developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Looking for advice on implementing call back pages

View the SolutionThis topic has been marked as solved.

Hi there,

 

I am working on the specifications of an integration between an existing CMS / eCommerce system (25K+ installations) and Authorize.net. I looked at the various APIs and documentation and tried out a couple of samples and created my own. At the moment I am inclined to think that SIM is the best solution for our situation. We don't want to store client details such as CC numbers in the CMS while we still need to be able to customize the payment form to some extent.

 

I am, however, a bit unsure on how to implement a callback from authorize.net to our systems out of the user's browser session. To understand what I am looking for, here's a summary of how we implemented some other payment systems:

 

  1. The CMS renders a page with hidden form fields that automatically submits to the gateway. We pass some base data such as the order number and some client details (to be displayed as read-only on the payment form).
  2. The gateway handles user interaction and validates the data.
  3. The gateway redirects the user to a page on the CMS site with a status indication in the URL. This is just an indication that things *might* have worked out at the gateway and is used to render the client receipt or an error page.
  4. The gateway calls a page on the server (outside of the user session) to indicate order XYZ has changed.
  5. The CMS calls back to the gateway to request the status of the payment for order XYZ and updates the system accordingly. Only this information can be trusted to determine the final state of the payment.

I can do 1 and 2 easily with SIM. However, from what I understand of SIM, at step 3 Authorize.net only requests a page at the CMS and displays its returned HTML on the page at the authorize site. In addition, it doesn't seem to do "under water" calls into the CMS to update the order in the backend database.

 

My questions are: is there a way to implement the above using SIM and if so, how? Or should I be looking at AIM or DPM instead? Initially I thought that DPM was the way to go, but I rather not host the initial payment form on our users' sites as that means content managers either have to create their own forms + validation or run the risk of messing up the default templates we'll ship out of the box.

 

Any ideas or pointers to existing documentation are highly appreciated.

 

Kind regards,

 

Imar Spaanjaars

Imar
Member

‎09-16-2011 12:59 PM

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions

View the SolutionThis topic has been marked as solved.

Well, the most obvious question is - what programming language do you use? After that, yes, it sounds like it'll be either SIM or DPM. I'd personally choose DPM just because I like more control over the look of the form - there isn't really much difference in terms of security / validation, and as long as you include a tool that lets them click off what fields they want and then generate a form, you're fine as far as them not messing it up. The callback should work either way. Incidently, (5) probably isn't necessary, since you can verify that incoming data to the callback page is really from Authorize.net, and just update straight from there.

View solution in original post

TJPride
Expert

‎09-17-2011 10:35 AM

0 Kudos
Reply
2 REPLIES 2

View the SolutionThis topic has been marked as solved.

Well, the most obvious question is - what programming language do you use? After that, yes, it sounds like it'll be either SIM or DPM. I'd personally choose DPM just because I like more control over the look of the form - there isn't really much difference in terms of security / validation, and as long as you include a tool that lets them click off what fields they want and then generate a form, you're fine as far as them not messing it up. The callback should work either way. Incidently, (5) probably isn't necessary, since you can verify that incoming data to the callback page is really from Authorize.net, and just update straight from there.

TJPride
Expert

‎09-17-2011 10:35 AM

0 Kudos
Reply

View the SolutionThis topic has been marked as solved.

Thanks for your answers, and sorry for my late reply; I was pretty sure I was subscibed to this topic but never saw a notification message.

 

Anyway, the CMS is based on .NET giving us easy access to all available options with the handy SDKs. It looks like SIM is going to be the way, although I do see your point on generating the form based on fields configured in the backend.

 

5) may indeed not be necessary in this case, as Authorize.net posts back to the server. Other systems do a client redirect which definitely can't be trusted.

 

Thanks again,

 

Imar Spaanjaars

Imar
Member
In response to TJPride

‎09-20-2011 12:26 PM

0 Kudos
Reply
Copyright © 2024 Khoros, LLC