X-Cart:Authorize.Net
Authorize.Net is a large U.S.-based payment gateway that allows you to accept online credit card and electronic check payments. The claimed user base of more than 230,000 merchants makes it one of the largest internet payment service providers. X-Cart is currently integrated with two payment methods offered by Authorize.Net: Server Integration Method (SIM) and Advanced Integration Method (AIM). The major difference between the two methods is where you host the payment pages for you store.
A third Authorize.Net's payment option supported by X-Cart is Authorize.Net: AIM. eCheck, which is an implementation of Authorize.Net: AIM for electronic check payments.
Contents
- 1 Authorize.Net: SIM (Server Integration Method)
- 2 Authorize.Net: AIM (Advanced Integration Method)
- 3 Authorize.Net: AIM. eCheck
- 4 Obtaining an Authorize.Net account
- 5 Setting up Authorize.Net to work with X-Cart
- 6 Setting up Authorize.Net in X-Cart 3.4.x and 3.5.x
- 7 Troubleshooting
- 7.1 Authorize.Net error: "(14) The referrer, relay response or receipt link URL is invalid."
- 7.2 Authorize.Net error: "MD5 transaction signature is incorrect! (Reason Code 0 / Sub 0)"
- 7.3 If Autorize.Net is successfully contacted but you get an error message.
- 7.4 If Authorize.Net replies that certain field cannot be left empty
- 7.5 If you do not get any response from Authorize.Net
- 7.6 Authorize.Net SIM issue: Unable to send notification to Customer error
Authorize.Net: SIM (Server Integration Method)
With Authorize.Net: SIM the payment pages are hosted on the side of Authorize.Net, which means that Authorize.Net provides all the necessary resources to process a transaction, including collection of payment information. Customers get redirected to the Authorize.Net secure website and enter their card details there. Authorize.Net: SIM is a right solution if you do not have adequate resources to collect and transfer sensitive card details. For example, SIM does not require you to obtain and install an SSL certificate on your server/hosting account.
Authorize.Net: AIM (Advanced Integration Method)
With Authorize.Net: AIM the payment pages are hosted together with the rest of the store. The data is transmitted to Authorize.Net in the background mode and customers never leave your website during the purchase. Since Authorize.Net: AIM involves collection and transmission of sensitive cardholder data, you must ensure the security of this data by setting up secure connection with Authorize.Net. Otherwise, Authorize.Net will reject the transaction.
Secure connection is implemented through an SSL certificate installed on your server/hosting account. For recommended SSL certificate providers please check the X-Cart marketplace at http://marketplace.x-cart.com/ . Another requirement of Authorize.Net: AIM is that your server must provide support for at least one of the following HTTPS modules: Net::SSLeay, CURL, libCURL, OpenSSL or HTTPS-cli.
Authorize.Net: AIM. eCheck
Authorize.Net: AIM. eCheck uses the same logic as Authorize.Net: AIM, but it is meant to process electronic check payments - not credit card payments. Like Authorize.Net: AIM, the eCheck implementation also requires an SSL certificate and one of the supported HTTPS modules.
Obtaining an Authorize.Net account
If you have not yet registered an account with Authorize.Net, you should do it before you start setting up Authorize.Net in X-Cart. To open an account, go to the Authorize.Net website at http://www.authorize.net/signupnow/ and follow the instructions on the screen. After you have registered an account, you can set up Authorize.Net: SIM, Authorize.Net: AIM and Authorize.Net: AIM. eCheck in the X-Cart Admin area.
Setting up Authorize.Net to work with X-Cart
Setting up Authorize.Net in X-Cart v4.x
Authorize.Net: AIM
X-Cart:Setting up Authorize.Net: AIM
Authorize.Net:SIM
X-Cart:Setting up Authorize.Net: SIM
Setting up Authorize.Net in X-Cart 3.4.x and 3.5.x
Go to 'CC/ACH processing' menu, select 'Authorize.net' as an active CC processor, click 'Continue' and complete the settings form. Enter merchant login and transaction key. Choose the currency and enter order prefix.
