From X-Cart 4 Classic
Revision as of 12:03, 19 October 2010 by Ivka (talk | contribs) (Authorize.Net:SIM)
Jump to: navigation, search

Authorize.Net is a large U.S.-based payment gateway that allows you to accept online credit card and electronic check payments. The claimed user base of more than 230,000 merchants makes it one of the largest internet payment service providers. X-Cart is currently integrated with two payment methods offered by Authorize.Net: Server Integration Method (SIM) and Advanced Integration Method (AIM). The major difference between the two methods is where you host the payment pages for you store.

A third Authorize.Net's payment option supported by X-Cart is Authorize.Net: AIM. eCheck, which is an implementation of Authorize.Net: AIM for electronic check payments.

Authorize.Net: SIM (Server Integration Method)

With Authorize.Net: SIM the payment pages are hosted on the side of Authorize.Net, which means that Authorize.Net provides all the necessary resources to process a transaction, including collection of payment information. Customers get redirected to the Authorize.Net secure website and enter their card details there. Authorize.Net: SIM is a right solution if you do not have adequate resources to collect and transfer sensitive card details. For example, SIM does not require you to obtain and install an SSL certificate on your server/hosting account.

Authorize.Net: AIM (Advanced Integration Method)

With Authorize.Net: AIM the payment pages are hosted together with the rest of the store. The data is transmitted to Authorize.Net in the background mode and customers never leave your website during the purchase. Since Authorize.Net: AIM involves collection and transmission of sensitive cardholder data, you must ensure the security of this data by setting up secure connection with Authorize.Net. Otherwise, Authorize.Net will reject the transaction.

Secure connection is implemented through an SSL certificate installed on your server/hosting account. For recommended SSL certificate providers please check the X-Cart marketplace at http://marketplace.x-cart.com/ . Another requirement of Authorize.Net: AIM is that your server must provide support for at least one of the following HTTPS modules: Net::SSLeay, CURL, libCURL, OpenSSL or HTTPS-cli.

Authorize.Net: AIM. eCheck

Authorize.Net: AIM. eCheck uses the same logic as Authorize.Net: AIM, but it is meant to process electronic check payments - not credit card payments. Like Authorize.Net: AIM, the eCheck implementation also requires an SSL certificate and one of the supported HTTPS modules.

Obtaining an Authorize.Net account

If you have not yet registered an account with Authorize.Net, you should do it before you start setting up Authorize.Net in X-Cart. To open an account, go to the Authorize.Net website at http://www.authorize.net/signupnow/ and follow the instructions on the screen. After you have registered an account, you can set up Authorize.Net: SIM, Authorize.Net: AIM and Authorize.Net: AIM. eCheck in the X-Cart Admin area.

Setting up Authorize.Net to work with X-Cart

Setting up Authorize.Net in X-Cart v4.x

Authorize.Net: AIM

In X-Cart admin zone go to the 'Payment methods' page. Use 'Payment gateways' form to add Authorize.Net:AIM to your list of payment methods. After it has been added to the payment methods box, click the 'Configure' link next to the name of this CC processor to access Authorize.Net:AIM settings dialog.

You should complete the following fields:

  • Account type (Authorize.Net or Wells Fargo).
  • API Login ID
  • Transaction key
  • Currency
  • MD5 hash value
  • Test/Live mode
  • Order prefix

You should receive your Login ID and Transaction key from Authorize.Net. MD5 hash value is set up in your merchant account.


X-Cart:Setting up Authorize.Net: SIM

Setting up Authorize.Net in X-Cart 3.4.x and 3.5.x

Go to 'CC/ACH processing' menu, select 'Authorize.net' as an active CC processor, click 'Continue' and complete the settings form. Enter merchant login and transaction key. Choose the currency and enter order prefix.

Then log in to your Authorize.net merchant account. Go to Settings -> 'Response/Receipt URLs', click the 'Add URL' button and enter the following URL: http://www.yoursite.com/xcart_directory/customer/home.php (POST method). Also check that the following parameters are set under Settings-> Direct Response:

  • Direct Response Delimited Response: Yes
  • Default Field Separator: ,(comma)


Authorize.Net error "MD5 transaction signature is incorrect! (Reason Code 0 / Sub 0)"

Usually it is caused by incorrect values submitted for Authorize.Net in the X-Cart admin zone and/or in your merchant account back-office.

Check the settings in your X-Cart: "Payment method" page -> scroll down to Authorize.Net and click 'Configure'. Make sure that there are correct values for Login, Transaction key and MD5 hash. For ex., it might be that MD5 hash value is wrong or empty.

Login (API Login ID) and Transaction key are recorded in your merchant account back-office on the "Account -> API Login ID and Transaction Key" page.

MD5 hash value is generated in your Authorize.Net account as well:

  1. login on to the account,
  2. select Settings from the Main Menu,
  3. click on MD5 Hash in the Security section,
  4. enter a new Value (it is not recommended to use such characters like {, }, *, !),
  5. confirm the Value entered,
  6. click Submit.

If Autorize.Net is successfully contacted but there is an error you will get an error message.

It can be found on the error message page (in earlier versions, in the browser address string), so you will know what is wrong.

If Authorize.Net replies that certain field cannot be left empty

In this case you should do the following: login to your merchant account, go to 'Settings' -> 'Payment Form' -> Form fields and uncheck 'Required checkbox' next to this field. Another possible cause of orders declining is that AVS checking is too strict. Go to 'Settings' -> 'Address Verification System Settings' and uncheck all Reject flags.

If you do not get any response from Authorize.Net

This means that Authorize.Net hasn't been contacted.

First, check if payment/authorize_net.pl has executable permissions. If it doesn't, run the shell/ftp command - chmod 0755 authorize_net.pl. The second possible cause: Net::SSLeay Perl module is not installed. Refer to the corresponding FAQ item that explains Net::SSLeay Perl module installation.

Rarely happens: your Perl script may have been corrupted during its uploading to your server from Windows machine. If you edit Perl script in Windows editor (like NotePad), you should upload it in ASCII mode to convert Windows new line symbols to UNIX new line symbols.