Exploring Authorize.net Payment Gateway Options and integrating it with django

By : lakshman

Authorize.net has a user base of over 200k merchants making it the largest payment gateway service provider. Most e-commerce solutions already integrate with Authorize.net, including our favorite e-commerce store Satchmo, developed in django, that we have covered earlier.

However, many shopping portals still require custom development. The robust REST API Authorize.net offers (AIM and SIM) allows for integration with e-commerce merchants' websites.

The AIM API allows for the check out of the customer within the merchant's site, it requires SSL certificate for the merchants site and data is to be transferred in an 128-bit encrypted format.

The SIM API on the other hand allows for a hosted check out from Authorize.net's site. The appearance, look and feel, CSS, logos, header and footer of their site can be customised, so that users experience a similar interface.

Thus a merchant can perform, based on his business need, one of the following:

  1. Using the SIM API, perform the checkout and display the receipt on Authorize.net
  2. Using the SIM API perform the checkout on Authorize.net and display the receipt on merchant's site, by using relay response
  3. Using the SIM API obtain Authorization confirmation on Authorize.net and perform the checkout and display the recipt on the merchant's site
  4. Using AIM API, perform the entire checkout process on merchant's site
The third option above is interesting. The Authorize.net's SIM provides the flexibility to checkout on merchant's site for transactions, even without SSL, for the cost of a round trip of http handshakes, just like the Paypal's Express Checkout API.

Typically, users return back to the merchant site and where the receipt is displayed (case 2) or confirm at the merchant site (case 3). Lets examine the workflow for such a scenario.

  • Find the total amount payable by user, all inclusive. (incl taxes, shipping)
  • Generate the fingerprint of transaction, based on merchant login-id, invoice-number, time-stamp and amount using the MD5 hashing library.
  • Pre-populate all the hidden input form fields for the transaction on the template. (covered in detail, below)
  • Send the user to Authorize.net when they submit the form, with pre-populated values
  • After the authentication, the response is posted to merchant site
  • Verify for success in the response.
  • If you opted for payment on the authorize.net site itself, display the receipt.
  • If you have opted for check out at your site, Confirm payment from the user and submit a new request of x_type = 'PRIOR_AUTH_CAPTURE', also include the x_trans_id obtained in the response. (preferably as an AJAX request)
  • If error occurs or if customer cancels, submit a void request.
The integration essentially involves, sending a list of hidden fields in a form to the specified url:
  • Include the following Required fields in the form, set to appropriate values.

x_fp_hash                       The fingerprint

x_fp_timestamp             UTC time in seconds since epoch

x_fp_sequence             Invoice number, or a random number

x_login                           Login ID of merchant, provided by Authorize.net

x_show_form                  TRUE, to show form

x_amount                        Total Amount of the transaction

  • Set the response type, x_relay_response to TRUE, and url_response to the url that to which POST has to be posted- We prefer to use the same url which is submitting the request.
  • Set the x_type to Auth_only for a checkout at your site, or Auth_capture for a checkout at Authorize.net
  • Include Additional fields, where appropriate. Entire list of fields
  • Set the form submit to the Authorize.net specified url. Submissions go to: https://secure.authorize.net/gateway/transact.dll
The following view code should indicate how you should go about doing it:

import hmac,time,urllib,urllib2

def payment1(req):

<span style="font-weight: bold; color: rgb(0, 112, 32);">if</span> (req<span style="color: rgb(102, 102, 102);">.</span>method <span style="color: rgb(102, 102, 102);">==</span> <span style="color: rgb(64, 112, 160);">'GET'</span>):

    <span style="font-style: italic; color: rgb(96, 160, 176);">#Use these values in the template to pre-populate a form that submits</span>
    <span style="font-style: italic; color: rgb(96, 160, 176);">#these hidded fields to url http://secure.authorize.net/gateway/transact.dll</span>
    payload <span style="color: rgb(102, 102, 102);">=</span> {
        <span style="color: rgb(64, 112, 160);">'x_login'</span> : <span style="color: rgb(64, 112, 160);">'login-id'</span>,
        <span style="color: rgb(64, 112, 160);">'x_amount'</span> : <span style="color: rgb(64, 112, 160);">'100.00'</span>,
        <span style="color: rgb(64, 112, 160);">'x_show_form'</span> : <span style="color: rgb(64, 112, 160);">'PAYMENT_FORM'</span>,
        <span style="color: rgb(64, 112, 160);">'x_type'</span> : <span style="color: rgb(64, 112, 160);">'AUTH_CAPTURE'</span>,
        <span style="color: rgb(64, 112, 160);">'x_method'</span> : <span style="color: rgb(64, 112, 160);">'CC'</span>,
        <span style="color: rgb(64, 112, 160);">'x_fp_sequence'</span> : <span style="color: rgb(64, 112, 160);">'101'</span>,
        <span style="color: rgb(64, 112, 160);">'x_version'</span> : <span style="color: rgb(64, 112, 160);">'3.1'</span>,
        <span style="color: rgb(64, 112, 160);">'x_relay_response'</span> : <span style="color: rgb(64, 112, 160);">'TRUE'</span>,
        <span style="color: rgb(64, 112, 160);">'x_fp_timestamp'</span> : <span style="color: rgb(0, 112, 32);">str</span>(<span style="color: rgb(0, 112, 32);">int</span>(time<span style="color: rgb(102, 102, 102);">.</span>time())),

