We have been using SIM for years, but the hosted payment form is not mobile-friendly and there seems to be no immediate plans to make it so, according to tech support.
So, we're forced to host our own form. We've got an SSL cert installed and I've downloaded the SDK, but I can't find any kind of form samples to see what can work for us. And should I be using AIM or is that now something else... or should I use Accept?
We just need a simple form that submits 3 fields - the cardholder's Name, Card Number and Exp. Date and returns the fact that the transaction is good (or error code if bad).
A little help, please? :)
@mferguson You have a few options these days. I'd strongly recommend using one of the Accept Suite's options. Accept Hosted or Accept.js might be your best option. (Accept Hosted is the direct replacement for SIM's Hosted Payment Form, and Accept.js is a replacement for DPM which doesn't include its own payment form, but greatly improves security since you don't have to handle PAI directly.)
Thanks for responding. It appears that Accept Hosted is what I need to implement to replace the SIM hosted payment form.
I have looked at the GetHostedPaymentForm() - JSON request, but I don't see how to implement this. I'm assuming somehow this function and data in it gets POSTed to the URL:
but I don't see anything that show how to do this. Can you point me to a sample page or something that explains how everything works together?
@mferguson -- thanks for the feedback. I agree that we could probably spell out the process a bit more clearly, but I think the intention was to let the sample code at https://github.com/AuthorizeNet/accept-sample-app serve as an explanation of how to implement Accept Hosted into your existing workflow. We figured that it'd be better to show how to add the Accept Hosted form into a lightbox, for example.
You seem to be asking about how to summon the Accept Hosted form directly, using the token from getHostedPaymentPageRequest, so I'll focus on that.
First, getHostedPaymentPageResponse will look like this:
<getHostedPaymentPageResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd">
The HTTP body of the request would just be:
We'll respond to that token, if it is valid, by displaying the Accept Hosted form, as configured in your original getHostedPaymentPageRequest call.
Does that help?
Do you mean if I just do this I should get a form displayed?
I tried this, it doesn't work, but I'm posting a token to the URL. I tried in a POST format, also and got the same error, "Missing or invalid token" with a Close button displayed. Is there something more I need to do that I'm not getting?
Also, I tried a few things with the JSON Request object on this page:
But nothing works. Am I supposed to post this object? How?
Still in the dark.
@mferguson The token goes into the HTTP body, not into the URL. We will ignore query strings, and strongly discourage their usage. HTTP POST generally works with the HTTP body. This StackOverflow discussion explains the difference.
Which scripting language or framework are you using? While I am not a developer myself, I can possibly suggest the method in that language or framework for executing a proper HTTP POST.
I'm using LAMP (Linux, Apache, Mysql & PHP) with jQuery and Bootstrap.
I know the difference between GET and POST and why I tried it both ways, but I see now that I need to grab the token from the JSON (or XML) Response and POST that to:
Is that correct?
At first, I thought I was supposed to create the token in the admin Settings, but it's Authorize.net that creates the token and sends it in the Response code. Then I return it in a POST, which then gives me the FORM for user input, right?
If all the above is correct, what I'm really missing is the first step in how to create and make the REQUEST in order to get the RESPONSE. It appears that I use the JSON or XML REQUEST function. I just don't know how to use it so that it creates the REQUEST.
The first step is to get a token. Your server sends a request for a token with details of the payment, and we respond with a token. Then next step is for you to send the token back to us from the browser so that we know which form to load into the browser with which details.
That first step, the token request, is going the be done directly from your server to ours. Once you know everything you need to know to start collecting payment (amount at least), you send a request to the getHostedPaymentPageRequest method in our API. That call returns a response with a token good for 15 minutes.
The actual request comes from your server, but how you get your server to send it is up to you. Our PHP SDK has methods for doing this token request, so you could just call the appropriate method from a PHP script on your server.
To send the token back to us, you get the browser to do an HTTP POST to us with the token in it. In it's simplest form, you could create an HTML page like this:
<html> <head> <title>Form test page</title> </head> <body> <form method="post" action="https://test.authorize.net/payment/payment"> Token: <input type="text" name="token" /> <input type="submit" /> </form> </body> </html>
Load that form up in a browser, copy the token you've received from the initial token request into the text field, paste it into the field, and click submit. The browser will then take you to the payment form corresponding to your initial request.
That's not suitable for real-world use, of course, so you need to find some way to get the customer's browser to request that form. You could serve the customer a page with a hidden form that automatically submits, causing the browser to be redirected to a page on our server with the form in it. Or, you could embed into your page an iframe containing the results of the form post.
Our sample app does it this way. It creates an iframe, with HTML form code inside. To get the value of the token to put into the form, it's calling a PHP script inline to do the token request to our system. Then, it submit's the form so that the result of that POST is what's visible to the user.
Hopefully I'm shedding a little light on this conceptually and not confusing you further. Please let us know if any of this does not make sense or if we can help you further.
Thanks for the detailed response.
I get the whole flow of how everything should be now. The main problem I'm having is how to send a request to the getHostedPaymentPageRequest method in your API.
I've now got the php-sdk working on my site and can log in to the /accept/index.php page with a Customer ID I created, but when I click on the "Hosted Pay" button, I get a modal that says, "Missing or invalid token." Any idea why I might be getting this?
Also, I click the "Pay" button, which displays a modal with form fields to fill out. I fill them out and click SUBMIT and get "Accept.js Example" and "error".
I think if I can get this all working I'll have a better idea of how I should set it up on our site.
You have the PHP SDK? or the sample app? or both? The problems you're talking about involve the sample app, and we can look into those. However, to get your code up and running, you'll want to install the PHP SDK and the PHP sample code. The PHP sample code has a "get-hosted-payment-page.php" sample that will show you exactly how to call the PHP SDK to get a token.