Authorize.Net API questions and help with your payment integration.
Authorize.Net API questions and help with your payment integration.
02-17-2015 03:17 PM
After reading and watching the videos for hours I can say that this site is not friendly at all. The Website that I'am working on have been done with VWD 2010 (asp.net) and VB. It is my understanding that in my case the best option is DPM. Now, how can I start implementing this? Could anybody list the steps in plain English for me to follow. I downloaded the SDK, but can not open it with VWD 2010. Can anybody help?
02-17-2015 03:57 PM
If you not afraid of coding
start with the SIM VB sample code here
DPM is almost the same as SIM
and the doc is here
02-18-2015 09:16 PM
Thanks for your response. By the way, if I was afraid of coding I wouldn’t be here, lol. I read everything as you suggested and I still have questions.
When I compare the doc http://developer.authorize.net/guides/SIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Appendix%20C%20-%20...
With the SIM VB sample, http://developer.authorize.net/downloads/samplecode/
seen to be that the doc is kind of incomplete. It does not mention Web.config changes that I see in the coding samples relate to the form. Secondly there are vb files with classes related to the form too. So this is kind of confusing since the doc only talk about topics relate to the form.
Since this is the case I would like to ask two very stupid questions.
1) Do I need to change the web.config file according to the samples provided?
2) Do I need to incorporate the additional vb files and classes as well?
This is kind of confusing since they are using asp classic and I am using asp.net
I will appreciate your help on this.
02-19-2015 04:31 AM - edited 02-19-2015 04:39 AM
The doc is a generic for any lang.
DPM is just a form post to authorize.net url with the required field
You really don't need any of the sample code.remove x_show_form and add the x_card_num and x_exp_date
Then try it and see how it work and then just do your own code for your website. The code that you might want to copy is how they generate the x_fp_hash
The other thing to read is the Relay Response Basics and Troubleshooting for getting the response back from authorize.net after the post. And for asp.net either set machineKey in your web.config or set enableviewstatemac to false on the page.
02-23-2015 02:51 PM - edited 02-23-2015 02:56 PM
OK, I have implemented some code from the SDK and from online samples and I am testing now. Just at my first shot I received Code 97 error. I search in the community board, and I read other post with similar problems. I tried all, but still receiving Code 97. I am pasting here my code for anybody to take a look and make any suggestion.
First of all I do have a class and a function that generate the fingerprint. It looks like this:
Public Class CCTransactionFingerprint Public Function HMAC_MD5(ByVal Key, ByVal Value)
' The first two lines take the input values and convert them from strings to Byte arrays
Dim HMACkey() As Byte = (New ASCIIEncoding()).GetBytes(Key)
Dim HMACdata() As Byte = (New ASCIIEncoding()).GetBytes(Value)
' create a HMACMD5 object with the key set Dim myhmacMD5 As New HMACMD5(HMACkey)
' calculate the hash (returns a byte array)
Dim HMAChash() As Byte = myhmacMD5.ComputeHash(HMACdata)
' loop through the byte array and add append each piece to a string to obtain a hash string
Dim fingerprint = "" For i = 0 To HMAChash.Length - 1 fingerprint &= HMAChash(i).ToString("x").PadLeft(2, "0") Next Return fingerprint
Since I’m using asp.net I’m sending the transaction data from an html in code behind, it looks like this:
Dim transactionKey = "TRANSACTION_KEY"
'A sequence number is randomly generated
Dim random As New Random
Dim sequence = random.Next(0, 1000)
'A time stamp is generated (using a function from simlib.asp)
Dim timeStamp = CInt((DateTime.UtcNow - New DateTime(1970, 1, 1)).TotalSeconds)
'Generate a fingerprint
Dim CreateFingerprint As New CCTransactionFingerprint()
Dim fingerprint = CreateFingerprint.HMAC_MD5(transactionKey, loginID & "^" & sequence & "^" & timeStamp & "^" & TotalSalePrice & "^")
'Here we create a HTML form in the code behind to POST the information to the credit card gateway
Dim collections As New NameValueCollection()
Dim remoteUrl As String = "https://test.authorize.net/gateway/transact.dll"
Dim html As String = "" html += "" html += String.Format(" ", remoteUrl) For Each key As String In collections.Keys html += String.Format("", key, collections(key)) Next
html += "" Response.Clear() Response.ContentEncoding = Encoding.GetEncoding("ISO-8859-1") Response.HeaderEncoding = Encoding.GetEncoding("ISO-8859-1")
Response.Charset = "ISO-8859-1"
Thanks for your help !
02-23-2015 04:03 PM
I'm not see where you passing all the required fields
I see x_fp_hash, but not x_fp_sequence,x_fp_timestamp
02-23-2015 06:31 PM - edited 02-23-2015 06:41 PM
I thought that I have everything according to this link:
However since you are mentioning this different link: http://developer.authorize.net/guides/SIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Appendix%20A.html
I checked it and I can see that I have everything here as well since in my understanding and according to this link the following fields, x_fp_hash, x_fp_sequence and x_fp_timestamp should be inside the fingerprint. But due to your comment I am not sure now. Do I have to send them in the fingerprint and as individual fields as well. Is this the case?
Thanks a lot for you time and help
02-24-2015 03:17 AM
They are all sent as individual fields. The "fingerprint" is just a convenient way to talk about those fields, grouped by their fingerprinting function.
An SDK or library may also group those fields into a single class or API method, but behind that, it would still need to send those fields indivually to the gateway.
Not sure if that helps, as I'm not sure what level you are looking at (e.g. low-level POSTs or a higher level abstraction).
02-24-2015 04:28 AM - edited 02-24-2015 04:29 AM
Submitting a Request for the Hosted Payment Form
If I remember correctly that used an old PHP example
<% ret = InsertFP (APIloginid, sequence, amount, txnkey) %>
and that include all the required field.
I don't think you know how the fingerprint works. authorize.net only have your loginID and transationKey.
The fingerprint is useless without authorize.net knowing how the x_fp_sequence and x_fp_timestamp value, because they can't hash is a match the value. The only thing you don't pass is the transactionKey because they already have it.
Run to your page that you form post to authorize.net in a browswer. Then look at the page source, if it didn't have all the required field, it not going to work. Go back at look at the sample code(not the SDKs) and see what they are passing in the form.
02-24-2015 04:50 AM
Yes, you don't ever send the "transaction key". That is a shared secret - your site knows it and your Authoriize.Net account knows it, but nobody else should know it. It is used to generate the one-time hash (x_fp_hash) with your form. That hash is used with the other fields you send (which all comprise the "fingerprint" - x_fp_sequence and x_fp_timestamp) to allow Authorize.Net to check that it really is your site sending the transaction request.
So the fingerprint is made of these fields, send in the form as individual fields:
The hash is generated from the shared secret "transaction key", and the sequence and timestamp effectively add salt to that key before it gets hashed.
A similar thing happens for relay messages that Authorise.net sends back to your site, using a different shared secret (the "md5 hash key"), so your merchant site can be sure it is really Authorize.Net sending it the relay message.
I hope that clears up what I meant, in case I didn't explain it properly. Those *individual* firelds need to do into the form, but the package or SDK used may put them all in in one go as a "fingerprint".