        <span style="font-style: italic; color: rgb(96, 160, 176);">#The same Url as the current one, whatever it is.</span>
        <span style="color: rgb(64, 112, 160);">'x_relay_url'</span> : reverse(<span style="color: rgb(64, 112, 160);">"payment_url"</span>)

    msg <span style="color: rgb(102, 102, 102);">=</span> <span style="color: rgb(64, 112, 160);">'^'</span><span style="color: rgb(102, 102, 102);">.</span>join([params[<span style="color: rgb(64, 112, 160);">'x_login'</span>],
           params[<span style="color: rgb(64, 112, 160);">'x_fp_sequence'</span>],
           params[<span style="color: rgb(64, 112, 160);">'x_fp_timestamp'</span>],
           params[<span style="color: rgb(64, 112, 160);">'x_amount'</span>]
           ])<span style="color: rgb(102, 102, 102);">+</span><span style="color: rgb(64, 112, 160);">'^'</span>

    fingerprint <span style="color: rgb(102, 102, 102);">=</span> hmac<span style="color: rgb(102, 102, 102);">.</span>new(<span style="color: rgb(64, 112, 160);">'9LyEU8t87h9Hj49Y'</span>,msg)<span style="color: rgb(102, 102, 102);">.</span>hexdigest()
    payload[<span style="color: rgb(64, 112, 160);">'x_fp_hash'</span>] <span style="color: rgb(102, 102, 102);">=</span> fingerprint

    <span style="font-weight: bold; color: rgb(0, 112, 32);">return</span> render_to_response(<span style="color: rgb(64, 112, 160);">'template1.html'</span>, payload, RequestContext(request))

<span style="font-weight: bold; color: rgb(0, 112, 32);">else</span> <span style="font-weight: bold; color: rgb(0, 112, 32);">if</span> (req<span style="color: rgb(102, 102, 102);">.</span>method <span style="color: rgb(102, 102, 102);">==</span> <span style="color: rgb(64, 112, 160);">'POST'</span>):

    <span style="font-style: italic; color: rgb(96, 160, 176);">#Handle the response, Verify POST dictionary</span>
    <span style="font-weight: bold; color: rgb(0, 112, 32);">if</span>(req<span style="color: rgb(102, 102, 102);">.</span>post[x_response_code] <span style="color: rgb(102, 102, 102);">==</span> <span style="color: rgb(64, 160, 112);">1</span>) :
        <span style="font-style: italic; color: rgb(96, 160, 176);">#Success </span>
        <span style="font-style: italic; color: rgb(96, 160, 176);">#Display the receipt or</span>
        <span style="font-style: italic; color: rgb(96, 160, 176);">#Confirm from the user</span>
        <span style="font-weight: bold; color: rgb(0, 112, 32);">pass</span></pre>

Looking to develop an e-commerce website? We offer services. Get in touch.

Can we help you build amazing apps? Contact us today.

Topics : ecommerce


Payment Processing Gateway

Thank you so much for the above information.. I know of many who will benefit from reading this article, so I will definitely recommend it.


And what is the meaning of "9LyEU8t87h9Hj49Y"?


Andrew, Thats the salt provided by Authorize.net, unique for each merchant.


Authorize.net has been down for almost twelve hours. None of our orders our going through and they are not answering their phone. Does anyone have any idea what to do?


@Totalvac you would get more information at http://twitter.com/authorizenet


Authroize.net is great, but I've recently switched to Payleap, a great online payment processing solution. It's extremely easy and customizable, and simplifies the whole online payment process.

They love developers too ;-)

Check it out here: http://www.payleap.com


I am not intersted in using ajax or django.
Seems risky. What to keep it simple.

I don't see anything on the authorize.net site about method number 3.
"Using the SIM API obtain Authorization confirmation on Authorize.net and perform the checkout and display the recipt on the merchant’s site "

I only noticed information about the direct method or the relay method.

How would that work?

If you create a form on your site with action="http://secure.authorize.net/gateway/transact.dll".
Then when the user hits enter the form goes to authorize.net, return to the client with result. But then your on authorize.net site. How would you get back to your own website.

Seems like with choice 3 (which is still sim), you'd have x_relay_response = false. Is that right?

Can choice 3 be done with no ajax or django.


To be a little clear about my questions above, I don't see at what point we'd get back to the merchants url. Even if I use auth_only and the relay repsonse is a confirmation page, customer get the confirmation page or relay response autorize.net. So they are still on Authorize.net.
So I guess the only way to get back to my page is for me to code my relay page to have a form with action="merchant site". Is that the way it would go?

online payment gateway integration chennai

Nice info , really useful, thanks for sharing.

Paynet secure gateway

This post realy helped me out. My blog "Paynet secure.net" is an online payment processing blog provides specialized Payment Processing Systems to increase revenues, reduce costs and maximize profits. Innovative technology combined with expertise in payment processing systems guarantee clients efficient and effective US and international ecommerce payment processing services. For more details visit this url:

Secure processing gateway


My blog "National ACH" is an payment processing blog provide various payment gateways through which you can pay through mobiles , credit cards , echecks and more. for details visit:


thanks :-)

Ben Keating 1st March, 2012

Your page here didn't escape all the html around the code example... here is a cleaned up version: https://gist.github.com/1950594

the blog profit pro review

I'm sure that so many people of this field I mean whose working online for others they're having the issues with the payment transaction and just looking forward to the perfect way which is going to be helpful for them to having the safe pay-outs. and this one is i think going to be works for them.

© Agiliq, 2009-2012