03-09-2012 11:24 AM
I'm using SIM x_receipt_url, which works fine. The payment page shows a button after the payment is complete, clicking it will take the payer back to my site to update his status.
Now, the payer may forget to click the "Go back" button and simply close the browser, which will cause his payment status not updated. So I added x_relay_url, that will do a server to server call (Authorize.Net posts the transaction details to my server's relay URL) after the payment is complete. I just need to make sure the same transaction won't get processed twice.
But if I issue a refund from my merchant account, how does my server receive a notification from Authorize.Net to update member's status accordingly? So, I guessed I should use Silent Post URL. I haven't tried it yet when I post this.
Does anyone know if the Silent Post URL will receive any/all kinds of transaction notification, such as Refund, Complete, Pending, etc.? If not, what is the approach / setting should I do?
If YES, and the Silent Post URL is set, will both relay URL and Silent Post URL receive a call from Authorize.net on a same payment complete transaction?
03-09-2012 12:11 PM
The relay URL is passed the order data along with the order status, so you would update your database there before forwarding the person to your receipt page. Silent Post is not needed except with ARB.
03-09-2012 12:52 PM
Here is my result against Authorize.Net test server.
If I set x_relay_url only, I got the following error after the payment complete.
An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.
This transaction has been approved.
It is advisable for you to contact the merchant to verify that you will receive the product or service.
However, the relay URL was successfully called and was able to process the POST fields.
If I set Silent Post URL only, it worked exactly the same as x_relay_url, except that no error was displayed. Great !
Both cases showed that the transaction can be successfully recorded on my server after the payment complete, without having to click "Go back" button for x_receipt_url to process.
I wonder why x_relay_url case displayed error.
But at least I can use Silent Post URL to server the purpose. Next, I'll need to verify if it can receive other transaction notification, such as Refund.
03-09-2012 01:37 PM
That error generally means it couldn't contact the relay response URL. Did you configure the URL in your control panel? Is the relay response page available when you post to it yourself?
Really shouldn't be using silent post with SIM if you can avoid it.
03-09-2012 04:33 PM
Thank you TJPride for you prompt reply.
I opened an eTicket on this issue. According to their reply, Silent Post URL is what I need, and my test confirmed that. When I click "Void" to refund the payment from merchant account, the silent_post_url received the notification about this transaction (so the member status can be updated immediately on my site).
However, the same verification mechanism against x_MD5_hash (see below) only works for Payment Complete, not for Void. I'm waiting for their explanation.
// ... success on Payment Complete
// ... failure on Void
03-09-2012 10:04 PM - edited 03-09-2012 10:06 PM
Well sure, you don't void things through SIM, you'd use AIM for that. SIM is only for allowing your users to create transactions. And anything run through your control panel wouldn't show up through relay response, just through silent post.
From the documentation:
This transaction type is used to cancel an existing transaction that has a status of Authorized/Pending Capture or Captured/Pending Settlement. Settled transactions cannot be voided (issue a Credit to reverse such charges). The SIM API does not support Void transactions.
You can manually void transactions from the Unsettled Transactions screen of the Merchant Interface. From there, you can use the Group Void filter toward the top of your screen to void multipletransactions at once, or click on the individual Transaction ID of the transaction you would like to void; the next screen will provide a Void button.
If this transaction type is required, it is recommended that the merchant process the transactions by logging on to the Merchant Interface directly, or by using a desktop application that uses AIM.
03-13-2012 09:50 AM
The following link solved my problem. For x_type "void" or "credit", authorize.net uses user login ID (not API LOGIN ID) to construct x_MD5_Hash. Now my Silent Post URL works great.
03-13-2012 10:41 AM
Only voids and credits from the terminal, not from the API.
That makes no sense, though. The API is not supposed to require putting in any part of your account login, you'd think that even transactions you put in via the terminal would have a hash generated from the API login so that you aren't forced to have the account user inside your hosting to verify the MD5 hash. This is a minor security breach.
Whatever works, I suppose, but this really needs to be changed.
03-13-2012 11:11 AM
I'm using SIM. So "void" and "credit" are issued directly from merchant account, not from API, the silent URL receives the notification. This could be reason they use account login ID instead of API LOGIN ID to construct hash.
AIM will be my next test.