Exploring Authorize.net Payment Gateway Options and integrating it with django

By : lakshman

Authorize.net has a user base of over 200k merchants making it the largest payment gateway service provider. Most e-commerce solutions already integrate with Authorize.net, including our favorite e-commerce store Satchmo, developed in django, that we have covered earlier.

However, many shopping portals still require custom development. The robust REST API Authorize.net offers (AIM and SIM) allows for integration with e-commerce merchants' websites.

The AIM API allows for the check out of the customer within the merchant's site, it requires SSL certificate for the merchants site and data is to be transferred in an 128-bit encrypted format.

The SIM API on the other hand allows for a hosted check out from Authorize.net's site. The appearance, look and feel, CSS, logos, header and footer of their site can be customised, so that users experience a similar interface.

Thus a merchant can perform, based on his business need, one of the following:

  1. Using the SIM API, perform the checkout and display the receipt on Authorize.net
  2. Using the SIM API perform the checkout on Authorize.net and display the receipt on merchant's site, by using relay response
  3. Using the SIM API obtain Authorization confirmation on Authorize.net and perform the checkout and display the recipt on the merchant's site
  4. Using AIM API, perform the entire checkout process on merchant's site
The third option above is interesting. The Authorize.net's SIM provides the flexibility to checkout on merchant's site for transactions, even without SSL, for the cost of a round trip of http handshakes, just like the Paypal's Express Checkout API.

Typically, users return back to the merchant site and where the receipt is displayed (case 2) or confirm at the merchant site (case 3). Lets examine the workflow for such a scenario.

  • Find the total amount payable by user, all inclusive. (incl taxes, shipping)
  • Generate the fingerprint of transaction, based on merchant login-id, invoice-number, time-stamp and amount using the MD5 hashing library.
  • Pre-populate all the hidden input form fields for the transaction on the template. (covered in detail, below)
  • Send the user to Authorize.net when they submit the form, with pre-populated values
  • After the authentication, the response is posted to merchant site
  • Verify for success in the response.
  • If you opted for payment on the authorize.net site itself, display the receipt.
  • If you have opted for check out at your site, Confirm payment from the user and submit a new request of x_type = 'PRIOR_AUTH_CAPTURE', also include the x_trans_id obtained in the response. (preferably as an AJAX request)
  • If error occurs or if customer cancels, submit a void request.
The integration essentially involves, sending a list of hidden fields in a form to the specified url:
  • Include the following Required fields in the form, set to appropriate values.

x_fp_hash                       The fingerprint

x_fp_timestamp             UTC time in seconds since epoch

x_fp_sequence             Invoice number, or a random number

x_login                           Login ID of merchant, provided by Authorize.net

x_show_form                  TRUE, to show form

x_amount                        Total Amount of the transaction

  • Set the response type, x_relay_response to TRUE, and url_response to the url that to which POST has to be posted- We prefer to use the same url which is submitting the request.
  • Set the x_type to Auth_only for a checkout at your site, or Auth_capture for a checkout at Authorize.net
  • Include Additional fields, where appropriate. Entire list of fields
  • Set the form submit to the Authorize.net specified url. Submissions go to: https://secure.authorize.net/gateway/transact.dll
The following view code should indicate how you should go about doing it:

import hmac,time,urllib,urllib2

def payment1(req):

<span style="font-weight: bold; color: rgb(0, 112, 32);">if</span> (req<span style="color: rgb(102, 102, 102);">.</span>method <span style="color: rgb(102, 102, 102);">==</span> <span style="color: rgb(64, 112, 160);">'GET'</span>):

