Forum OpenACS Development: Authorize.net Payment Gateway
I'm putting together a package which interfaces with Authorize.net. I started writing this code a few months back, but got distracted. :) I'll post it in the CVS repository as soon as I clean up the code. I have some questions on the implementation.
- Is there a better md5 hashing algorigthm than the one found here?
http://www.ldas- sw.ligo.caltech.edu/doc/tcl_docs/html/keytcl.html#key::md5. The author claims that it's slow. Authorize.net uses an MD5 hash to validate the server response. The string length isn't too long and I don't think speed will be an issue so this algorithm should be ok.
- What would folks like to see in terms of transaction tracking? Do you want to see the package store all transactions in it's on table? This would be separate from the ecommerce financial transactions table so I'll have to think of a way to make these two interact with each other (acs-service-contract?).
- I'm planning to make this an application (versus a service) and make it a singleton. Are these good choices? I'm still not clear as to what the difference between a service and an application.
- Is there more documentation on acs-service contract? For now, I'm going to code the package as if it were a stand alone package. But I think we need to make it talk to other packages.
Any other thought and ideas, please post them here. Bart - have you started coding and authorize.net interface yet?
I finished a proof of concept based on openssl 2.0. The proof contacts authorize.net and exchanges the information needed. Didn't use the md5 hash though. The one burning question I have left with respect to authorize.net is whether it is possible to settle a different amount that the amount authorized. The transaction history of authorize.net lists two amounts suggesting that it is possible.
After next weekend I'll focus more on the ecommerce state machine. We need this for any type of financial interface.
The basic need is to create a service that would provide application as a means to process credit cards. It maybe ecommerce or some other app. Basically ecommerce maybe a sample of how to use this service. Much like CMS and ETP is an application that makes use of CR. This would make it faster for other developers to make ecommerce solution that will not use the ecommerce app since their needs may drastically be different. But this ecommerce service can be reused.
Its a lot better to break down the ecommerce stuff. I really dont know about OpenACS 4.x ecommerce but ecommerce from 3.x is really huge.
Based from 3.x we can break down the ecommerce thing to:
-payment processing one of the option is credit card processing. Another option maybe a points system. This points system maybe developed by the developer since points systems are normally very custom.
-transaction administration. This is the revoke, fulfill, etc. But this may not be used in favor of the cash register of Cybercash.
Of course all of the above are move long term. I think for short term is to just get the ecommerce package to use another payment gateway. Then move the payment gateway to a service. Then break down ecommerce to more usable independent units.
As far as service vs. application, if you look at the packages we've inherited from aD the differentiation's a bit muddled. That's because there's an assumption that services aren't meant to be mounted if you believe the site map package, while of course some services like workflow do provide a web-based UI. So there needs to be another package attribute, "mountable/unmountable". Won't happen in this release, though...
We could use this thread to track ideas on how the interface to a generic payment gateway should look. I can also put a spec in the new-file-storage if you think that's appropriate. Since I'm not familiar with the cybercash interface, maybe someone who uses it can give a quick overview of what operations are available.
you like. It is kinda just hacked to work but I sent it to Scott
and he said he's probably working on a better version of it that
does things more correctly.
Can you send me a copy of the code? I'll also contact Scott G. Thanks!
whether it works or not. I used ns_openssl_sockopen