cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to get the Customer Pay Method Profile ID using the Customer Profile ID?

From what I can tell from the sample code, GetCustomerPaymentProfile requires the customerPaymentProfileId and it is the customerPaymentProfileId that we need to get since it is not in our data.

 

From what I can tell from the sample code, it’s possible to have our web server serve up a web page with a form that will post to Authorize.net’s server with the customer’s card data thereby eliminating the card data from being returned to our server. However, we need a way to retrieve the newly created Payment Profile ID on our server and I have not seen any way to do that yet.

 

I would assume that the web page from our server, which contains the form that posts the raw card data to Authorize.net’s server, would need some sort of parameter with the URL of our web server so that Authorize.net’s server could post the Payment Profile ID back to our website.

 

Looking through CIM_XML_guide.pdf I saw descriptions of using an iFrame to display an Authiorize.net hosted web page where the card data could be entered and posted directly to Authorize.net’s server but I saw nothing that would allow our server to retrieve a newly created Payment Profile ID.

 

I can see that there are multiple methods for our web server to serve up a web page, with an already generated Customer Profile ID, and to have the raw card data with the Customer Profile ID posted directly to Authorize.net’s server.

 

How can our server can obtain the newly created Customer Payment Profile from the response from Authorize.net’s server resulting from the post with the raw card data?

 

Our website currently creates the customer and payment tokens but we need to move the sensitive card data off of our server.

 

I'm a vb.net developer but understand enough C# to get me by and can figure out other languages if needed.

 

Thanks in advance. david 

 

dmwuha1
Member
2 ACCEPTED SOLUTIONS

Accepted Solutions

Hello @dmwuha1

 

If you require more control over the hosted form, have you considered using the DPM hosted payment form for the initial transaction and then create customer profiles using create customer profile from a transaction?

 

Richard

View solution in original post

" the fingerprint is more than 1 hour old or more than 15 minutes into the future, it is rejected."

View solution in original post

15 REPLIES 15
RaynorC1emen7
Expert

Thanks for the quick reply.

 

Our enrollment website collects the name, address, billing address, etc. prior to the point in the process where the payment needs to be submitted. I don’t see any way to pass the name, address, etc. to the hosted form nor do I see any way to pass the Customer Profile ID to the hosted form if the code creates a Customer Profile ID prior to displaying the hosted form.

 

If the hosted form is used to create the Customer Profile ID and Payment Profile ID, and the Customer Profile ID is not somehow returned to our website, how can GetCustomerProfileRequest be called when we don’t know what the Customer Profile ID is????

 

We only need the hosted form for inputting the CC number and expiration. I’ve configured the hosted form in the Sandbox to show the minimum fields which includes the “Pay By” radio buttons (ACH or CC), a textbox for the CC number and a textbox for the CC expiration date. I didn’t see a way to disable the “Pay by” radio buttons and only allow the two CC fields to be displayed.

 

We are only creating tokens for submitting CC payments and submitting “normal” transactions for ACH. If the “Bank Account” radio button is selected on the hosted form, will tokens be created for the ACH payment methods as well as CC payment methods?

 

Should I actually be looking at DPM instead of the hosted SIM form? I've spent all of my time looking into the SIM hosted form and haven't looked into DPM other than noting that it has a via x_relay_url parameter.

 

I'm using the CoffeeShopWebApp sample code to experiment with.

 

david

http://developer.authorize.net/api/reference/features/customer_profiles.html

Identifying the Customer

Before you can present the hosted form, you need a way of identifying returning customers. You can have the customer log in to your site. Several content management systems and shopping carts automatically support that functionality. It is important that the login process is reliable so that one customer does not have access to another's stored payment information.

For first-time customers, you must create a new profile using the createCustomerProfileRequest method.

A customer profile contains any unique combination:

  • Customer ID (any value you choose)
  • Email
  • Description

Once the profile is created, you'll receive a unique profile ID that you can use to identify this customer in the future.

It is not feasible to have a customer go to Authorize.net's website to create a customer profile and then go to our website to enroll in a membership. 

 

Even if it was feasible and we had the Customer Profile ID, I don't see a way to pass that CPID to either the hosted CIM form to generate the PPID.

