Forum OpenACS Development: Authorize.net Payment Gateway

Collapse
1: Authorize.net Payment Gateway
Posted by Gilbert Wong on 10/24/01 06:40 AM

I'm putting together a package which interfaces with Authorize.net. I started writing this code a few months back, but got distracted. :) I'll post it in the CVS repository as soon as I clean up the code. I have some questions on the implementation.

  • Is there a better md5 hashing algorigthm than the one found here?
    http://www.ldas- sw.ligo.caltech.edu/doc/tcl_docs/html/keytcl.html#key::md5. The author claims that it's slow. Authorize.net uses an MD5 hash to validate the server response. The string length isn't too long and I don't think speed will be an issue so this algorithm should be ok.
  • What would folks like to see in terms of transaction tracking? Do you want to see the package store all transactions in it's on table? This would be separate from the ecommerce financial transactions table so I'll have to think of a way to make these two interact with each other (acs-service-contract?).
  • I'm planning to make this an application (versus a service) and make it a singleton. Are these good choices? I'm still not clear as to what the difference between a service and an application.
  • Is there more documentation on acs-service contract? For now, I'm going to code the package as if it were a stand alone package. But I think we need to make it talk to other packages.

Any other thought and ideas, please post them here. Bart - have you started coding and authorize.net interface yet?

Collapse
2: Response to Authorize.net Payment Gateway (response to 1)
Posted by Bart Teeuwisse on 10/24/01 07:17 AM
Gilbert, I haven't really started coding on an authorize.net interface yet. Got side tracked on by the bulk upload tools. Now that these are 'fixed' I can easily reload test data.

I finished a proof of concept based on openssl 2.0. The proof contacts authorize.net and exchanges the information needed. Didn't use the md5 hash though. The one burning question I have left with respect to authorize.net is whether it is possible to settle a different amount that the amount authorized. The transaction history of authorize.net lists two amounts suggesting that it is possible.

After next weekend I'll focus more on the ecommerce state machine. We need this for any type of financial interface.

Collapse
3: Response to Authorize.net Payment Gateway (response to 1)
Posted by Jun Yamog on 10/24/01 12:44 PM
Yehey!  I am glad another payment gateway will go into OpenACS 4.x.  Maybe initially doing it as a singleton is ok.  But in the long run it must be a service that probably will make use of acs-service-contract.  Not sure though if acs-service-contract since I have not got that deep yet.

The basic need is to create a service that would provide application as a means to process credit cards.  It maybe ecommerce or some other app.  Basically ecommerce maybe a sample of how to use this service.  Much like CMS and ETP is an application that makes use of CR.  This would make it faster for other developers to make ecommerce solution that will not use the ecommerce app since their needs may drastically be different.  But this ecommerce service can be reused.

Its a lot better to break down the ecommerce stuff.  I really dont know about OpenACS 4.x ecommerce but ecommerce from 3.x is really huge.

Based from 3.x we can break down the ecommerce thing to:

-products handling

-transaction auditing

-payment processing one of the option is credit card processing.  Another option maybe a points system.  This points system maybe developed by the developer since points systems are normally very custom.

-transaction administration.  This is the revoke, fulfill, etc.  But this may not be used in favor of the cash register of Cybercash.

Of course all of the above are move long term.  I think for short term is to just get the ecommerce package to use another payment gateway.  Then move the payment gateway to a service.  Then break down ecommerce to more usable independent units.

Collapse
4: Response to Authorize.net Payment Gateway (response to 1)
Posted by Don Baccus on 10/24/01 05:20 PM
Furfly will likely have the need for a service contract-based payment package before long and we may do some work in this direction, so we all need to start working together closely.  The specific application will use cybercash.  Should we use this thread to communicate, set up a small e-mail group, ???  It would be good to develop a spec for the operations such packages need to provide to clients like e-commerce.

As far as service vs. application, if you look at the packages we've inherited from aD the differentiation's a bit muddled.  That's because there's an assumption that services aren't meant to be mounted if you believe the site map package, while of course some services like workflow do provide a web-based UI.  So there needs to be another package attribute, "mountable/unmountable".  Won't happen in this release, though...

Collapse
5: Response to Authorize.net Payment Gateway (response to 1)
Posted by Gilbert Wong on 10/24/01 05:34 PM
Authorize.net requires a server side https post.  So I'm working on getting that part right now.  The easy way is to compile the tcl tls package and load that up each time you need it.  ns_openssl 2.0 has some client side features but at first glance, I don't see an easy way to do a POST.  The http 2.3 tcl library has a nice interface to do that, but to do a secure post, you need to compile tls and use the tcl interface (which is not a big deal).  I'm going to see if I can yank some of that code an make it look more like the procs in ns_openssl's (2.0) https.tcl file.

We could use this thread to track ideas on how the interface to a generic payment gateway should look.  I can also put a spec in the new-file-storage if you think that's appropriate.  Since I'm not familiar with the cybercash interface, maybe someone who uses it can give a quick overview of what operations are available.

Collapse
6: Response to Authorize.net Payment Gateway (response to 1)
Posted by David Walker on 10/24/01 05:38 PM
I'm doing a POST using nsopenssl 2.0.  I can send you the code if
you like.  It is kinda just hacked to work but I sent it to Scott
and he said he's probably working on a better version of it that
does things more correctly.
Collapse
7: Response to Authorize.net Payment Gateway (response to 1)
Posted by Gilbert Wong on 10/24/01 06:58 PM
David,

Can you send me a copy of the code?  I'll also contact Scott G.  Thanks!

Collapse
8: Response to Authorize.net Payment Gateway (response to 1)
Posted by Don Baccus on 10/24/01 07:58 PM
Gilbert - it would be helpful if you took a shot at a spec, yes.  If you do I'll bug Janine for her opinions - she's used Cybercash on several sites.
Collapse
9: Response to Authorize.net Payment Gateway (response to 1)
Posted by Gilbert Wong on 10/24/01 08:06 PM
Ok.  It'll be very Authorize.net centric so I'll need input from the cybercash users :)
Collapse
10: Response to Authorize.net Payment Gateway (response to 1)
Posted by Roberto Mello on 10/26/01 12:23 AM
ns_openssl 2.0 supports POST. In fact, it supports any HTTP method:

http://scottg.net/webtools/opennsd/modules/nsopenssl/tclapi/ns_httpsopen/

Collapse
11: Response to Authorize.net Payment Gateway (response to 1)
Posted by Gilbert Wong on 10/26/01 01:11 AM
Roberto - you're right, but you have to do some extra work to make it POST.  Scott has a new (unreleased) proc ns_httpspost which you can call directly to do POSTs.  I'm testing it out to see if it will work on the servers I connect to.  David mentioned that he had problems connecting to IIS servers using that proc...
Collapse
12: Response to Authorize.net Payment Gateway (response to 1)
Posted by David Walker on 10/26/01 02:11 AM
I didn't actually try the ns_httpsopen open proc so I can't say
whether it works or not.  I used ns_openssl_sockopen