With the SIM API, one can specify a cancel URL/text. Is there a way to pass a variable back to the cancel URL? I assume there isn't, but can anyone offer an alternative for what I am trying to accomplish? Im using PHP.
Thanks in advance.
Solved! Go to Solution.
11-28-2011 12:54 PM - edited 11-28-2011 12:55 PM
Simplest way is to just have a script run automatically every hour or so that kills users who haven't made their first payment within a certain amount of time. Obviously, you also won't allow login for anyone who hasn't paid yet, since there will be a short period of time between registration and account removal.
11-28-2011 01:50 PM
What sort of variable? You could theoretically cheat and use a cookie.
11-28-2011 12:59 PM
Any variable custom or defined from Authorize.net.
My scenario: customer fills out info for their username, submits their information (where their info is then saved), then goes to Authorize.net and pays for this functionality. (This is the client's desired flow, not mine)
I'm trying to design a practical and secure way of canceling their username (deleting their information from the database since they have not paid).
The variable passed from Authorize.net could tell me which user canceled, and I could automatically delete their information, rather thant my client manually deleting a user from their site administration interface.
Although, thinking about your "cheat", it doesn't appear that even if Authorize.net could send back a parameter, it couldn't really be authenticated on my end, and a malicious user take advantage of this. Similar to the COOKIE case, a malicious user could just visit the "cancel URL" with a cookie that may indicate any user and that user will be deleted. I hope that makes sense.
Any suggested alternatives? If the client pushes for that particular flow, then maybe they should be required to manually delete usernames that cancel on the payment form?
11-28-2011 01:21 PM
Simplest way is to just have a script run automatically every hour or so that kills users who haven't made their first payment within a certain amount of time. Obviously, you also won't allow login for anyone who hasn't paid yet, since there will be a short period of time between registration and account removal.
11-28-2011 01:50 PM
Excellent point. I do not know why I didn't think of cron jobs. You're on a roll today.
11-28-2011 02:12 PM