topic Re: "Webhook" VS "Silent Post" and custom fields in Integration and Testing

"Webhook" VS "Silent Post" and custom fields

RobSolem — Sat, 20 Jan 2018 01:14:21 GMT

Hi Everyone, not sure if this the correct place to post this question.

Years ago I wrote an Authorize.NET integration solution for my company. It uses a hosted payment page, and the "Silent Post" feature. Recently we were told by a Auth.NET representative that "Silent Post" is unreliable, and we should switch to using "Webhooks". So I am doing that work now, but I am noticing that Webhooks doesn't send any of our custom fields, and we really needs those to figure out which product was purchased.

Here are some extra details to help clear up some confusion. This is the flow of our website:

1) First our clients will use our Portal to search for products they want to buy. They add them to our shopping cart, and when they are ready to pay, they press a payment button. That button causes a HTTP POST of the following form elements to Authorize.NET:

There are more fields, but I didn't want to clutter up this forum post, so I put only 3 fields to illustrate the issue. The "x_login" and "x_amount" fields are standard fields, while "x_slot_links" is our own custom field which stores the ID of the exact product that was purchased.

2) The moment this form is posted to Authorize.NET, their Payment Page pops open for the user. There they enter their credit card number, expiration date, etc. We liked this solution because it was PCI compliant. Finally they hit the submit button on that page, which causes the credit card to be charged. Additionally due to the "Silent Post" feature, an HTTP POST sends a form of HTML back down to our server with the transaction details. It looks similar to this (with some fields removed for sake of simplicity):

You'll notice that the "x_slot_links" field is forwarded along from our original form post. But when I swicth to using "Webhooks" I no longer get that field. This is what I get instead:

{
"notificationId":"2d56136d-29ec-4920-8ab9-31c844e39939",
"eventType":"net.authorize.payment.authcapture.created",
"eventDate":"2018-01-19T22:58:42.2377846Z",
"webhookId":"5fa0613a-0038-4b10-921d-99b7673390b1",
"payload":{
"responseCode":1,
"authCode":"HIKLVE",
"avsResponse":"Y",
"authAmount":75.00,
"entityName":"transaction",
"id":"40009641021"
}
}

How can I get custom field data using Webhooks?

Thanks!

Re: "Webhook" VS "Silent Post" and custom fields

nbansal — Sun, 21 Jan 2018 05:32:15 GMT

Hi RobSolem ,

Currently we don't support returning custom fields in webhooks.

We can see the value, you can submit this to ideas page. Our team will evaluate it.

Thanks.

Re: "Webhook" VS "Silent Post" and custom fields

Anurag — Mon, 22 Jan 2018 08:05:41 GMT

Hi @RobSolem

Thanks for your post .

As @nbansal mentioned we currently dont have support for custom fields in the Webhook notifications .

You are welcome to post this as a new feature using our Ideas forum. This will allow others to vote on and make suggestions to improve the request

We are also working on adding support for transReferenceID and InvoiceID in the transactions Notifications in the upcoming release .

Re: "Webhook" VS "Silent Post" and custom fields

RobSolem — Mon, 22 Jan 2018 21:12:32 GMT

Ok, thank you both for your fast replies. I am sorry to hear the webhook can't send extra information.

So how do other developers solve this problem?

I saw a suggestion somewhere that said to store all of my custom data in my own database, and store the "transaction id" along with it. Then later on I can grab the transaction id from the JSON I receive from the webhook, and use that to look up the data in my database.

One problem with that is I don't have a transaction id prior to calling the Hosted payment page. Is it possible to use the API to request a transaction ID, which I can then send to the Hosted payment page, and it uses that ID instead of generating a new one? Or do you have another suggestion?

Hopefully all of this makes sense. If I can't get this Webhook working, I will probably tell all of our clients using Authorize.NET to switch to using PayPal since I have implemented PayPal as well. One of our executives suggested they all switch - but I wanted to see if I could get webhooks working first prior to that.

