Hi Sally,
An API has nothing to do with object oriented programming. API just means "Application Programming Interface", a set of specs for programmatically communicating with something else.
Our service is a web service, and we have an API which is the set of commands and parameters and procedures to tell that service to do something and to understand the response you get back.
At a basic level, you cause your server to send a piece of text like this to our server:
<authenticateTestRequest xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd">
<merchantAuthentication>
<name>API_LOGIN_ID</name>
<transactionKey>API_TRANSACTION_KEY</transactionKey>
</merchantAuthentication>
</authenticateTestRequest>
Our server responds with a string of text like this:
<?xml version="1.0" encoding="utf-8"?>
<authenticateTestResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd">
<messages>
<resultCode>Ok</resultCode>
<message>
<code>I00001</code>
<text>Successful.</text>
</message>
</messages>
</authenticateTestResponse>
The API is just the set of instructions to tell you what stuff to put in the request and what stuff to put in the response.
What you want to do is to create a PHP script that takes information off of a web form and sends it to us. That's what the sample PHP script I posted does. It takes three variabled from the form that was posted to it and puts those into a request like the above. It also takes your login ID and transaction key for your sandbox account from a couple of environment variables you set outside the script and adds those to the request. Then, it calls curl to send that request to our server, and get the response. It's up to you to put some code in at the end to put the response into some HTML set up however you want to give that response to the customer.
It's not so much an issue of knowing object oriented programming as it is knowing PHP. If you know PHP you can turn that sample code into whatever you need.
@ssimons wrote:
3.) > This script would than insert the right values into an XML formatted
> request that comes to us via curl.
What is curl?
Where do I get curl?
How do I incorporate curl into my PHP code?
curl is a program that basically fetches stuff from a URL for you. If your server has PHP installed, it almost always will also have curl. You incorporate it into your PHP code just like I showed you, but if you'd like to see more step by step instructions on how to incorporate curl into PHP, check the PHP documentation.
@ssimons wrote:
4.) Is the code below safe to use for an actual live website after I correct the field names for credit card info?
Safe to use? Define safe.
Will it work? Sure. Does this code by itself meet all your requirements to keep your system secure, thereby meeting all of your legal and contractual obligations to abide by the requirements of the PCI Data Security Standards v3.2? I don't know. Please be advised though, that by working with credit card data, you have the requirement of making sure you meet the PCI-DSS requirements. More info here: http://www.authorize.net/resources/pcicompliance/
@ssimons wrote:
5.)
$loginId = getenv("API_LOGIN_ID");
$transactionKey = getenv("TRANSACTION_KEY");
It looks like I can define some PHP constants and then make them avaiable to this script?
This is using PHP's getenv() function to retrieve environment variables called "API_LOGIN_ID" and "TRANSACTION_KEY". You don't want to put those right in the script since your server could break (or be broken into), and you'd be exposing your Authorize.Net credentials to the world. You can set these variables in the php.ini file. Or, set them in some other file and then reference them here. Just make sure that other file doesn't get put anywhere that's accessible.
@ssimons wrote:
6.)
$xml->creditCard->addChild('cardNumber',$cardNumber);
$xml->creditCard->addChild('expirationDate',$expirationDate);
$xml->creditCard->addChild('cardCode',$cardCode);
This information would come from my credit card submittal form, right?
Yes, I'm assuming you'd have fields in that form named "cardNumber", "expirationDate", and "cardCode". Or, if they are named something different, change the names here.
@ssimons wrote:
7.)
$url = "https://apitest.authorize.net/xml/v1/request.api";
Do I need to request a "test" account?
What do I put here for production?
Absolutely you need a test account. Request that here. The production url is the same, but without the word "test". So https://api.authorize.net/xml/v1/request.api
If you feel like you're in a little over your head here, I apologize. I wish it was easier, but we assume a certain level of knowledge regarding interacting with web services. We do have some easier ways in if that would help. Instead of trying to take the card information directly and then pass it to our servers, you might be more interested in something like Accept.js, or Accept Hosted. Accept.js will help you with the PCI requirements, because you put a script in your web form that turns the card number into a single-use token before sending it to you. Accept Hosted goes one better by sending the customer to a payment form hosted on our site, where we process the payment for you.