Payment processing tag for Lasso 8 and the Authorize.net AIM v3.1 payment processing gateway
PHP Lasso
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
AuthorizeNet_AIM.inc
AuthorizeNet_AIM.lasso
HISTORY.md
LICENSE
README.rst
contributing.md

README.rst

AuthorizeNet_AIM - Payment processing tag for Lasso Professional 8 and the Authorize.Net AIM v3.1 payment processing gateway

Read the article AuthorizeNet_AIM - Payment processing tag for Lasso Professional 8 and the Authorize.Net AIM v3.1 payment processing gateway.

Description

This tag is an update to the AuthorizeNet_AIM payment processing tag for Lasso 8 and the Authorize.Net AIM v3.1 payment processing gateway.

This tag has one required parameter, -AIMParams, and two optional parameters, -testdeveloper and -testrequest.

-AIMParams is an unnamed map of name/value pairs representing the parameters to be passed to Authorize.Net.

-testdeveloper is a boolean that when TRUE submits a test transaction to Authorize.Net's "test" URL. Default is FALSE.

-testrequest is a boolean that when TRUE submits a test transaction request to the designated URL ("test" or "secure") as set in the tag configuration or by the -testdeveloper keyword parameter. Default is FALSE.

This tag returns a value which is either a string or a map.

  • If the returned value is a string, the string is a plain text error message returned by Authorize.Net indicating that you have not properly configured the Authorize.Net Merchant Interface or this tag's settings.
  • If the returned value is a map, it contains the key/value pairs of non-empty parameters in the response returned by the Authorize.Net gateway.

Support Free and Open Source Software Contributions

If you like this tag or documentation, or think I need to spend less time at the computer and take my wife out on a date night, then consider sending either a recurring donation via Gratipay for as small as 25¢ per week, or a one-time donation via PayPal.

Duke accepts donations of biscuits and cabbages. woof.

Usage

It is highly recommend to store the AuthorizeNet_AIM tag in a location on your web server that cannot be served, preferably outside of your web root. You do not want your login or transaction key to be served as a plain text file.

1. Configure

Configuration includes:

  • configuring the Authorize.Net website Merchant Interface,
  • setting values in this tag, and
  • passing values into this tag as a map of key/values.

Authorize.Net Merchant Interface

In the Authorize.Net Merchant Interface Account > Settings > API Login ID and Transaction Key, obtain your transaction key.

Edit this method by entering your transaction key, and saving the file.

Next configure the response delimiter character, under Account > Settings > Direct Response.

Use a pipe and no encapsulation characters:

Delimited Response (X) Yes ( ) No
Default Field Separator | (pipe) or [ ]
Field Encapsulation Character [blank] or [ ]

If you do not use the above settings, then you must change the corresponding values as defined elsewhere in this tag.

Setting values in this method or by passing in parameters

You can choose to either set configuration values in this tag below, or pass them in as values in the map of AIM parameters. Any values passed into this tag will override their corresponding values entered below.

In your page that calls [AuthorizeNet_AIM], build a map of parameters to send to the tag.

local('AIMParams') = map(
    'x_first_name'  = #first_name,
    'x_last_name'   = #last_name,
    'x_amount'      = #amount,
... and so on...);

2. Set a variable to the method

When calling [AuthorizeNet_AIM], store the results in a variable. This will allow you to easily code logic in your page to take appropriate action based on the results (Response Code, etc.) from Authorize.Net.

local('aim_results') = AuthorizeNet_AIM(#AIMParams);

Optionally, use the following following parameters.

-testdeveloper=TRUE submits a test transaction to Authorize.Net's "test" URL. Default is FALSE.

-testrequest=TRUE submits a test transaction request to the designated URL ("test" or "secure") as set in the tag configuration or by the -testdeveloper keyword parameter. Default is FALSE.

-curl=TRUE submits parameters via cURL, os_process, and shell, instead of Lasso's include_url. It also checks for the installation of both os_process and shell, and returns an error if they are not. This is a workaround for a bug reported to LassoSoft on March 19, 2016 and discussed on LassoTalk. Default is FALSE.

-tlsv12=TRUE uses TLS v1.2 when executing cURL and when -curl is TRUE. If -curl is FALSE, then this setting is ignored. Default is FALSE.

The following sends a map of parameters to the tag, which posts the parameters to Authorize.Net's test server as a test transaction request.

local('aim_results') = AuthorizeNet_AIM(
    #AIMParams,
    -testdeveloper=TRUE,
    -testrequest=TRUE,
    -curl=TRUE,
    -tlsv12=TRUE);

3. Sample page logic

// evaluate results and make appropriate decisions
if(#aim_results -> find('x_response_code') == '1');
    // transaction approved
else;
    // transaction failed
    select(#aim_results -> find('x_response_code'));
        case('2');
            //  declined
        case('3');
            //  transaction processing error
        case('4');
            //  held for review
        case;
            //  undefined error
    /select;
/if;

4. Sample message

I recommend displaying a simple error message "Your request could not be processed. Please contact us at _____ during normal business hours." Don't encourage users to try again because it will just frustrate them, or possibly cause much worse problems (multiple payments, trigger an over limit event, trigger a fraud alert with the card issuer, etc.). And in the case of actual fraud, you don't want to tip off the fraudster of why the transaction was declined.

#sample_msg -> append('Thank you, ' + #aim_results -> find('x_first_name')
    + '!  You have personally enriched me by $'
    + #aim_results -> find('x_amount') + '.');

5. Custom labels

You can add merchant-defined results labels to #aimresultlabels, and access them after they are echoed by Authorize.Net.

6. Summary

Here is a code sample that sends an authorize-only transaction to the Authorize.Net test server.

[
local('AIMParams') = map(
    'x_login'='ENTER_YOUR_LOGIN',
    'x_tran_key'='ENTER_YOUR_TRANSACTION_KEY',
    'x_type'='auth_only',
    'x_card_num'='5424000000000015',    // dummy CC#
    'x_exp_date'='1220',                // December 2020
    'x_amount'='0.01');

local('results') = authorizenet_aim(#AIMParams, -testdeveloper=true);
#results;
]

See the comments embedded in the tag's code for proper configuration.

For rapid testing:

  • Copy the files AuthorizeNet_AIM.inc and AuthorizeNet_AIM.lasso to your web server.
  • Configure settings in both files accordingly. The settings in the latter override the former.
  • Save and load AuthorizeNet_AIM.lasso to see the results.

Additional eCommerce Resources

The following information does not constitute an endorsement, warranty or guarantee of service. This information is provided for the sake of comparison. These are the lowest fees I have found over the years.

For further information on developing for AIM, download the AIM Guide.

You can sign up for a developer sandbox account, or you can have the client purchase their own Authorize.Net payment gateway account and create a "webmaster" user that has the required access.

In addition to this tag, the following are requirements.

  1. Dedicated IP for TLS (~$10/month).
  2. TLS.
  3. Secure certificate, starting at $10/year from NameCheap, or use Let's Encrypt for a free secure certificate. You can support the continued development of the AuthorizeNet_AIM_9 method using my NameCheap referral link.
  4. Merchant account that accepts payments over the Internet. If you need a merchant account, you can support the continued development of the AuthorizeNet_AIM_9 method using my Capital Merchant Solutions referral link. As of May 28, 2014, the merchant account costs $8.95/month (for a statement fee), plus 2.14% of the transaction amount and 24¢ per transaction. Everything else is free.
  5. Payment gateway (an Authorize.Net account, for example). Some entities already have a merchant account, so sometimes it is easier to add this feature to their existing merchant account. I am an Authorize.Net reseller. You can support the continued development of the AuthorizeNet_AIM_9 method by following my Authorize.Net reseller link. Effective July 1, 2016, the cost is $15/month, with a $25 account setup fee, $0.05 per transaction, and $0.07 per batch of transactions in a given day.
  6. A combined payment gateway and merchant account is also available from Authorize.Net. You can support the continued development of the AuthorizeNet_AIM_9 method by following my Authorize.Net reseller link. Effective July 1, 2016, the cost is $15/month, with a $25 account setup fee, and a 2.9% plus $0.30 per transaction fee. This option may be more convenient, especially for new online merchants or for processing a small number of transactions.

I am available as a consultant for ecommerce solutions. Please visit Services for more information.