 

Even if there was a way to pass the CPID to the hosted form, I don't see a way to get the newly created PPID in order to immideatly process a transaction.

 

We don't have returning customers. We have members that get charged each month for their memberships with the first month charged at the time of enrollment. Authorize.net's recurring billing service won't work with our insurance membership system. That is why it is critical that we get the PPID at the time that the PPID is created so that the first month's dues for our member can be charged.

 

So it looks like we'll have to spend $$$$$$$ for PCI compliance because Authorize.net does not provide a way for us to use the hosted CIM form so that we can capture the PPID and immediatly submit a transaction.

 

 

No. You create the customer profile on your site, because you will need the id to call the hosted CIM form.

 

please read the whole section on "Using the Hosted Form"

http://developer.authorize.net/api/reference/features/customer_profiles.html

Perhaps my original post did not illustrate the issue clearly. I see that the PPID can be obtained using the CPID but that is not the entire picture...

 

We have been using AIM for over 10 years but have hit a brick wall with Authorize.net for a lack of a way to offload the entering of the CC number and CC expiration fields off of our servers. I have spent a week researching this and despite what developer@authorize.net and community.developer.authorize.net have told me, it is apparently not possible to convert our AIM process to use DPM or the CIM hosted form because Authorize.net does not provide a way for our server to pass a Customer Profile ID CPID to the DPM form or the CIM hosted form to create a Payment Profile ID PPID nor does Authorize.net provide a way for our server to immediately get the newly created PPID so that a financial transaction can be submitted; all from the same single click from the customer's browser. The hosted form will not work for us.

 

It sounds like PayPal’s PayFlowPro system will do what we need but if we have to switch to using them, we will have to manually contact all of our credit card customers and manually enter their payment information into the PayFlowPro system since all of our current customers’s card data has been tokenized with Authorize.net. That will be an expensive and time consuming process. It will however, be more cost effective in the long run than having to spend a huge amount of money to get our current AIM processing system PCI compliant.

 

Our company sells health insurance memberships which begin with the processing of the membership’s first month’s dues at the time of enrollment. Using AIM, our system submits the data to create the CPID and PPID which is then used to submit one payment transaction for each membership the customer is enrolling in; up to three separate transactions using the same PPID for each membership in our website’s ‘shopping cart’ are submitted within seconds of each other. Due to insurance regulations, each membership (dental, vision, etc.) must be processed separately. Our system relies on the CPIDs and PPIDs of our members for monthly recurring billing. Authorize.net’s recurring billing service is not compatible with our recurring billing system for our members.

 

All of our customer’s information must be collected at the beginning of the membership enrollment process because the memberships are limited by state availability and age. Because we must collect the customer’s data first, it is not feasible to display the CIM hosted form where address fields appear which will confuse our customers because they already entered their address earlier in the enrollment process.

 

The closest method that Authorize.net has to offer is DPM but it does not provide a field for a CPID and even if it did, I have found no information about what is in or what the format is of the resulting relay url post; ideally it would have the PPID but if it includes something to identify customer from the DPM post, then we could use getCustomerProfile to get the PPID so that the first month’s dues payment can be submitted.

 

The getHostedProfilePageRequest has an input element for the CPID; why not provide that with DPM?

 

If there is a way to include the CPID in the DPM form to create the PPID and the resulting relay url post to our server has data that can be used to associate that relay post with a specific DPM post (we will need documentation regarding the relay post data and format), then we can work with that.

 

Otherwise, we will be looking into more modern payment gateway options.

Hello @dmwuha1

 

If you require more control over the hosted form, have you considered using the DPM hosted payment form for the initial transaction and then create customer profiles using create customer profile from a transaction?

 

Richard

Hi Richard,

 

That is an interesting possibility that I wasn't aware of so I'll play around with it in the sandbox today to see if I can make it work and will reply when I have determine whether or not we can do it that way.

 

So far I have not found any information about the format or contents of the resulting x_relay_URL post to our server so if you happen to know where I can find that info, it would be much appreciated.

 

david 

David,

 

You should find everything you need on page 58 of our hosted payment form (SIM/DPM) guide: http://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf

 

Richard