    <span style="font-style: italic; color: rgb(96, 160, 176);">#Use these values in the template to pre-populate a form that submits</span>
    <span style="font-style: italic; color: rgb(96, 160, 176);">#these hidded fields to url http://secure.authorize.net/gateway/transact.dll</span>
    payload <span style="color: rgb(102, 102, 102);">=</span> {
        <span style="color: rgb(64, 112, 160);">'x_login'</span> : <span style="color: rgb(64, 112, 160);">'login-id'</span>,
        <span style="color: rgb(64, 112, 160);">'x_amount'</span> : <span style="color: rgb(64, 112, 160);">'100.00'</span>,
        <span style="color: rgb(64, 112, 160);">'x_show_form'</span> : <span style="color: rgb(64, 112, 160);">'PAYMENT_FORM'</span>,
        <span style="color: rgb(64, 112, 160);">'x_type'</span> : <span style="color: rgb(64, 112, 160);">'AUTH_CAPTURE'</span>,
        <span style="color: rgb(64, 112, 160);">'x_method'</span> : <span style="color: rgb(64, 112, 160);">'CC'</span>,
        <span style="color: rgb(64, 112, 160);">'x_fp_sequence'</span> : <span style="color: rgb(64, 112, 160);">'101'</span>,
        <span style="color: rgb(64, 112, 160);">'x_version'</span> : <span style="color: rgb(64, 112, 160);">'3.1'</span>,
        <span style="color: rgb(64, 112, 160);">'x_relay_response'</span> : <span style="color: rgb(64, 112, 160);">'TRUE'</span>,
        <span style="color: rgb(64, 112, 160);">'x_fp_timestamp'</span> : <span style="color: rgb(0, 112, 32);">str</span>(<span style="color: rgb(0, 112, 32);">int</span>(time<span style="color: rgb(102, 102, 102);">.</span>time())),

        <span style="font-style: italic; color: rgb(96, 160, 176);">#The same Url as the current one, whatever it is.</span>
        <span style="color: rgb(64, 112, 160);">'x_relay_url'</span> : reverse(<span style="color: rgb(64, 112, 160);">"payment_url"</span>)
        }

    msg <span style="color: rgb(102, 102, 102);">=</span> <span style="color: rgb(64, 112, 160);">'^'</span><span style="color: rgb(102, 102, 102);">.</span>join([params[<span style="color: rgb(64, 112, 160);">'x_login'</span>],
           params[<span style="color: rgb(64, 112, 160);">'x_fp_sequence'</span>],
           params[<span style="color: rgb(64, 112, 160);">'x_fp_timestamp'</span>],
           params[<span style="color: rgb(64, 112, 160);">'x_amount'</span>]
           ])<span style="color: rgb(102, 102, 102);">+</span><span style="color: rgb(64, 112, 160);">'^'</span>

    fingerprint <span style="color: rgb(102, 102, 102);">=</span> hmac<span style="color: rgb(102, 102, 102);">.</span>new(<span style="color: rgb(64, 112, 160);">'9LyEU8t87h9Hj49Y'</span>,msg)<span style="color: rgb(102, 102, 102);">.</span>hexdigest()
    payload[<span style="color: rgb(64, 112, 160);">'x_fp_hash'</span>] <span style="color: rgb(102, 102, 102);">=</span> fingerprint

    <span style="font-weight: bold; color: rgb(0, 112, 32);">return</span> render_to_response(<span style="color: rgb(64, 112, 160);">'template1.html'</span>, payload, RequestContext(request))

<span style="font-weight: bold; color: rgb(0, 112, 32);">else</span> <span style="font-weight: bold; color: rgb(0, 112, 32);">if</span> (req<span style="color: rgb(102, 102, 102);">.</span>method <span style="color: rgb(102, 102, 102);">==</span> <span style="color: rgb(64, 112, 160);">'POST'</span>):

    <span style="font-style: italic; color: rgb(96, 160, 176);">#Handle the response, Verify POST dictionary</span>
    <span style="font-weight: bold; color: rgb(0, 112, 32);">if</span>(req<span style="color: rgb(102, 102, 102);">.</span>post[x_response_code] <span style="color: rgb(102, 102, 102);">==</span> <span style="color: rgb(64, 160, 112);">1</span>) :
        <span style="font-style: italic; color: rgb(96, 160, 176);">#Success </span>
        <span style="font-style: italic; color: rgb(96, 160, 176);">#Display the receipt or</span>
        <span style="font-style: italic; color: rgb(96, 160, 176);">#Confirm from the user</span>
        <span style="font-weight: bold; color: rgb(0, 112, 32);">pass</span></pre>


Looking to develop an e-commerce website? We offer services. Get in touch.



Can we help you build amazing apps? Contact us today.

Topics : ecommerce
© Agiliq, 2009-2012