WIXLIB

Server Integration Method (SIM)Developer GuideCard Not Present TransactionsAuthorize.Net Developer Supporthttp://developer.authorize.netAuthorize.Net LLC 082007 Ver.2.0

Authorize.Net LLC (“Authorize.Net”) has made efforts to ensure the accuracy and completeness of theinformation in this document. However, Authorize.Net disclaims all representations, warranties andconditions, whether express or implied, arising by statute, operation of law, usage of trade, course ofdealing or otherwise, with respect to the information contained herein. Authorize.Net assumes noliability to any party for any loss or damage, whether direct, indirect, incidental, consequential, specialor exemplary, with respect to (a) the information; and/or (b) the evaluation, application or use of anyproduct or service described herein.Authorize.Net disclaims any and all representation that its products or services do not infringe uponany existing or future intellectual property rights. Authorize.Net owns and retains all right, title andinterest in and to the Authorize.Net intellectual property, including without limitation, its patents,marks, copyrights and technology associated with the Authorize.Net services. No title or ownership ofany of the foregoing is granted or otherwise transferred hereunder. Authorize.Net reserves the right tomake changes to any information herein without further notice.Authorize.Net Trademarks:Advanced Fraud Detection Suite Authorize.Net Authorize.Net Your Gateway to IP Transactions Authorize.Net Verified Merchant Seal Authorize.Net Where the World Transacts Automated Recurring Billing eCheck.Net FraudScreen.Net Last revised: 10/12/2009Copyright 1998 - 2009 Authorize.Net, a CyberSource solution1

Table of ContentsRevision History . 4Section 1. 5Introduction . 5SIM Minimum Requirements .6Managing Integration Settings .6Features of SIM.7eCheck.Net .8Developer Support .8Section 2. 9Transaction Data Requirements. 9Credit Card Transaction Types .10Authorization and Capture . 10Authorization Only . 11Prior Authorization and Capture . 11Credit . 11Void . 11Using the Merchant Interface .12Section 3. 13Submitting Transactions . 13Transaction Post Location .13Generating the Unique Transaction Fingerprint .13Custom transaction fingerprint code. 13Using Authorize.Net sample code. 15Requesting the Secure Hosted Payment Form.15Customizing the hosted payment form fields . 18Customizing the hosted payment form look and feel . 26Merchant-defined fields . 29Section 4. 32Receipt Options . 32Last revised: 10/12/2009Copyright 1998 - 2009 Authorize.Net, a CyberSource solution2

Table of ContentsThe Receipt Page .32Customizing the hosted receipt page . 32Customizing the receipt page look and feel . 35Relay Response .38Tips for using Relay Response: . 40Email Receipt .40Section 5. 42Additional API Fields . 42Transaction Information .42Itemized Order Information .43Additional Customer Information .44Section 6. 45Transaction Response . 45Fields in the Payment Gateway Response .45Using the MD5 Hash Feature . 49Response for Duplicate Transactions . 50Response Code Details .51Response Codes . 52Response Reason Codes and Response Reason Text . 52Section 7. 64Test Transactions . 64Testing to Generate Specific Transaction Results . 65Appendix A . 66Fields by Transaction Type . 66Minimum Required Fields .66Required Fields for Additional SIM Features .67Best Practice Fields.67Appendix B . 68Alphabetized List of API Fields. 68Last revised: 10/12/2009Copyright 1998 - 2009 Authorize.Net, a CyberSource solution3

Revision HistoryPUBLISH DATEUPDATESAugust 2007Release of Ver 2.0 Server Integration Method (SIM) Developer GuideMay 2008Remove SecureSource requirements and various updatesJuly 2009Clarify use of x recurring billing, x fp timestamp, x versionAdded warning for Merchant Defined FieldsAdditions to the Response Code listUpdates to Silent Post URLNew section Renaming a FieldSeptember 2009Added note explaining new policy with respect to authorization transactions forVisa credit cardsCorrected list of supported graphics formats for the Hosted Payment form.(Removed SWF as a supported format)Deprecation of transaction types Prior auth Capture, Voids, CreditsOctober 2009Update definition of x type to reflect deprecation of transaction typesPrior auth capture, Credit, and Void.Correct capitalization of the eCheck.Net Developer Guide.Last revised: 10/12/2009Copyright 1998 - 2009 Authorize.Net, a CyberSource solution4

