cancel
Showing results for 
Search instead for 
Did you mean: 

Proper http flow using legacy AIM API

I have a simlar problem as the person in this thread.

 

https://community.developer.authorize.net/t5/Integration-and-Testing/HTTP-GET-vs-HTTP-POST/m-p/54868...

 

And i've been greatful for the help I  recently received on forming requests with aim.

 

However the final issue is making sure the site sends the correct HTTP Method when processing a transaction.

 

I want to describe the flow of how my site processes a payment so I can better understand where I'm making the mistake. (the server uses a LAMP stack)

 

My site sells a product let's call it productX for discussion sake. There are n types of productX

productX1, productX2, ProductX3 ... productXn

 

for each one there's a static html page. The static html page contains a form. The form contains hidden feilds which are used to send prefiled data via POST to a PHP file "pay.php" so the the particular version of ProductX  can be prefilled with the correct price and description and other attributes. Since there's only one pay page, we use prefilled data to make sure we're selling the customer the correct product.

 

This php pay page generates html content. The html generated contains another form that has been which by now has been prefilled with data. 

 

The user fills this form with additonal creditcard and other billing info and finally this page posts to itself via HTTP POST and uses the additional data to execute a transaction using transact.dll

 

if this is all confusing see below

 

[productX3.html ]  ---HTTP post --->  [pay.php] ---HTTP post ---> pay.php (a funtion in pay.php runs 

 

$sPaymentURL = "https://secure.authorize.net/gateway/transact.dll?" . $sParams;

$ResponseText = file_get_contents($sPaymentURL);

 

$sParams itself is a concatenation of many vars

 

see here for more detail https://community.developer.authorize.net/t5/Integration-and-Testing/Posting-to-authorize-using-the-...

 

My main question is should the form have an action to transact.dll directly or should the form action be a php page uses the AIM api to post to transact.dll?

 

I understand that this may be a confusing post but i tried to explain as much as I could.

 

 

Alix
Member
1 REPLY 1

The user fills this form with additonal creditcard and other billing info and finally this page posts to itself via HTTP POST and uses the additional data to execute a transaction using transact.dll

 

If the creditcard hit your server, you need to check PCI compliance and it need https

RaynorC1emen7
Expert