- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Proper http flow using legacy AIM API
I have a simlar problem as the person in this thread.
And i've been greatful for the help I recently received on forming requests with aim.
However the final issue is making sure the site sends the correct HTTP Method when processing a transaction.
I want to describe the flow of how my site processes a payment so I can better understand where I'm making the mistake. (the server uses a LAMP stack)
My site sells a product let's call it productX for discussion sake. There are n types of productX
productX1, productX2, ProductX3 ... productXn
for each one there's a static html page. The static html page contains a form. The form contains hidden feilds which are used to send prefiled data via POST to a PHP file "pay.php" so the the particular version of ProductX can be prefilled with the correct price and description and other attributes. Since there's only one pay page, we use prefilled data to make sure we're selling the customer the correct product.
This php pay page generates html content. The html generated contains another form that has been which by now has been prefilled with data.
The user fills this form with additonal creditcard and other billing info and finally this page posts to itself via HTTP POST and uses the additional data to execute a transaction using transact.dll
if this is all confusing see below
[productX3.html ] ---HTTP post ---> [pay.php] ---HTTP post ---> pay.php (a funtion in pay.php runs
$sPaymentURL = "https://secure.authorize.net/gateway/transact.dll?" . $sParams;
$ResponseText = file_get_contents($sPaymentURL);
$sParams itself is a concatenation of many vars
see here for more detail https://community.developer.authorize.net/t5/Integration-and-Testing/Posting-to-authorize-using-the-...
My main question is should the form have an action to transact.dll directly or should the form action be a php page uses the AIM api to post to transact.dll?
I understand that this may be a confusing post but i tried to explain as much as I could.
โ07-11-2016 03:13 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The user fills this form with additonal creditcard and other billing info and finally this page posts to itself via HTTP POST and uses the additional data to execute a transaction using transact.dll
If the creditcard hit your server, you need to check PCI compliance and it need https
โ07-11-2016 03:18 PM