Peter,
the payment-gateway is a service contract for processing credit card transactions. There used to be 2 implementations of the contract, one for Authorize.net and one for Payflow Pro, of which only authorize-gateway remains these days. The sample-gateway can be used as a template for new implementations.
The payment-gateway contract has been designed by Janine Sisk and myself while implemented by Janine. Unfortunately, the payment-gateway lacks documentation. However, the authorize-gateway is well documented.
The contract defines an interface for the basic credit card operations: authorize, chargecard, return and void. Authorize, authorizes a request to charge a card for a certain amount, chargecard performs a previously authorized transaction, return deposits a previously charged amount back to the card and void nullifies the transaction.
No state information is maintained by the payment gateway or any of its implementations. Calling packages -like ecommerce- have to maintain state and take appropriate actions. E.g. authorize a transaction when an order is being submitted, chargecard when the order is being shipped and retry an operation when the payment gateway implementation reports a temporal failure (failure-retry).
The Authorize gateway does record all responses from Authorize.net to a table for logging purposes but this information is not being used for state maintenance. The ecommerce package maintains state in ec_transactions.
The current payment gateway service contract handles credit card transactions only, eChecks are not supported. Neither are credit card processors who use forms to be filled out by the user to complete the credit card operation. All required information is to be gathered by the calling package prior to invoking the service contract.
The ecommerce package is the only package that I'm aware of that is in the OpenACS CVS repository to use the payment-gateway. The exact implementation to use is a parameter of the ecommerce package. Set PaymentGateway to authorize-gateway in order to use the Authorize.net implementation. However, you will need to get a (test) account w/ Authorize.net to test the gateway.
Alfred, Torben, maybe you can add your experiences too?
/Bart
