[ic] Authorizenet's "Disable Weblink" announcement

Paul Jordan interchange-users@icdevgroup.org
Fri Mar 28 11:30:01 2003 

> Hi There!
>
> Authorizenet just emailed an announcement that they are doing away with
> Weblink and that all of their account holders need to convert to either
> AIM (Advanced Integration Method formerly known as ADC Direct Response)
> or SIM (Simple Integration Method).  From reading though Authorizenet's
> docs on Weblink, AIM and SIM  I'm going to guess Interchange uses AIM,
> since AIM requires Direct Response for the Transaction Response as well
> as an https secure form on the eCommerce website.  AIM and Weblink use
> Relay Response and do not require a secure form, just a form that POSTs
> to Authorizenet's secure verification server.  I have the Interchange
> (v4.6, foundation type catalog) eCommerce site encrypted with a secure
> certificate and have my client's Authorizenet account using Direct
> Response and everything is working like a charm.
>
> But before I disable Weblink and mess up my clients credit card
> transaction capabilities, I was wondering if anyone on this list could
> confirm Interchange DOES not require or use Weblink.


Hi Julie

Actually, you can use IC with any of the above, but if we're talking about
the AuthorizeNet.pm implementation then yeah, you DO NOT need weblink.

I posted maybe a month and a half ago further steps I suggest taking with
AuthorizeNets new policies. For one they are requiring "password required
mode". So, that means you have to send x_Password. IMO this seems like a bad
step, to require that x_Password is present on your server, but they have
introduced X_Tran_Key, and I was hard pressed to find any docs or
implementation guides on their site. X_Tran_Key is very vague in their
explanations.

However you can use X_Tran_Key INSTEAD OF X_Passord. This way, the password
to log into your authorizenet account is not on your server.

I think there is somehting wrong with the archives... I can't seem to find
anything from 2003. So here it is below:

------------------------------------------------

Hi guys

This is to stop using X_Password and start using X_Tran_Key. AutorizeNet now
uses either AIM or SIM both of which require "Password required mode". Now,
the X_Password is the actual password for entering the AuthorizeNet site,
which IMO was not a good situation. From the AuthorizeNet ADMIN, one can
download every credit card number that has been through your system, in the
clear (among other things). The little documented (in their guides)
X_Tran_Key seems like a better way to go. It is just like X_Password, except
you cannot log into their ADMIN site with it, and you now, can delete your
password from your server. IMO this is just one extra step in security that
makes sense.

I don't know all the syntax for making a "changes to" instruction set. I
still have not realized all the features of vi (i.e., how to turn the line
numbers on and things like that).

Anyways, you will get the idea where these changes need to take place by
comparing the surrounding code.

1, go to your AuthoirzeNet administration pages, and click Settings ->
Obtain Transaction Key and follow the instructions.


2, In variable.txt add this line

  AUTHNET_TRANKEY	key_generated_from_step_1	Payment


3, In Catalog.cfg (added line marked with '+')

  Route  authorizenet  id           "__AUTHNET_ID__"
  Route  authorizenet  secret       "__AUTHNET_SECRET__"
  Route  authorizenet  host         "__AUTHNET_HOST__"
  Route  authorizenet  referer      "__AUTHNET_REFERER__"
+ Route  authorizenet  trankey      "__AUTHNET_TRANKEY__"


4, In Vend/Payment/AuthorizeNet.pm there are two changes...

 4a.
----------------------------------------------
       $opt->{port}   ||= 443;

        my $precision = $opt->{precision}     || 2;

        my $referer   =  $opt->{referer}        || charge_param('referer');

+       my $trankey   =  $opt->{trankey}        || undef;

---------------------------------------------

 4b.
---------------------------------------------
                    x_Email         => $actual->{email},
                    x_Phone        => $actual->{phone_day},
+                   x_Tran_Key          => $trankey,
                    x_Password          => $secret,
                    x_Login             => $user,
---------------------------------------------

You can now delete the "VALUE" to X_Password that may be in variable.txt or
catalog.cfg.

RESTART



Test and order. Make a product that is say 25 cents and try it out. I have
tested it and it works for me (AFAICT).

Now, I am no expert, and I am sure other debug statements may need to be
added to show issue with X_Tran_Key, but that currently is beyond my
abilities. Hopefully someone with more experience can implement this, and
then add/fix this post for everyones benifit. However, this is working for
me, with the above.

HTH

Paul