Section 1IntroductionWelcome to the Authorize.Net Server Integration Method (SIM) Developer Guide. This guidedescribes the Web development required to connect an e-commerce Web site or other application tothe Authorize.Net Payment Gateway in order to submit credit card transactions for authorizationand settlement using SIM.SIM is a hosted payment processing solution that handles all the steps in processing a transaction,including: Collection of customer payment information through a secure, hosted form Generation of a receipt to the customer Secure transmission to the payment processing networks for settlement Funding of proceeds to the merchant’s bank account Secure storage of cardholder informationThe security of a SIM transaction is assured through the use of a unique digital signature or“fingerprint” that is sent with each transaction. This fingerprint is used by Authorize.Net toauthenticate both the merchant and the transaction. Sample code for this function is available forfree from the Authorize.Net Integration Center at http://developer.authorize.net.SIM is an ideal integration solution because merchants are not required to collect, transmit or storesensitive cardholder information to process transactions. Additionally, SIM does not requiremerchants to purchase and install a Secure Sockets Layer (SSL) digital certificate. This removes thecomplexity of securely handling and storing cardholder information, simplifying compliance withthe Payment Card Industry (PCI) Data Security Standard.Note: For merchants who need a highly customizable payment form (for example, completecontrol of look and feel and the ability to keep the customer on their Web site during theentire checkout process) or who are integrating a standalone business application,Authorize.Net recommends the Advanced Integration Method (AIM). The AIM DeveloperGuide can be found at http://developer.authorize.net/guides/AIM/.Last revised: 10/12/2009Copyright 1998 - 2009 Authorize.Net, a CyberSource solution5

Section 1 IntroductionSIM Minimum RequirementsBefore you begin, check with the merchant to make sure that the following SIM requirements havealready been met. It is strongly recommended that you work closely with the merchant to ensurethat any other business and Web site requirements (for example, bank or processor requirements,Web site design preferences) are included in their SIM integration. The merchant must have a U.S. based merchant bank account that allows Internettransactions. The merchant must have an e-commerce (Card Not Present) Authorize.Net PaymentGateway account. The merchant’s Web site must be capable of performing an HTML Form POST torequest the secure payment gateway hosted payment form. The merchant’s Web site or hosting provider must have server scripting or CGIcapabilities such as ASP Classic, Cold Fusion, PHP or Perl. The merchant must be able to store payment gateway account data securely (forexample, API Login ID, Transaction Key, Secret Answer).Note: Merchants should avoid storing any type of sensitive cardholder information. However, inthe event that a merchant or third party must store sensitive customer business or paymentinformation, compliance with industry standard storage requirements is required. Please seethe Developer Security Best Practices White Paper tices.pdf for guidelinesManaging Integration SettingsWhen integrating to the payment gateway, you should be aware that most settings for a merchant’sintegration can be configured and managed in two ways:1. Included in the transaction request on a per-transaction basis by means of the applicationprogramming interface (API), (as described in this guide), OR2. Configured in the Merchant Interface and applied to all transactions.IMPORTANT: The Merchant Interface at https://secure.authorize.net is a secure Web site wheremerchants can manage their payment gateway account settings, including their Web site integrationsettings. It is recommended that you review the Merchant Integration Guide athttp://www.authorize.net/support/merchant/ for information on managing the merchant’s paymentgateway integration using the Merchant Interface.Transaction settings submitted in the transaction request override transaction settings configured inthe Merchant Interface. However, please be aware that some integration settings must beconfigured in the Merchant Interface. To help the merchant maintain a robust integration, it isrecommended that you review the integration settings that can be configured in the MerchantInterface with the merchant and determine which integration settings can be posted on a pertransaction basis and which should be configured in the Merchant Interface. See “Appendix AFields by Transaction Type” for a list of fields the payment gateway recommends be submitted on aper-transaction basis.Last revised: 10/12/2009Copyright 1998 - 2009 Authorize.Net, a CyberSource solution6