Cybersource Developer Community Cybersource Developer Community

Hello everyone!

I am trying to integrate SIM with our website.  The website is hosted by 1and1.com under a Linux package.   The system will be use to make reservations to attend meetings hosted by our company.   If a person register and do not attend we will charge them a fixed amount of  $75.00 if they attend we will not charge them.   This is done basically to cover the cost of the people that do not show, but we still pay at the meeting facilities.   We have been running this meeting for few years now but they were free and will remain free if a person show up.  Usually we get about 30 registrants per event and often 5 to 15 registrants do not show, which means that those registrant are the one that we will actually change the transaction from "Authorized/Pending Capture to Capture.

So far I found out that I can accomplish this with SIM.   We are planning in using SIM because we don't want to store any client credit card numbers in our own system, therefore minimizing PCI compliance.

So, here are some issues that I need to take care before we go live.

1. So far in the example SIM code I change the following:  $API_login_id = 'Our_Login_ID';
   $transaction_key = 'Our_Live_Transaction_Key"
   $amount = "75.00" 
   
   So, is it safe to type in the live Transaction Key in the sample code?  When I look at the source code from a browser the API_LOGIN_ ID shows but not the Transaction Key, is this normal secure behavior?
   
   Can this fixed amount of $75.00 be change by anyone once it is setup here?
   
   
2. During my reading of the SIM integration  developer guide, I understand that I can do a "Authorization Only" by changing or adding this line in the sample code correct?
   
   <INPUT TYPE=HIDDEN NAME="x_type" VALUE="AUTH_CAPTURE"  This will place a hold in the amount of $75.00 but the transaction will not be capture until I go in and do it manually using the portal.
   
   
3. After changing those field describe above I uploaded the necessary files to my host (1and1/Linux Package).  Then I went to the browser and try to access the SIM.php file, which is the file I edited.  I get a button that says "Click here for the secure payment form"  then I click on the button and it takes me to payment form.   The form is display with the "Test Mode Is ON"  message on top.  So far everything since to be working.  I submitted a test transaction and because it is on "Test Mode On" the transaction goes through but it is not recorded in the Authorize.net live account.
   
   Now, instead of the button that says "Click here for the secure payment form"  I would like to have a link to the payment form included in the event invitation.  How can I do that? Or at least incorporate that button in the invitation email and change the test to something else.  I am trying to avoid in having to many steps to register.  Technically, I can add the a link to the SIM.php file from the invitation but that will take people to the page where the button is and then to the payment or registration form.
   
   Finally, we seems to have a very simple process, fix amount, "authorize_only",  and no a lot of transactions per a given month is that all it takes to get it running using the sample SIM code?   Am I missing something?  How about security? Assuming that is normal to key in the "Transaction Key" in the sample code but it doesn't show when you view the source code from a a browser.

Thanks in advance for anyone willing to help me answer some of my concerns.