize.net so they are easy
to use and offers some built in features for results display.
::BACK TO TOP::
REQUIREMENTS FOR USE
Use of this script requires that your
hosting server have installed:
-
Perl v5.004
-
A secure
server (SSL Certificate)
-
Net::SSLeay - (Net::SSLeay also requires the SSLeay or OpenSSL packages,
visit http://www.openssl.org for
information)
This script has been tested on UNIX
systems, use on other systems may require modification and cannot be guaranteed.
Contact your hosting company to check if
you have the requirements above. If Net:SSLeay is not currently installed
on your server, many hosting companies will install it simply if you
ask them to. They may obtain Net::SSLeay from http://www.cpan.org/
::BACK TO TOP::
FEATURES
authorizenet_lib.pl offers these features:
-
Ease of implementation - If you
can set up basic form processing scripts such as necessary for the SIM
implementation, then you can configure this script for AIM. It is not a
complete transaction processing system, and does require some knowledge in
setting up and configuring cgi scripts, html forms, as well as an
understanding of the Authorize.net system and it's required fields
(reference the Authorize.net documentation).
-
Uses the AIM method, which is the
preferred method recommended by Authorize.net.
-
The customer never leaves your web
site using the AIM method. This means they do not need to bounce
from your site to the authorize.net site and back again. This results in less buttons to press,
less pages to view for the customer, and keeps you in control of their experience.
-
Formats the Authorize.net responses - this
allows you to easily use the information received back from Authorize.net
not only to determine if the transaction was successful, but also to use the
information received for display/logging/etc.
-
Pre-formatted results display - this
allows you to display the results of the transaction selectively. You
may choose the pre-formatted success page or design your own using the
returned responses formatted for easy use. You may use the
pre-formatted error page, or again use the returned responses formatted for
easy use in your own html pages.
-
Additional information for error
messages - the default errors displayed by Authorize.net sometimes leave a
bit to be desired. Customers receiving error messages sometimes
misinterpret them or don't understand the outcome of the transaction or what to do next.
This script adds additional text to the error messages from Authorize.net to
further explain what happened and, if applicable, offer suggestions.
This text is also customizable by editing the contents of the script if you
choose to do so.
-
Pre-formatted results variables - this
script takes the results from Authorize.net and places each one into a
corresponding variable which can then be called easily for display in html
pages or for logging/emails, etc.
-
Security - using the AIM method allows
you to operate your authorize.net account in "password required"
mode. Your login and password is passed by the script for every
transaction. Your login information is added to the rest of the
information you collect in your forms automatically by this script just
before transmission to authorize.net and is deleted from the list of defined
variables right after transmission for enhanced security.
::BACK TO TOP::
CONFIGURING
authorizenet_lib.pl FOR USE
Setting this script up for use is extremely
easy. In the top of the script there are user variables that you must set
prior to use. Set them, upload to your server and you're ready to use
authorizenet_lib.pl
Complete list of user variables:
The following variable may or may not be
required in your implementation:
Next, we will set version, login, and
password by replacing the appropriate variables in quotes below. These variables are set inside the script, invisible
to the user, and should never be passed in your forms or the html code of your
pages where they may be seen:
And last, these variables should not be
changed unless changes with the Authorize.net systems require modification:
That's it! These variables complete
the configuration section.
In addition, you must make one
configuration setting in your Authorize.net control panel. Log into your
account, under Settings>>Direct Response (or AIM):
::BACK TO TOP::
TRANSACTION SUBMISSION USING authorizenet_lib.pl
Submitting transactions to authorize.net is
equally easy and occurs in two steps.
Step 1 - require the authorizenet_lib.pl
file in your form processing script:
Step 2 - Call the subroutine to process the
charges by passing a reference to the information:
-
Simply call the authorize
subroutine like this:
where FORM is the name of the hash holding all of the
information needed by authorize.net (as well as any additional information
you may require or desire). Notice the need for the backslash \ before the
%hash name to pass as a reference.
Example - if your form data is
stored in a %form_data hash (you reference the information as $form_data{fieldname})
then you would call &authorize(\%form_data);
If your form data is stored in
a %FORM hash (you reference the information as $FORM{fieldname}), you would
call &authorize(\%FORM);
If your form data is stored in
a %in hash (you reference the information as $in{fieldname}), you would call
&authorize(\%in);
That's it. This will run through the
authorizenet_lib.pl script subroutine to connect, submit, and receive response
for the transaction.
::BACK TO TOP::
USING RESPONSES
The authorizenet_lib.pl authorize
subroutine receives and formats the response so that it may be used in a variety
of ways. Available after submission are the following:
-
All Authorize.net data in the
@response array. This is the unformatted reply data from the
transaction. Reference the Authorize.net AIM implementation guide if
you wish to use the data in this array, each position in the array holds
specific information. This information is also formatted as described
below for easier use. It is likely you will never use the @response
array in favor of the results formatted by the authorizenet_lib.pl script
below.
-
Basic result message is
returned in these variables:
-
$result{'result'} =
Approved, Declined or Error
-
$result{'Transaction ID'}
= Transaction ID (only if successful)
-
$result{'reason_text'} =
system generated brief text description
-
$result{'reason_subtext'} =
user defined text to provide more information about errors and possible
suggestions. This text is set by the authorizenet_lib.pl script.
