How to use Authorize.net payment gateway with PHP
Authorize.net provides various options to integrate payment gateway in your project. AIM and SIM are popular integration methods. We will be covering the SIM method in this article.
You may have come across a situation in web application development where you need to integrate the most basic type of payment gateway. You may definitely consider the SIM as one of the options.
The process of integrating Authorize.net with SIM method is fairly easy and straight forward. It takes couples of minutes to code.
You will need a sandbox account with Authorize.net. It’s a developer’s account to play with API in real-time.
If you don’t have an account, you can create the one with Authorize.net sandbox account here. Create the account. Make the Login_Id and Transaction_Key handy. We will need it.
The solution is pretty straightforward, we don’t need to download and deal with the Official Authorize.net PHP SDK. Click the link to learn more and read the example provided.
The solution is one file solution with minimalist code. I will try explaining the code in the following section. Create a pay.php file and the code discussed below.
Authorize.net SIM process flow:
- Creating merchant identity properties
- Order related properties
- Setting test/production submission URL
- Preparing transaction related properties
- Submitting the form to payment server
- Receive response on return URL & payment post process.
Creating merchant identity properties:
$loginID = "####"; $transactionKey = "####";
You should have the Login_Id and Transaction_Key that you get while creating the sandbox account. You will need to set them in above respective URLs.
These values help payment server identify the merchant account. The payment amount will be added to mentioned merchant account to withdraw.
Order related properties:
$amount = "19.99"; $description = "Sample Transaction";
Obviously, the customer is paying you for the product or services he purchases from you. You would be able to set the order amount and description properties here.
The amount and the order description will be reflected on the payment gateway page where user will actually makes the payment. And same will reflected on payment receipt generated by Authorize.net.
Setting test/production submission URL:
While developing the application you may want to test your payment processing module. Sandbox is made for testing. You need to set the testMode to true while testing the application.
There are two versions of URL you need to know sandbox and production. Each has obviously the different values. The test/sandbox url shows “In Test Mode” on payment page. Make sure to change the url while switching to production environment.
$testMode = "true"; $url = "https://test.authorize.net/gateway/transact.dll";
Preparing transaction related properties:
If you are generating invoice number for each order you may want to set them here. The sequence and timeStamp are used to create the transaction fingerprint.
What does transaction fingerprint mean? We generate a secret code with the combination of sequence, timestamp, login_id, amount and transaction_key.
The payment server uses same set of merchant information to decrypt the transaction fingerprint and authenticate the transaction.
$invoice = date('YmdHis'); // a sequence number is randomly generated $sequence = rand(1, 1000); // a timestamp is generated $timeStamp = time(); $fingerprint = hash_hmac("md5", $loginID . "^" . $sequence . "^" . $timeStamp . "^" . $amount . "^", $transactionKey);
Submitting the form to payment server:
We are all set with required parameters and a html page. Here is what the page code look like:
<form method='post' action='<?php echo $url; ?>' > <input type='hidden' name='x_login' value='<?php echo $loginID; ?>' /> <input type='hidden' name='x_amount' value='<?php echo $amount; ?>' /> <input type='hidden' name='x_description' value='<?php echo $description; ?>' /> <input type='hidden' name='x_invoice_num' value='<?php echo $invoice; ?>' /> <input type='hidden' name='x_fp_sequence' value='<?php echo $sequence; ?>' /> <input type='hidden' name='x_fp_timestamp' value='<?php echo $timeStamp; ?>' /> <input type='hidden' name='x_fp_hash' value='<?php echo $fingerprint; ?>' /> <input type='hidden' name='x_test_request' value='<?php echo $testMode; ?>' /> <input type='hidden' name='x_show_form' value='PAYMENT_FORM' /> <input type='submit' value='<?php echo $label; ?>' />
You see the x_ variables they are field_names. Find out more about fieldnames and their description on official document.
Receive response on return url & payment post process:
Ok, so your customer has paid for the order. The transaction was successful. You may need to add/modify a record in database. As this was a payment server hosted form so you don’t directly control over it.
Authorize.net provides payment notification URL. Once the payment process completed it sends a post data to specified URL. Process the post for post payment processing logic.
Where will you receive the notification response from Authorize.net? It’s up to you, you need to configure the Response/Receipt Urls section under User Account -> Settings -> Response/Receipt URLs.
Authorize.net SIM is really a simple way to integrate payment gateway into your application. If you are looking for simple and straightforward way SIM would be a good choice. You don’t need to think about the SSL as the payment process done at the gateway’s hosted secured page.