Integrate the Authorize.Net Recurring Billing API with PHP

Establish subscriptions and recurring payments for your website

Author: Jim Conners

Rating: 10.0

Pages: 1|2|3|4|5|6|7|8|9

Scenario 2: Delayed Payment

Although establishing a recurring billing subscription is most commonly done after successfully processing a real-tme transaction, this is not always the case. There may be times when you will wish to process a recurring payment in the future but do not wish to start the payments immediately. This may be because the first month is free or you received an initial payment in a non-electronic form. Regardless of the reason, you will not be running a transaction and thus will not have verification that the credit card you wish to establish a recurring subscription with is valid.

So, how do you verify a credit card is legitimate if you do not need to run a transaction? The first thing that may come to mind is to charge one dollar to the user's credit card. That way if it is approved you can be sure the credit card is valid. But this is problematic as your user has not authorized this transaction and may become very unhappy that it has occurred. This may result in a chargeback and even a canceled subscription. Neither of these are good for business. In fact, too many chargebacks can cause a business to lose its merchant account permanently.

To verify a credit card is legitimate we will need to run a special kind of transaction called an AUTH_ONLY also known as Pre-Authorization. When a typical sale is processed it really is two processes in one. The first part, called the 'authorization' verifies the user has sufficient funds available on their credit card for the amount being requested. If they do, those funds are frozen on their credit card and set aside for the merchant. The second part of the transaction, called the 'capture' formally requests the funds and ensures the merchant gets paid. The AUTH_ONLY transaction seeks approval for the amount requested by the merchant and, if granted, freezes those funds on the user's card. However, because the transaction never 'captures' the funds the merchant never receives them. Additionally, the user is never aware the transaction was processed. This makes the AUTH_ONLY transaction ideal for verifying the credit card is valid without upsetting the user.

Only authorize one dollar ($1.00)

As mentioned above when an AUTH_ONLY transaction is performed the funds requested in that transaction are frozen on the user's account. This is so the merchant can go back at a later date and 'capture' those funds. This means the user cannot spend those funds until they are released. What you also may not know is they cannot see that those funds are frozen and may plan on spending that money. To make it worse, funds that are authorized but not captured are reserved for up to 30 days from the date of the authorization.

If the user tries to make a purchase that requires those funds their will be declined. Naturally that would be embarrassing and very inconvenient. They may also be very unhappy if they find out it is you that are holding their funds. So, when doing an AUTH_ONLY transaction, be sure to only authorize the amount you need to have reserved. Since we do not actually need to reserve funds and only seek to verify the credit card is legitimate we shouldn't reserve more then $1.00 on the user's credit card. That way we do not reserve a meaningful amount of funds on their credit card.

Here is the code to establish a recurring billing account as a standalone process using our Authnet and AuthnetARB classes:


    // Instantiate our class
    $payment = new Authnet();
    

    // Set transaction variables
    // $total = 1.00;
    // ...
    

    // Set our basic transaction information
    $payment->setTransaction($creditcard, $expiration, $total, $cvv, $invoice, $tax);
    

    // Set other transaction parameters. Set the transaction to be AUTH_ONLY.
    $payment->setTransactionType("AUTH_ONLY");
    // ...
    

    // Process the initial payment
    $payment->process();
    

    if ($payment->isApproved())
    {
        // Setup recurring billing here
        

        // Instantiate our ARB class
        $arb = new AuthnetARB();
        

        // Set recurring billing variables
        // ...
        

        // Set recurring billing parameters
        $arb->setParameter('amount', $total);
        $arb->setParameter('cardNumber', $creditcard);
        $arb->setParameter('expirationDate', $expiration);
        $arb->setParameter('firstName', $firstname);
        $arb->setParameter('lastName', $lastname);
        $arb->setParameter('address', $address);
        $arb->setParameter('city', $city);
        $arb->setParameter('state', $state);
        $arb->setParameter('zip', $zip);
        $arb->setParameter('email', $email);
        $arb->setParameter('subscrName', $userid);
        

        // Create the recurring billing subscription
        $arb->createAccount();
        

        // If successful let's get the subscription ID
        if ($arb->isSuccessful())
        {
            $arb_id = $arb->getSubscriberID();
        }
    }

In this scenario the recurring billing subscription is identical to the one presented in scenario 1 and that makes sense. The only change is how we go about verifying the credit card is legitimate before establishing our recurring billing subscription. We simply set the transaction type to be AUTH_ONLY and set our amount to be authorized to $1.00. Then we await an approved response just as if it was a typical sale. If we get it we will proceed with establishing our subscription.

Using Our Class | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Conclusion