Re: "Webhook" VS "Silent Post" and custom fields

bhav — Mon, 22 Jan 2018 23:00:32 GMT

Currently, we dont have a way to generate transID ahead before calling HostedPaymentForm(SIM Integration). When a transaction is made successfully, you should be able to get the field x_trans_ID field populated in the transaction response.

Before you initiate PaymentForm, subscribe to the below payment transaction eventTypes. you should be able to get the firedevents to your webhook that you are listening to upon successful transaction. BTW, Subscribing to eventTypes is one-time action. Also, webhooks doesnt take anything input as the transactionID as the transactiondetails payload is auto-generated from anet systems and JSON payload posted to the webhook URL.

Here is the guide to integrate webhooks into your system.

-Bhavana

Copied from the link

PAYMENT EVENTS

Event Description

net.authorize.payment.authorization.created	Notifies you when an authorization transaction is created.
net.authorize.payment.authcapture.created	Notifies you when an authorization and capture transaction is created.
net.authorize.payment.capture.created	Notifies you when a capture transaction is created.
net.authorize.payment.refund.created	Notifies you when a successfully settled transaction is refunded.
net.authorize.payment.priorAuthCapture.created	Notifies you when a previous authorization is captured.
net.authorize.payment.void.created	Notifies you when an unsettled transaction is voided.

Re: "Webhook" VS "Silent Post" and custom fields

brianmc — Tue, 23 Jan 2018 00:11:21 GMT

One of the reasons we're deprecating the older integration methods is that our merchants do not like the redirect away from their web sites. That's also why we had to facilitate the "relaying" of data from your checkout "leave" page through to your receipt "return" page.

Our more recent checkout methods (the Accept suite https://developer.authorize.net/api/reference/features/accept.html ) provide much more control of the customer experience and then you don't need to relay your custom fields through our system.

Let us know what you think, we'd love the feedback,

Brian

Re: "Webhook" VS "Silent Post" and custom fields

Anurag — Tue, 23 Jan 2018 07:34:01 GMT

Hi @RobSolem

You should be able to use refID in the createTransaction request for this use case .

https://developer.authorize.net/api/reference/index.html#payment-transactions-charge-a-credit-card

refId

Merchant-assigned reference ID for the request.

You can store the custom params against this refID and pass it in the payment request .

Once you get back the webhook notification with transactionID , you can use the transID to call getTransactionDetails to retrieve the refID and lookup the custom fields .

https://developer.authorize.net/api/reference/index.html#transaction-reporting-get-transaction-details

in upcoming release of webhook we will start returning the refID also in the notification payload so the extra lookup of transactionDetails wont be required .

Hope this help .

Let us know if any other questions .

Re: "Webhook" VS "Silent Post" and custom fields

Aaron_Actual — Wed, 24 Jan 2018 07:37:13 GMT

Hi Anurag,

Sorry, but don't you mean invoiceNumber here? refId isn't stored in the database, but is just echoed back in the API response so a multithreaded app can better keep track of which request is which.

Re: "Webhook" VS "Silent Post" and custom fields

Anurag — Wed, 24 Jan 2018 07:45:43 GMT

Hi @Aaron_Actual

The refID passed in the createTransaction is returned under the field <transrefId> in the getTransactionDetails .

Also as you stated invoiceNumber is returned also .

Re: "Webhook" VS "Silent Post" and custom fields

RobSolem — Thu, 25 Jan 2018 02:58:58 GMT

Hi Bhavana,

Thank you for your time and response. Unfortunately, I don't think this solves my problem, unless I misread in which case I apologize.

You mention getting the field "x_trans_ID" from the transaction response. However since I am using the Hosted Page, I hand control over to the Authorize.NET page prior to the transaction happening, so I don't get any immediate response. So the only indication I have that the user actually entered a CC number and completed the transaction, is if Auth.NET sends me something like the "Silent Post" or "Webhook". By then getting the "x_trans_ID" is too late.

Consider this scenario:
Let's say there are 10 customers on my portal at the same time, and all of them fill out my shopping cart and hit submit. That pops open the Auth.NET hosted page for all 10 customers which they fill out and submit. Then moments later I get 10 webhook events of type "authcapture". By parsing through those 10 JSON messages, I have no way of knowing which person is tied to which transaction.

