developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

AIM: Do I put x_login and x_tran_key as hidden fields in my checkout form?

I know it seems like a simple question, and it really is.  I ask because:

 

On the AIM PDF, it says that x_login and x_tran_key are required when submitting a form.  However, on the API generation page, it says to no share your API key or Transaction Key with anyone.

 

Basically, by saying "Don't share your API Key or Transaction Key with anyone" and then saying "Please set your API Key and Transaction Key as hidden fields in your checkout form" is a complete conundrum.  Anyone who looks at the source of my checkout page will be able to get the API Key and Transaction Key.  Hidden fields are not secure.

 

I just don't understand :(

MALON
Member

‎05-05-2011 07:28 AM

0 Kudos
Reply
1 REPLY 1

Hi MALON,

 

Your API Login ID and Transaction Key should not be visible in the source code of the page but they must be included in any AIM POST as the value to x_login and x_tran_key as this is the purpose that these values server in relation to allowing you to process transactions programmatically. If your source code cannot be obstructed you should pull the values from a secure file during the POST of the transaction.

 

 

Thank you,

 

Elaine

Elaine
Trusted Contributor
Trusted Contributor

‎05-09-2011 08:15 AM

0 Kudos
Reply
Copyright © 2024 Khoros, LLC