SIM Newbie Integration

jmayorga — Wed, 20 Jul 2011 16:48:30 GMT

Hello everyone!

I am trying to integrate SIM with our website. The website is hosted by 1and1.com under a Linux package. The system will be use to make reservations to attend meetings hosted by our company. If a person register and do not attend we will charge them a fixed amount of $75.00 if they attend we will not charge them. This is done basically to cover the cost of the people that do not show, but we still pay at the meeting facilities. We have been running this meeting for few years now but they were free and will remain free if a person show up. Usually we get about 30 registrants per event and often 5 to 15 registrants do not show, which means that those registrant are the one that we will actually change the transaction from "Authorized/Pending Capture to Capture.

So far I found out that I can accomplish this with SIM. We are planning in using SIM because we don't want to store any client credit card numbers in our own system, therefore minimizing PCI compliance.

So, here are some issues that I need to take care before we go live.

So far in the example SIM code I change the following: $API_login_id = 'Our_Login_ID';
$transaction_key = 'Our_Live_Transaction_Key"
$amount = "75.00"

So, is it safe to type in the live Transaction Key in the sample code? When I look at the source code from a browser the API_LOGIN_ ID shows but not the Transaction Key, is this normal secure behavior?

Can this fixed amount of $75.00 be change by anyone once it is setup here?
During my reading of the SIM integration developer guide, I understand that I can do a "Authorization Only" by changing or adding this line in the sample code correct?

<INPUT TYPE=HIDDEN NAME="x_type" VALUE="AUTH_CAPTURE" This will place a hold in the amount of $75.00 but the transaction will not be capture until I go in and do it manually using the portal.
After changing those field describe above I uploaded the necessary files to my host (1and1/Linux Package). Then I went to the browser and try to access the SIM.php file, which is the file I edited. I get a button that says "Click here for the secure payment form" then I click on the button and it takes me to payment form. The form is display with the "Test Mode Is ON" message on top. So far everything since to be working. I submitted a test transaction and because it is on "Test Mode On" the transaction goes through but it is not recorded in the Authorize.net live account.

Now, instead of the button that says "Click here for the secure payment form" I would like to have a link to the payment form included in the event invitation. How can I do that? Or at least incorporate that button in the invitation email and change the test to something else. I am trying to avoid in having to many steps to register. Technically, I can add the a link to the SIM.php file from the invitation but that will take people to the page where the button is and then to the payment or registration form.

Finally, we seems to have a very simple process, fix amount, "authorize_only", and no a lot of transactions per a given month is that all it takes to get it running using the sample SIM code? Am I missing something? How about security? Assuming that is normal to key in the "Transaction Key" in the sample code but it doesn't show when you view the source code from a a browser.

Thanks in advance for anyone willing to help me answer some of my concerns.

Re: SIM Newbie Integration

Trevor — Mon, 25 Jul 2011 17:18:13 GMT

1. It is normal using SIM that your API Login ID is visible in the source code of your website. As long as the transaction key is not visible, then it is not a security concern.

Using the sample code as is, the amount can be modified by submitting a new amount as a POST or GET value. If you simply remove the section of code that reads the post values, then the it will not be possible for the customer to change the transaction amount.

2. The transaction type that you need to specify in order to run an Authorization Only is "AUTH_ONLY".

3. It is not possible to embed a SIM integration directly into an email. The best way to accomplish a similar result would be to include a link to your own website where the SIM integration is hosted. If you would like, you can use Javascript to make the form submit as soon as the page is loaded and automatically direct your customer to the Authorize.Net payment form. Otherwise, they will have to click the submit button after they land on your site.

Re: SIM Newbie Integration

jmayorga — Wed, 31 Aug 2011 15:39:13 GMT

Thanks very much for your insight!

topic Re: SIM Newbie Integration in Integration and Testing

SIM Newbie Integration

Re: SIM Newbie Integration

Re: SIM Newbie Integration