@title;noquote@ @signatory;noquote@
@context_bar;noquote@[ Administer ]
@context_bar;noquote@

Why

The @package_name@ implements the Payment Service Contract for the Authorize.net on-line merchant services.

Background

Since the development of the ecommerce package VeriSign bought the CyberCash credit card acceptance service that the ecommerce package was build upon. VeriSign merged the CyberCash API with their own product PayflowPro which left the ecommerce package without a functioning credit card service.

Janine Sisk of furfly.net and Bart Teeuwisse teamed up to design a general purpose payment service contract and to create the first implementations of the contract. Janine developed the interface to PayflowPro the successor of CyberCash while Bart created the gateway to Authorize.net.

Berklee College Of Music sponsored the creation of the @package_name@ and the integration with the ecommerce package.

Usage

Note: This release has been developed on PostgreSQL only. Please report any problems you might find in the OpenACS SDM. The SDM can also be used to contribute patches to the @package_name@ package (for example to add Oracle support).

The @package_name@ requires nsopenssl and dqd_utils to be installed. Nsopenssl provides the ns_httpsget and ns_httpspost instructions to connect to the secure Authorize.net Direct Connect server. Dqd_utils provides the dqd_md5 instruction to validate the response from the Authorize.net Direct Connect server. Please follow the installation instructions included with these packages.

The @package_name@ is the intermediary between OpenACS packages and the Authorize.net credit card acceptance services. This gateway accepts calls to the Payment Service Contract operations, forwards the information to Authorize.net and decodes the response before returning the outcome back to the calling package while keeping a log of all communication with Authorize.net. The log is accessible from the @package_name@ administration.

The @package_name@ needs to be configured before it can connect to Authorize.net and access your account with Authorize.net. Configuration is via @package_name@ parameters. The package has 9 parameters:

  1. CreditCardsAccepted

    A list of credit cards accepted by your Authorize.net account. Calling applications can use this list of overwrite it with their own list so that applications can choose to accept only a subset of the cards your Authorize.net account can handle.

  2. description

    The description of the transaction as it will appear on the customer's statement. E.g. 'ACME Widgets'

  3. test_request

    Switch the communication with Authorize.net over to Test mode. Useful to test the communication with Authorize.net from the calling package. The default value is 'False'.

    Note: Transactions authorized in test mode do not return a valid transaction ID and will fail they are being post-authorized.

  4. authorize_url

    The location (URL) of the Authorize.net Gateway. Unless you received a different location from Authorize.net there is no need to change the default value.

  5. referer_url

    The location (URL) of your web site where the communication with Authorize.net originates from. This URL be listed as a valid ADC URL in the list of accepted referers in the ADC settings. Do not leave this secret blank, it ensures the requests received by Authorize.net are coming from the @package_name@ and not some spoof.

  6. authorize_login

    Your login name to Authorize.net. This is the same login ID that you use to login to the Authorize.net virtual terminal.

  7. authorize_password

    The password to your Authorize.net account. This is the same login ID that you use to login to the Authorize.net virtual terminal.

    Advice: Keep your login name and the login password secret as they give access all credit card transactions including all credit card numbers of the cards used in the transactions. Make sure to secure the access to the OpenACS admin pages with SSL.

  8. md5_secret

    The MD5 Hash Secret from the Automated Direct Connect (ADC) settings in Authorize.net. This secret should have the same value your secret in the ADC settings. Do not leave this secret blank, it ensures that the @package_name@ is really talking to Authorize.net and not some spoof.

  9. field_encapsulator

    The field encapsulation character in the Automated Direct Connect (ADC) settings of Authorize.net. You can opt to use a field encapsulation character to wrap around the elements in the response from Authorize.net. It reduces the risk that unusual characters in the data send to Authorize.net and echoed back trip the decoding of the response. With only a field separator it is possible that the decoding is disrupted by a name or address field containing the same character as the field separator. If you choose to use a field encapsulator make sure that the value is same as the value in the ADC settings.

  10. field_seperator

    The field seperator in Automated Direct Connect (ADC) Settings of Authorize.net. This is the character that delimits the elements in the response from Authorize.net. It is advisable to also use a field encapsulator. Make sure that the value is same as the value in the ADC settings.

API Reference

The Payment Service Contract explains the API to other packages in detail.

Visit the Authorize.net developer documentation for in-depth coverage of the Authorize.net API that this package interfaces to. Be sure to check out the additional security measures you can take.

Credits

The @package_name@ was designed and written by Bart Teeuwisse for Berklee College Of Music while working as a subcontractor for furfly.net.

The @package_name@ is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

The @package_name@ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

A copy of the GNU General Public License is included. If not write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA