Transcription
Merchant Integration GuideCard Not Present TransactionsDecember 2016Authorize.Net Developer Supporthttp://developer.authorize.netAuthorize.Net LLC 082007 Ver.2.0
Authorize.Net LLC (“Authorize.Net”) has made efforts to ensure the accuracy and completeness of theinformation in this document. However, Authorize.Net disclaims all representations, warranties and conditions,whether express or implied, arising by statute, operation of law, usage of trade, course of dealing or otherwise,with respect to the information contained herein. Authorize.Net assumes no liability to any party for any loss ordamage, whether direct, indirect, incidental, consequential, special or exemplary, with respect to (a) theinformation; and/or (b) the evaluation, application or use of any product or service described herein.Authorize.Net disclaims any and all representation that its products or services infringe upon any existing orfuture intellectual property rights. Authorize.Net owns and retains all right, title and interest in and to theAuthorize.Net intellectual property, including without limitation, its patents, marks, copyrights and technologyassociated with the Authorize.Net services. No title or ownership of any of the foregoing is granted or otherwisetransferred hereunder. Authorize.Net reserves the right to make changes to any information herein withoutfurther notice.Authorize.Net Trademarks:Advanced Fraud Detection Suite Authorize.Net Authorize.Net Your Gateway to IP Transactions Authorize.Net Verified Merchant Seal Authorize.Net Where the World Transacts Automated Recurring Billing eCheck.Net FraudScreen.Net 2
CONTENTSContentsRecent Revisions to This DocumentChapter 1Introduction56Processing Requirements7Connection Methods 7Server Integration Method (SIM) 7Advanced Integration Method (AIM) 8Direct Post Method (DPM) 8Simple Checkout 9Developer Support99Chapter 2Submitting Transactions10Credit Card Transaction Types 10Authorization and Capture 10Authorization Only 10Prior Authorization and CaptureCapture Only 12Credit 12Unlinked Credit 13Void 1411Using the Merchant Interface 14Unsettled Transactions 14Virtual Terminal 14Chapter 3Integration Settings16Access Settings 16API Login ID 16Transaction Key 17General Settings 18Test Mode 18Merchant Integration Guide December 20163
ContentsTransaction Cut-Off Time 19Transaction Details API 19Standard Transaction Security Settings 20Address Verification Service (AVS) FilterTips For Using AVS 22Credit Card Verification (CCV) Filter 24Overriding a CCV Decline 25Required Mode 2520Server Integration Method (SIM) Settings 26Form Settings 26Fields on the Payment Form 26Customizing the Hosted Payment Form 31Basic HTML Guide 31Logos and Background Images 32Receipt Page Options 33Hosted Receipt Page 34Relay Response 35Silent Post URL 35MD5 Hash 36Email Receipt 36Advanced Integration Method (AIM) Settings 38Direct Response 38Cardholder Authentication Programs 39eCheck.Net Transactions 40Additional Integration Features 40Itemized Order Information 40Merchant-Defined Fields 41Chapter 4Transaction Response42Response Code Details 47Response Codes 47Response Reason Codes and Response Reason TextMerchant Integration Guide December 2016474
REVISIONSRecent Revisions to ThisDocumentTable 1Revision HistoryDateRevisionDecember 2016This document is now deprecated. For information on integrating with theAuthorize.Net API, visit our Developer Center’s API page.October 2016Authorize.Net now presents API documentation in a rich web format athttp://developer.authorize.net. PDF documentation is officially deprecatedand will not be updated.January 2014This release contains only formatting changes.January 2012Updated document format.May 2011Corrected AVS and CCV settings instructions.Merchant Integration Guide December 20165
CHAPTERIntroduction1Welcome to the Merchant Integration Guide. This document is designed to helpdevelopers connect a website or business application to the Authorize.Net PaymentGateway for processing online payments. Its purpose is to provide details about thesettings available in the Merchant Interface for configuring your connection to the paymentgateway.The Merchant Interface at https://account.authorize.net is a secure website where you canmanage your payment gateway account, submit manual transactions, monitor and reviewunsettled transactions, search for and view settled transactions, view account billingstatements, configure account settings, and more. For help with other Merchant Interfacefeatures and settings, see the Merchant Interface Online Help Files. These can beaccessed from any page in the Merchant Interface by clicking the Help link in the top rightcorner of the page.ImportantConnection settings that can be configured in the Merchant Interface can alsobe hard coded in your website code. To maintain a robust connection to thepayment gateway, it is highly recommended that you work closely with yourweb developer to identify those settings that should be hard coded in yourwebsite code versus those settings that you might need to configure yourselffrom time to time in the Merchant Interface.You might consider creating a unique user account in the Merchant Interface for your webdeveloper to give them direct access and permissions to configure connection settings foryour account. This way, you do not need to worry about settings yourself—you can simplycommunicate requirements to your web developer. For more information on creating useraccounts, log in to the Merchant Interface at https://account.authorize.net, click UserAdministration under Account in the main menu on the left, and click the Help link in thetop right corner of the page.NoteOnly Account Owners or Account Administrators have the permissionsnecessary to create new account users. If the Multiple User Accounts feature isnot enabled for your Merchant Interface account, the principle owner or theperson in your organization who set up your payment gateway account willneed to activate it in order for you to create user accounts. For more informationsee the Multiple User Accounts Merchant Preparation Guide erchant Integration Guide December 20166
Chapter 1IntroductionProcessing RequirementsThis document assumes that the following requirements for processing payments throughthe Authorize.Net Payment Gateway are already in place: You already have a merchant bank account that allows Internet transactions. You already have an Authorize.Net Payment Gateway account. You are working with a web developer or shopping cart to connect your e-commercewebsite or other business application to the Authorize.Net Payment Gateway.Connection MethodsThe Authorize.Net Payment Gateway provides several different methods for connectingan e-commerce website or other business application to the payment gateway by meansof the Internet. If you or your web developer have not already selected an integrationmethod, discuss your business requirements with your web developer for helpdetermining which connection method is best for you. You can also review our ConnectionMethods Guide at ide.pdf, or theQuick Start page at nminutes.You can choose from the following connection methods: Server Integration Method (SIM) Advanced Integration Method (AIM) Direct Post Method (DPM) Simple CheckoutServer Integration Method (SIM)SIM is a hosted payment processing solution, which means that Authorize.Net providesthe necessary web resources to handle all the steps in processing a transaction, including: Collecting customer payment information through a secure, hosted form Generating a receipt to the customer Secure transmission to the payment processing networks for settlement Funding of proceeds to your bank account Secure storage of cardholder informationSIM is an ideal integration solution for merchants who do not want to collect, transmit orstore sensitive cardholder information to process transactions. Additionally, SIM does notrequire a Secure Sockets Layer (SSL) digital certificate. This removes the complexity ofMerchant Integration Guide December 20167
Chapter 1Introductionsecurely handling and storing cardholder information, simplifying compliance with thePayment Card Industry (PCI) Data Security Standard. For more information about the PCIData Security Standard, see Understanding PCI ompliance/You can find the SIM Developer Guide in the Authorize.Net Developer Center ced Integration Method (AIM)AIM is a custom payment processing solution that gives you control over all the steps inprocessing a transaction, including: Collecting customer payment information through a custom application Generating a receipt to the customer Secure transmission to the payment gateway for transaction processing Secure storage of cardholder information And more, depending on your business requirementsAIM is an ideal integration solution for merchants who need the highest degree ofcustomization and control over their customers’ checkout experience. Because AIMinvolves the collection, transmission, and storage of cardholder data, compliance with thePCI Data Security Standard is required by the Card Associations. For more information,see Understanding PCI ompliance/You can find the AIM Developer Guide in the Authorize.Net Developer Center t Post Method (DPM)The Direct Post Method (DPM) offers the user optimal site customization while still relyingon Authorize.Net for help with PCI compliance. The Authorize.Net Payment Gatewayhandles data submission while keeping Authorize.Net virtually transparent. Themerchant’s website handles data collection and response to the customer using a form ofrelay response in which the merchant designs the receipt page.The security of a DPM transaction is assured through the use of a unique digital signatureor “fingerprint” that is sent with each transaction. This fingerprint is used by Authorize.Netto authenticate both the merchant and the transaction. Sample code for this function isavailable for free from the Authorize.Net Developer Center athttp://developer.authorize.net.Merchant Integration Guide December 20168
Chapter 1IntroductionSimple CheckoutSimple Checkout gives you the ability to link to our secure payment page without having towrite code to link your website to our system. You can create a profile for each product yousell, designate different pricing points for shipping costs, and then copy the code from theMerchant Interface and paste it into your site's HTML. This code adds a button that says“Buy Now” or “Donate” on your website, which will take the customer to Authorize.Net’ssecure checkout page, with all product information pre-filled.To start using the Simple Checkout tool:Step 1Log on to your Merchant Interface.Step 2Click Tools.Step 3On the left, select Simple Checkout.Step 4Sign up for Multi User Account Management (if not already enabled on the account).Step 5Agree to Terms of Service.Step 6Generate an API Login ID and Transaction Key when prompted.Developer SupportThe following resources can help you successfully integrate a merchant web site or otherapplication to the Authorize.Net Payment Gateway. The Developer Center provides sandbox accounts, sample code, FAQs, andtroubleshooting tools. Developer training videos cover a variety of topics. The developer community provides answers to questions from other Authorize.Netdevelopers. Ask us a question at our Developer Support page. Search our knowledge base for answers to commonly asked questions.To submit suggestions for improving or correcting this guide, send email todocumentation@authorize.net.Merchant Integration Guide December 20169
CHAPTERSubmitting Transactions2There are two ways to submit transactions to Authorize.Net: Automatically through a website or custom application connected to Authorize.Netusing an API such as Advanced Integration Method (AIM) or Server IntegrationMethod (SIM). Manually process orders by using the Virtual Terminal.It’s a good idea to identify how your business plans to submit transactions so that you and/or your web developer can properly integrate your payment gateway account to supportyour business processes.For example, are you submitting transactions mainly through an e-commerce website?Are you integrating a custom application to allow call center representatives to enter mailorder/telephone order (MOTO) transactions? Would you like the ability to verify theavailability of funds on a customer’s credit card account at the time of purchase and thencharge their credit card at the time you ship the order?By communicating your transaction processing practices or requirements, you can helpyour web developer integrate your website or custom application more quickly.Credit Card Transaction TypesThe payment gateway supports the following credit card transaction types.Authorization and CaptureThis is the most common type of credit card transaction. The amount is sent forauthorization, and if approved, is automatically submitted for settlement.Authorization OnlyThis transaction type is sent for authorization only. The transaction will not be sent forsettlement until the credit card transaction type Prior Authorization and Capture (seeMerchant Integration Guide December 201610
Chapter 2Submitting Transactionsdefinition below) is submitted, or the transaction is submitted for capture manually in theMerchant Interface.If action for the Authorization Only transaction is not taken on the payment gateway within30 days, the authorization expires and is no longer available for capture. A newAuthorization Only transaction would then have to be submitted to obtain a newauthorization code.You can submit Authorization Only transactions if you want to verify the availability offunds on the customer’s credit card before finalizing the transaction. This transaction typecan also be submitted in the event that you do not currently have an item in stock or youwant to review orders before shipping goods.NoteIf you are using SIM, you can configure the hosted payment form to submiteither Authorization and Capture or Authorization Only transactions.Communicate to your web developer your preferences regarding which ofthese credit card transaction types should be used for your website.Prior Authorization and CaptureThis transaction type is used to complete an Authorization Only transaction that wassuccessfully authorized through the payment gateway.NoteAn Authorization Only and a Prior Authorization and Capture together areconsidered one complete transaction. After the Prior Authorization and Captureis submitted, the transaction will be sent for settlement.The payment gateway accepts this transaction type and initiates settlement if the followingconditions are met: The original Authorization Only transaction was submitted within the previous 30 days(Authorization Only transactions expire on the payment gateway after 30 days). The transaction is submitted with the valid transaction ID of an original, successfullyauthorized, Authorization Only transaction. The original transaction is not already settled, expired or errored. The amount being requested for capture is less than or equal to the originalauthorized amount.For this transaction type, the amount is only required in the event that a Prior Authorizationand Capture is submitted for an amount that is less than the amount of the originalAuthorization Only transaction. If no amount is submitted, the payment gateway will initiatesettlement for the amount of the original authorized transaction.Merchant Integration Guide December 201611
Chapter 2Submitting TransactionsIf this transaction type is required, we recommend you process the transactions by loggingon to the Merchant Interface directly, or by using a desktop application that uses AIM. Youcan search for the transaction by Transaction ID, then open the Transaction Details pagefor that transaction.Capture OnlyThis transaction type is used to complete a previously authorized transaction that was notoriginally submitted through the payment gateway or that required voice authorization.The payment gateway accepts Capture Only transactions if the following conditions aremet: The transaction is submitted with the valid authorization code issued to the merchantto complete the transaction. The transaction is submitted with the customer’s full credit card number and expirationdate.NoteNoteIf you are using SIM, we strongly recommend that you only submit CaptureOnly transactions through the Virtual Terminal. This transaction typerequires the submission of full sensitive customer information, whichrequires a greater level of compliance with the Payment Card Industry(PCI) Data Security Standard. If your business needs the ability to submitthis transaction type from a custom application, consider using AIM. Formore information about AIM, see the AIM Developer Guide at http://developer.authorize.net/guides/AIM/.This transaction type might be subject to a higher discount rate. Contactyour Merchant Service Provider for more information about submittingCapture Only transactions.CreditThis transaction type is used to refund a customer for a transaction that was originallyprocessed and successfully settled through the payment gateway.The payment gateway accepts Credits if the following conditions are met: The transaction is submitted with the valid transaction ID of an original, successfullysettled transaction. The amount being requested for refund is less than or equal to the original settledamount.Merchant Integration Guide December 201612
Chapter 2Submitting Transactions The total amount of multiple Credit transactions submitted against the originaltransaction is less than or equal to the original settled amount. At least the last four digits of the credit card number used for the original, successfullysettled transaction are submitted. An expiration date is not required. The transaction is submitted within 120 days of the settlement date of the originaltransaction.If this transaction type is required, we recommend you process the transactions by loggingon to the Merchant Interface directly, or by using a desktop application that uses AIM. Youcan search for the transaction by Transaction ID, then open the Transaction Details pagefor that transaction.Unlinked CreditThis transaction type is used to issue a refund for a transaction that was not originallysubmitted through the payment gateway. It also allows you to override restrictions forsubmitting refunds for payment gateway transactions, for example, if you are beyond the120-day period for submitting a refund or you would like to refund an amount that isgreater than the original transaction amount.The ability to submit unlinked credits is not a standard payment gateway accountfeature. To request the Expanded Credits Capability (ECC) feature, you must submit anapplication. For more information about the ECC application, tNoteA transaction ID must not be submitted with an Unlinked Credit. If ECC isenabled for your account, and a transaction ID is submitted with the UnlinkedCredit transaction, then the payment gateway will attempt to apply the credit toan original transaction with the transaction ID submitted.If you are using SIM, we strongly recommend that you only submit UnlinkedCredit transactions through the Virtual Terminal. This transaction type requiresthe submission of full sensitive customer information, which requires a greaterlevel of compliance with the Payment Card Industry (PCI) Data SecurityStandard. If your business needs the ability to submit this transaction type froma custom application, use AIM. For more information about AIM, see the AIMDeveloper Guide ant Integration Guide December 201613
Chapter 2Submitting TransactionsVoidThis transaction type is used to cancel an original transaction that not yet settled andprevents it from being sent for settlement. A Void can be submitted against any othertransaction type.NoteIf you are unsure of whether a transaction is settled, you can attempt to submita Void first. If the Void errors, the original transaction is likely settled, in whichcase you can submit a Credit for the transaction.The payment gateway accepts Voids if the following conditions are met: The transaction is submitted with the valid transaction ID of an original, successfullyauthorized transaction. The original transaction is not already settled, expired or errored.If this transaction type is required, we recommend you process the transactions by loggingon to the Merchant Interface directly, or by using a desktop application that uses AIM. Themerchant can search for the transaction by Transaction ID, then open the TransactionDetails page for that transaction.Using the Merchant InterfaceThe Merchant Interface allows you to manage transactions, capture Authorization Onlytransactions, void transactions, and issue refunds. These transaction types can also bemanaged automatically using AIM or SIM if you are integrating a custom application to thepayment gateway. However, for most integrations, these transaction types can be moreconveniently and easily managed in the Merchant Interface.Unsettled TransactionsOn the Unsettled Transactions page you can select a single or multiple Authorization Onlytransactions to capture. You can also void transactions from the Unsettled Transactionspage. For more information on how to submit these transaction types, click UnsettledTransactions under Search in the Merchant Interface main menu and then click the Helplink in the top right corner of the Unsettled Transactions page.Virtual TerminalRefunds (Credit and Unlinked Credit) and Capture Only transactions can be submittedthrough the Virtual Terminal feature of the Merchant Interface. For information on how toMerchant Integration Guide December 201614
Chapter 2Submitting Transactionsuse the Virtual Terminal, click Virtual Terminal under Tools in the Merchant Interface mainmenu and then click the Help link in the top right corner of the Virtual Terminal page.Refunds submitted through the Virtual Terminal for original transactions processedthrough the payment gateway require the Transaction ID of the original transaction. Youcan obtain this information by searching for the original transaction on the SearchTransactions page of the Merchant Interface and viewing the transaction details. Forinformation on how to search transactions, click Transactions under Search in theMerchant Interface main menu and then click the Help link in the top right corner of theTransaction Search page.If ECC is enabled for your account and you would like to submit a refund through theVirtual Terminal that is associated with a transaction that was not originally processed onthe payment gateway, you must not provide a transaction ID. If a transaction ID issubmitted, the payment gateway will attempt to apply the credit to an original paymentgateway transaction.Merchant Integration Guide December 201615
CHAPTERIntegration Settings3Most integration settings in the Merchant Interface apply to both Server IntegrationMethod (SIM) and Advanced Integration Method (AIM). However, some are specific to theconnection method you are using. This section details all the settings you should be awareof in the Merchant Interface that will help you achieve and maintain a strong connection tothe payment gateway.Access SettingsIn order to connect a website or proprietary business application to the payment gateway,you should be familiar with the API Login ID and Transaction Key. These valuesauthenticate you as an authorized merchant when submitting transaction requests.API Login IDThe API Login ID is a complex value that is at least eight characters in length, includesuppercase and lowercase letters, numbers, and/or symbols and identifies your account tothe payment gateway. It is not the same as your login ID for logging into the MerchantInterface. The two perform different functions. The API Login ID is a login ID that yourwebsite uses when communicating with the payment gateway to submit transactions. It isonly used for your website or other business application’s connection to the paymentgateway.The API Login ID for your account is available in the Settings menu of the MerchantInterface.ImportantThe API Login ID is a sensitive piece of account information and should only beshared on a need-to-know basis, for example with your web developer. Be sureto store it securely.Merchant Integration Guide December 201616
Chapter 3Integration SettingsTo obtain your API Login IDStep 1Log on to the Merchant Interface at https://account.authorize.net.Step 2Select Settings under Account in the main menu on the left.Step 3Click API Login ID and Transaction Key in the Security Settings section.Step 4If you have not already obtained an API Login ID and Transaction Key for your account,you will need to enter the secret answer to the secret question you configured at accountactivation.Step 5Click Submit.The API Login ID for your account is displayed on the API Login ID and Transaction Keypage.It is highly recommended that you reset your API Login ID regularly, such as every sixmonths, to strengthen the security of your payment gateway account. To reset your APILogin ID you need to contact Authorize.Net Customer Support. You will then need tocommunicate the new API Login ID to your web developer immediately to update yourwebsite integration code. Failure to do so will result in a disruption in transactionprocessing.NoteThe above directions apply when Multiple User Accounts is activated for youraccount. If this feature is not enabled for your account, you will need to activateit in order to generate and view the API Login ID in the Merchant Interface.Otherwise your current login ID is the same as the API Login ID for youraccount.Transaction KeyThe Transaction Key is a 16-character alphanumeric value that is randomly generated inthe Merchant Interface. It works in conjunction with your API Login ID to authenticate youas an authorized user of the Authorize.Net Payment Gateway when submittingtransactions from your website.Like the API Login ID, the Transaction Key is a sensitive piece of account information thatshould only be shared on a need-to-know basis.To obtain a Transaction Key:Step 1Log on to the Merchant Interface at https://account.authorize.net.Step 2Select Settings under Account in the main menu on the left.Step 3Click API Login ID and Transaction Key in the Security Settings section.Merchant Integration Guide December 201617
Chapter 3Integration SettingsStep 4Enter the secret answer to the secret question you configured when you activated youruser account.Step 5Click Submit.The Transaction Key for your account is displayed on a confirmation page.ImportantBe sure to record your Transaction Key immediately in a secure manner orcopy it immediately to a file in a secure location, since it is not always visible inthe Merchant Interface like the API Login ID. Once you navigate away from theconfirmation page, there is no other way to access the Transaction Key in theMerchant Interface. You would have to generate a new Transaction Key.It is highly recommended that you create a new Transaction Key regularly, such as everysix months, to strengthen the security of your payment gateway account. You then need tocommunicate the new Transaction Key to your web developer immediately to update yourwebsite integration code. Failure to do so will result in a disruption in transactionprocessing.General SettingsThe following settings are important for all connections to the Authorize.Net PaymentGateway and should be configured for your account to achieve optimal performance andsecurity. You might need to contact your web developer to be sure that your website iscoded to interact properly with these settings.Test ModeTest Mode allows you to test your website connection to the payment gateway withoutactually processing live transactions. Once activated, your account is already in TestMode by default. While in Test Mode, the payment gateway will accept test transactions asa simulation of how actual transactions would be accepted or declined, but payment datawill not actually be submitted for processing. Test transactions will not be stored andcannot be retrieved from the payment gateway.Contact your web developer for help with submitting test transactions.ImportantIt is important that you leave your account in Test Mode until your connection to thepayment gateway is successfully tested and ready to process live transactions. You canMerchant Integration Guide December 201618
Chapter 3Integration Settingsplace your account in Test Mode at any time to test updates to your website connection, orif you need to quickly turn off transaction processing.To turn Test Mode off or on:Step 1Log on to the Merchant Interface at https://account.authorize.net.Step 2Select Settings under Account in the main menu on the left.Step 3Click Test Mode in the Security Settings section.Step 4Click Turn Test OFF to take your account out of Test Mode. Click Turn Test ON to placeyour account in Test Mode.Transaction Cut-Off TimeThe Transaction-Cut-Off Time is the time of day that your transactions are batched andsubmitted by the payment gateway to the processing network for settlement. You canspecify the time that your batch should be submitted for settlement each day. The defaultTransaction Cut-Off Time for your account is 3:00 PM Pacific time. Transactions submittedafter your Transaction Cut-Off Time will be inc
Merchant Integration Guide December 2016 4 Contents Transaction Cut-Off Time 19 Transaction Details API 19 Standard Transaction Security Settings 20 Address Verification Service (AVS) Filter 20 Tips For Using AVS 22 Credit Card Verification (CCV) Filter 24 Overriding a CCV Decline 25 Required Mode 25 Server Integration Method (SIM) Settings 26 Form Settings 26 Fields on the Payment Form 26