Re: "Webhook" VS "Silent Post" and custom fields

RobSolem — Thu, 25 Jan 2018 03:19:33 GMT

Hi Brian,

Thank you for your time and response.

I completely understand that clients don't like to redirect away from the portal. I agree it ruins the continuity of the experience and it also complicates the communication between systems. The only reason we went this route was due to PCI compliance. Incidentally we have developed several different credit card vendor integrations. In addition to Authorize.NET we have implemented PayFlowPro, PayFlowLink, FirstData, EPX, and a couple more. Some of them are straight API implementations, and some have the Hosted payment page. We made so many because many of our clients already had accounts with the various vendors and wanted to keep them. We also have some who require a PCI compliant solution, while others perfer the direct API implementations. Our Authorize.NET solution is one that needs to be PCI compliant.

You mention the "Accept" suite. I have only briefly looked it over, but so far it looks pretty good. I see it has PCI compliance across the various options. Unfortunately I don't think we have time to re-develop using this system. The sad state of things is the original Authorize.NET support representative I spoke with on the phone assured me I could simply copy the "Silent Post" URL and paste it into the "Webhooks" area and it should work without any extra effort. That is what I relayed to our CTO and Director of Development to convince them to go forward with the simple changes. Well, as you know it's not that simple, and it's been taking a while to try to get this working, so it looks like we are out of time.

Thanks for your suggestion though -- I will bring it up in our next meeting.

Regards,

Rob

Re: "Webhook" VS "Silent Post" and custom fields

RobSolem — Thu, 25 Jan 2018 03:22:37 GMT

Hi Anurag,

Thank you for your time and response.

I looked over your links and your proposed solution. Unfortunately it looks like I would be using the API to charge the credit card, which I can't do because we need the Hosted Payment form to do the credit card transaction. Mainly due to PCI compliance.

You can read my responses to Brian and Bhavana above to get some more details about our situation.

Best,

Rob

Re: "Webhook" VS "Silent Post" and custom fields

brianmc — Thu, 25 Jan 2018 03:34:53 GMT

Hi Rob,

We're working on better support model for technical questions like this when they come through our phone support so I'm sorry you were misled on this issue. If you do decide to move over to Accept please feel free to email developer@authorize.net and ask to be connected directly with Brian (they'll know who I am :-) and I'll be happy to correspond with you directly via email and help out with any aspects of the integration or any issues you may encounter.

Brian

Re: "Webhook" VS "Silent Post" and custom fields

RobSolem — Tue, 30 Jan 2018 23:29:23 GMT

Thank you Brian, I appreciate the support. I will mark your post as the answer/solution.

Re: "Webhook" VS "Silent Post" and custom fields

Aaron_Actual — Wed, 31 Jan 2018 05:10:27 GMT

Hi @Anurag,

Do you mean “refTransId”? That’s only there if the transaction that you’re getting details for is a linked credit, and it just lists the transId of the related transaction.

Edit: Wait, I see "transRefId" there tacked on to the end. Is this new? I don't remember it being there before.

Re: "Webhook" VS "Silent Post" and custom fields

Anurag — Wed, 31 Jan 2018 05:18:55 GMT

@Aaron_Actual not sure how long back we added it but yes its returned if refId is passed in the createTransaction request .

https://developer.authorize.net/api/reference/index.html#transaction-reporting-get-transaction-details

transrefId Merchant-assigned reference ID for the request.

If your request included refId, we will return the value in transrefId.

Re: "Webhook" VS "Silent Post" and custom fields

Aaron_Actual — Wed, 31 Jan 2018 05:20:06 GMT

Well, just goes to show I've been away too long if I'm forgetting stuff like that :)

Re: "Webhook" VS "Silent Post" and custom fields

natesutherland2 — Wed, 02 Jun 2021 23:25:22 GMT

Could this be expanded so if you pass refId within "getHostedPaymentPageRequest", it will be returned in the related transaction details?