[ic] Authoriznet module enhancment X_Password -> X_Tran_Key

Paul Jordan interchange-users@icdevgroup.org
Tue Mar 11 15:49:01 2003 

Hi guys

This is to stop using X_Password and start using X_Tran_Key. AutorizeNet now
uses either AIM or SIM both of which require "Password required mode". Now,
the X_Password is the actual password for entering the AuthorizeNet site,
which IMO was not a good situation. From the AuthorizeNet ADMIN, one can
download every credit card number that has been through your system, in the
clear (among other things). The little documented (in their guides)
X_Tran_Key seems like a better way to go. It is just like X_Password, except
you cannot log into their ADMIN site with it, and you now, can delete your
password from your server. IMO this is just one extra step in security that
makes sense.

I don't know all the syntax for making a "changes to" instruction set. I
still have not realized all the features of vi (i.e., how to turn the line
numbers on and things like that).

Anyways, you will get the idea where these changes need to take place by
comparing the surrounding code.

1, go to your AuthoirzeNet administration pages, and click Settings ->
Obtain Transaction Key and follow the instructions.


2, In variable.txt add this line

  AUTHNET_TRANKEY	key_generated_from_step_1	Payment


3, In Catalog.cfg (added line marked with '+')

  Route  authorizenet  id           "__AUTHNET_ID__"
  Route  authorizenet  secret       "__AUTHNET_SECRET__"
  Route  authorizenet  host         "__AUTHNET_HOST__"
  Route  authorizenet  referer      "__AUTHNET_REFERER__"
+ Route  authorizenet  trankey      "__AUTHNET_TRANKEY__"


4, In Vend/Payment/AuthorizeNet.pm there are two changes...

 4a.
----------------------------------------------
       $opt->{port}   ||= 443;

        my $precision = $opt->{precision}     || 2;

        my $referer   =  $opt->{referer}        || charge_param('referer');

+       my $trankey   =  $opt->{trankey}        || undef;

---------------------------------------------

 4b.
---------------------------------------------
                    x_Email         => $actual->{email},
                    x_Phone        => $actual->{phone_day},
+                   x_Tran_Key          => $trankey,
                    x_Password          => $secret,
                    x_Login             => $user,
---------------------------------------------

You can now delete the "VALUE" to X_Password that may be in variable.txt or
catalog.cfg.

RESTART



Test and order. Make a product that is say 25 cents and try it out. I have
tested it and it works for me (AFAICT).

Now, I am no expert, and I am sure other debug statements may need to be
added to show issue with X_Tran_Key, but that currently is beyond my
abilities. Hopefully someone with more experience can implement this, and
then add/fix this post for everyones benifit. However, this is working for
me, with the above.

HTH

Paul