Cybersource Developer Community Cybersource Developer Community

cstrzelc · ‎09-02-2012

Hello,

I am hoping that someone would please explain to me in layman's terms how to best setup a recurring profile. I am new to Authorize.net and would like to understand if I'm following best practice.

WHAT I WANT TO DO

I have a customer who needs to except subscriptions for his users. The subscriptions can either be monthly or yearly with no end date.

WHAT I CURRENTLY HAVE

I currently used CIM to setup a subscriber profile with createCustomerProfileRequest.
Then I test an authorization for the amount with createCustomerProfileTransactionRequest.
Following that I create a subscription with ARBCreateSubscriptionRequest. This is all working in the sandbox environment.

MY QUESTIONS

Do I really need to use CIM to create a profile? Should I just use ARB to create the subscription?
Are there any benefits to using CIM and ARB together like this?
Should I only be using CIM to do recurring payments? I could not figure out how to do this with CIM. In fact it looks like the options do exist to do this with CIM. I only saw one tag for recurring which specifies a booleen true || false.
For a very short term I am storing user information includeing credit card information in the session. Is this insecure? If so what's the best way to hold credit card data on my server before passing it onto Authorize.net.

Thank you in advance for any help!

-cs

TJPride · ‎09-03-2012

You're confused as to how this is supposed to work. When you use CIM, you charge by setting up an automated script on your end that generates one-time charges against the profile / payment profile whenever the customer comes due. You just have your server run the script every morning, it shouldn't be more complicated than that unless you have a massive volume of customers.

cstrzelc · ‎09-03-2012

I was really hoping to have Authorize.net run the scheduling. This way it's less processing on my end. This is why I chose to use ARB. However, I used CIM to do a test authorization because ARB does not process the payment until 2AM. This way I know that the buyer has a working credit card with enough funds and I can create him an account on my portal. Does that make sense?

Thanks

-cs

TJPride · ‎09-03-2012

Obviously, the first charge would be run through immediately rather than waiting until your next automated cycle. It might not -settle- until 2 AM, but the money would be locked up and they'd have to submit a fraud report to get the charge canceled, which they could do just as easily after the charge settles. There is no point to not using CIM, imho, since it's much easier to deal with than ARB when something goes wrong with the subscription, or the billing schedule varies, or whatever. Plus if you use hosted CIM, the credit card data never passes through your server, unlike with ARB.

cstrzelc · ‎09-04-2012

Thanks for the advice. I'll certainly think about it. By the way if I do choose to use ARB and pass CC data through the server, do you have any recommendations. Are SESSIONS the best way to store these values for the brief time it exists on the server?

Thanks

-cs

TJPride · ‎09-04-2012

You definitely don't store the data anywhere. The user submits a form with the credit card data; you read it immediately from $_POST and pass it to Authorize.net. Anything beyond that increases your security exposure, which will be bad enough using ARB.

cstrzelc · ‎09-06-2012

Great thanks for the replies. That's somewhat the flow I have.

Cybersource Developer Community Cybersource Developer Community

Recommendations for recurring billing setup.