-
All Authorize.net data is
formatted into the %anet_resp hash with field names corresponding to the
Authorize.net AIM implementation guide. Field names are as shown in
the implementation guide, however no spaces are used and are replaced with
an underscore_.
Examples:
-
Authorize.net documentation notes position 1 response is:
"Response Code".
This script will assign that response to:
$anet_resp{Response_Code}
-
Authorize.net documentation notes position 5 response is:
"Approval Code".
This script will assign that response to:
$anet_resp{Approval_Code}
-
Authorize.net documentation notes position 7 response is:
"Transaction ID".
This script will assign that response to:
$anet_resp{Transaction_ID}
For a complete list of the assignments, reference
the Authorize.net AIM implementation guide and reference the sub format_auth_resp
in the authorizenet_lib.pl file, which is where the assignments take place.
You may use any of these variables in any way you
wish, displaying them in html pages, writing them to log files, sending them via
email, etc.
::BACK TO TOP::
USING PRE-FORMATTED RESPONSE DISPLAYS
In addition to the variables listed above
that are available after submission, the authorizenet_lib.pl script also offers
some pre-formatted response displays. These response displays are grouped
into two categories - errors and success.
Errors:
-
Errors are displayed by
calling the &show_anet_error subroutine. Simply calling &show_anet_error;
will output a pre-formatted html page notifying of the transaction result,
reason text, and reason subtext if applicable. This makes for a
very easy and efficient way to display unsuccessful transaction results with
no work at all on your part.
-
In addition to this base
output, the results may be assigned to a variable by calling the subroutine
as $variable = &show_anet_error("no"); You may then
print the $variable where and how you would like to.
Success:
-
Success is displayed by
calling the &show_anet_success subroutine. Simply calling &show_anet_success;
will output a pre-formatted html page notifying of the transaction result
and displaying simliar to the following with the transaction values for each
field:
-
In addition to this base
output there are two other options for displaying success, the first is the
ability to assign the output to a variable as above by calling
$variable=&show_anet_success("no"); You may then print
$variable when and how you would like to.
-
The third option is to assign
just certain display values to a variable for outputting a receipt.
These variables are:
-
Amount: $anet_resp{Amount}
-
Response: $anet_resp{Response_Reason_Text}
-
Authorization Code:
$anet_resp{Approval_Code}
-
Transaction ID: $anet_resp{Transaction_ID}
-
AVS: $anet_resp{AVS_Result_Code}
To retrieve a pre-formatted
list of these variables with the transaction results for the specific
transaction, you would call the success routine as:
$variable = &show_anet_success("receipt");
The $variable
would then be available for use in a custom receipt page.
::BACK TO TOP::
EXAMPLES
This section will serve to provide you with
some example usages of the authorizenet_lib.pl script including some basic usage
of the output of the script.
The first step in using the script will
always be gathering information from a form. You should refer to the
Authorize.net documentation for required fields for submission including, but
not limited to, "x_Amount", "x_Card_Num", "x_Exp_Date".
Remember that in gathering your information
you do not need to worry about your login ID, or your password. These are
stored in the script and should not be passed any other way where they will be
visible in the source code of the html page. Once you have gathered your required
information, you would post to your form processing script. In your form
processing script you would add code to do the following:
First, we must recognize when we wish to
place charges. To do this you may assign a hidden field to your form as
such:
<input type="hidden"
name="placecharge" value="yes">
Then in your form processing script you
will recognize when you wish to process charges such as:
if ($FORM{placecharge} eq "yes"){
Alternately, you may use one specific
form processing script solely to receive charge requests. You may also
add code for enhanced security such as referrer checks, or MD5
verification code.
Then, to go about submitting
the transaction you would use something similar to the following:
#Now we recognize we want to place a charge,
# we will do the following:
#1) print "authorizing charges" to let the user know something is
happening
#2) call and authorize using the authorizenet_lib.pl script
#3) print "receiving response" to let the user know things are
happening
#4) display thank you receipt page or error page
print "Content-Type: text/html\n\n"; #not needed if done earlier in the
script.
#1)
print qq~
Authorizing Charges.....<br><br>
~;
#2)
## require the authorizenet_lib.pl file and do the charge:
require "../cgi-bin/authorizenet_lib.pl";
&authorize(\%FORM);
#3)
print qq~
Receiving Response.....
~;
#4) If Good
if ($result{result} eq
"Approved"){
&show_anet_success;
}else{
#4) If Bad, show error message
&show_anet_error;
exit;
} # end if response
} # end if placecharge
This is a very simple, but effective
implementation for transaction processing. It will notify of errors, or
place a success page on the screen if approved.
Another more customized implementation of
the success routine would be:
if ($result{result} eq
"Approved"){
$receipt = &show_anet_success("receipt");
print qq~
<p align="center">
<b>Company Name<br>
Company Address<br>
Company City, State, Zip<br>
Tel: 555-555-5555</b></p>
<p><b>$receipt<br><br>
Thank you!</b></p>
~;
#here we could also do more with the results such as log to a log file, send via email, etc..
exit;
}else{
&show_anet_error;
exit;
}# end if response
There are many more ways of using
the results returned from the call to authorizenet_lib.pl such as including them
in a custom html invoice page with details of the order, etc.
Thank you for your interest!
COMMENTS/SUGGESTIONS
Questions or comments may be directed to
the author Chris Costa at: Chris (at) getyourstoreonline.com
::BACK TO TOP::
|
