Reply
Highlighted
Member
Posts: 2
Registered: ‎09-14-2011
Accepted Solution

Looking for advice on implementing call back pages

Hi there,

 

I am working on the specifications of an integration between an existing CMS / eCommerce system (25K+ installations) and Authorize.net. I looked at the various APIs and documentation and tried out a couple of samples and created my own. At the moment I am inclined to think that SIM is the best solution for our situation. We don't want to store client details such as CC numbers in the CMS while we still need to be able to customize the payment form to some extent.

 

I am, however, a bit unsure on how to implement a callback from authorize.net to our systems out of the user's browser session. To understand what I am looking for, here's a summary of how we implemented some other payment systems:

 

  1. The CMS renders a page with hidden form fields that automatically submits to the gateway. We pass some base data such as the order number and some client details (to be displayed as read-only on the payment form).
  2. The gateway handles user interaction and validates the data.
  3. The gateway redirects the user to a page on the CMS site with a status indication in the URL. This is just an indication that things *might* have worked out at the gateway and is used to render the client receipt or an error page.
  4. The gateway calls a page on the server (outside of the user session) to indicate order XYZ has changed.
  5. The CMS calls back to the gateway to request the status of the payment for order XYZ and updates the system accordingly. Only this information can be trusted to determine the final state of the payment.

I can do 1 and 2 easily with SIM. However, from what I understand of SIM, at step 3 Authorize.net only requests a page at the CMS and displays its returned HTML on the page at the authorize site. In addition, it doesn't seem to do "under water" calls into the CMS to update the order in the backend database.

 

My questions are: is there a way to implement the above using SIM and if so, how? Or should I be looking at AIM or DPM instead? Initially I thought that DPM was the way to go, but I rather not host the initial payment form on our users' sites as that means content managers either have to create their own forms + validation or run the risk of messing up the default templates we'll ship out of the box.

 

Any ideas or pointers to existing documentation are highly appreciated.

 

Kind regards,

 

Imar Spaanjaars


Accepted Solutions
Highlighted
Solution
Accepted by topic author Imar
‎08-21-2015 01:58 AM
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Looking for advice on implementing call back pages

Well, the most obvious question is - what programming language do you use? After that, yes, it sounds like it'll be either SIM or DPM. I'd personally choose DPM just because I like more control over the look of the form - there isn't really much difference in terms of security / validation, and as long as you include a tool that lets them click off what fields they want and then generate a form, you're fine as far as them not messing it up. The callback should work either way. Incidently, (5) probably isn't necessary, since you can verify that incoming data to the callback page is really from Authorize.net, and just update straight from there.

View solution in original post


All Replies
Highlighted
Solution
Accepted by topic author Imar
‎08-21-2015 01:58 AM
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Looking for advice on implementing call back pages

Well, the most obvious question is - what programming language do you use? After that, yes, it sounds like it'll be either SIM or DPM. I'd personally choose DPM just because I like more control over the look of the form - there isn't really much difference in terms of security / validation, and as long as you include a tool that lets them click off what fields they want and then generate a form, you're fine as far as them not messing it up. The callback should work either way. Incidently, (5) probably isn't necessary, since you can verify that incoming data to the callback page is really from Authorize.net, and just update straight from there.

Highlighted
Member
Posts: 2
Registered: ‎09-14-2011

Re: Looking for advice on implementing call back pages

Thanks for your answers, and sorry for my late reply; I was pretty sure I was subscibed to this topic but never saw a notification message.

 

Anyway, the CMS is based on .NET giving us easy access to all available options with the handy SDKs. It looks like SIM is going to be the way, although I do see your point on generating the form based on fields configured in the backend.

 

5) may indeed not be necessary in this case, as Authorize.net posts back to the server. Other systems do a client redirect which definitely can't be trusted.

 

Thanks again,

 

Imar Spaanjaars