[ic] Authoriznet module enhancment X_Password -> X_Tran_Key
Paul Jordan
interchange-users@icdevgroup.org
Tue Mar 11 15:49:01 2003
Hi guys
This is to stop using X_Password and start using X_Tran_Key. AutorizeNet now
uses either AIM or SIM both of which require "Password required mode". Now,
the X_Password is the actual password for entering the AuthorizeNet site,
which IMO was not a good situation. From the AuthorizeNet ADMIN, one can
download every credit card number that has been through your system, in the
clear (among other things). The little documented (in their guides)
X_Tran_Key seems like a better way to go. It is just like X_Password, except
you cannot log into their ADMIN site with it, and you now, can delete your
password from your server. IMO this is just one extra step in security that
makes sense.
I don't know all the syntax for making a "changes to" instruction set. I
still have not realized all the features of vi (i.e., how to turn the line
numbers on and things like that).
Anyways, you will get the idea where these changes need to take place by
comparing the surrounding code.
1, go to your AuthoirzeNet administration pages, and click Settings ->
Obtain Transaction Key and follow the instructions.
2, In variable.txt add this line
AUTHNET_TRANKEY key_generated_from_step_1 Payment
3, In Catalog.cfg (added line marked with '+')
Route authorizenet id "__AUTHNET_ID__"
Route authorizenet secret "__AUTHNET_SECRET__"
Route authorizenet host "__AUTHNET_HOST__"
Route authorizenet referer "__AUTHNET_REFERER__"
+ Route authorizenet trankey "__AUTHNET_TRANKEY__"
4, In Vend/Payment/AuthorizeNet.pm there are two changes...
4a.
----------------------------------------------
$opt->{port} ||= 443;
my $precision = $opt->{precision} || 2;
my $referer = $opt->{referer} || charge_param('referer');
+ my $trankey = $opt->{trankey} || undef;
---------------------------------------------
4b.
---------------------------------------------
x_Email => $actual->{email},
x_Phone => $actual->{phone_day},
+ x_Tran_Key => $trankey,
x_Password => $secret,
x_Login => $user,
---------------------------------------------
You can now delete the "VALUE" to X_Password that may be in variable.txt or
catalog.cfg.
RESTART
Test and order. Make a product that is say 25 cents and try it out. I have
tested it and it works for me (AFAICT).
Now, I am no expert, and I am sure other debug statements may need to be
added to show issue with X_Tran_Key, but that currently is beyond my
abilities. Hopefully someone with more experience can implement this, and
then add/fix this post for everyones benifit. However, this is working for
me, with the above.
HTH
Paul