Then log in to your Authorize.net merchant account. Go to Settings -> 'Response/Receipt URLs', click the 'Add URL' button and enter the following URL: http://www.yoursite.com/xcart_directory/customer/home.php (POST method). Also check that the following parameters are set under Settings-> Direct Response:
- Direct Response Delimited Response: Yes
- Default Field Separator: ,(comma)
Troubleshooting
Authorize.Net error: "(14) The referrer, relay response or receipt link URL is invalid."
Make sure you have entered the correct URLs in your Authorize.Net merchant account back-end ('Settings -> Response/Receipt URLs' page), for example:
- Valid Referrer URL: https://www.yoursite.com/xcart/payment/cc_authorizenet_sim.php
- Relay URL: https://www.yoursite.com/xcart/payment/cc_authorizenet_sim.php
Please note, if you have PROTOCOL column set to HTTPS for 'Authorize.Net: SIM' payment method, the URLs must have "https" and vise versa.
Authorize.Net error: "MD5 transaction signature is incorrect! (Reason Code 0 / Sub 0)"
Usually this error is caused by incorrect values submitted for Authorize.Net in the X-Cart admin zone and/or in your merchant account back-office.
Check the settings in your X-Cart: "Payment method" page -> scroll down to Authorize.Net and click 'Configure'. Make sure that there are correct values for Login, Transaction key and MD5 hash. For example, it might be that MD5 hash value is wrong or empty.
Login (API Login ID) and Transaction key are recorded in your merchant account back-office on the "Account -> API Login ID and Transaction Key" page.
MD5 hash value is generated in your Authorize.Net account as well:
- Log in on to the account,
- Select Settings from the Main Menu
- Click on MD5 Hash in the Security section,
- Enter a new value (it is not recommended to use such characters like {, }, *, !),
- Confirm the value entered,
- Click Submit.
If Autorize.Net is successfully contacted but you get an error message.
It can be found on the error message page (in earlier versions, in the browser address string), so you will know what is wrong.
If Authorize.Net replies that certain field cannot be left empty
In this case you should do the following: login to your merchant account, go to 'Settings' -> 'Payment Form' -> Form fields and uncheck 'Required checkbox' next to this field. Another possible cause of orders declining is that AVS checking is too strict. Go to 'Settings' -> 'Address Verification System Settings' and uncheck all Reject flags.
If you do not get any response from Authorize.Net
This means that Authorize.Net hasn't been contacted.
First, check if payment/authorize_net.pl has executable permissions. If it doesn't, run the shell/ftp command - chmod 0755 authorize_net.pl. The second possible cause: Net::SSLeay Perl module is not installed. Refer to the corresponding FAQ item that explains Net::SSLeay Perl module installation.
Rarely happens: your Perl script may have been corrupted during its uploading to your server from Windows machine. If you edit Perl script in Windows editor (like NotePad), you should upload it in ASCII mode to convert Windows new line symbols to UNIX new line symbols.
Authorize.Net SIM issue: Unable to send notification to Customer error
When a customer completes their payment, Authorize.Net calls back to the Relay Response URL (for example, "https://www.yoursite.com/xcart/payment/cc_authorizenet_sim.php") in order to send the payment transaction details to your X-Cart store. When calling back to the URL, Authorize.Net may not receive any response from your server within 10 seconds. Therefore Authorize.net sends the error message:
An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.
Such errors may be caused by accidental communication problems between your web-server and Authorize.Net server, probably when your web-server and/or Authorize.Net server are experiencing the maximum work-load or there is a DNS lookup issue. Here is what Authorize.net knowledge base says:
On occasion, timeouts will occur that are outside of the control of your script or our servers. Typical reasons for these timeouts include Internet traffic, your server is overloaded or malfunctioning, or Internet routing issues. Depending upon your server location and what route is used to send data, it is possible that you may occasionally receive the message you are seeing.
See also: