Merchant Account Services

Integrate the Authorize.Net Payment Gateway with PHP

Integrate the Authorize.Net payment gateway seamlessly into your ecommerce website


Author: Jim Conners

Rating: 10.0

Pages: 1|2|3|4|5|6|7|8|9|10


We have covered a lot of ground in this article. We started by analyzing the transaction process from start to finish and identifying all possible branches to the transaction flow. From there we built upon the knowledge we gained from reading the Authorize.Net Advanced Integration Method Integration GuidePDF to construct a class to encapsulate our interaction with the Authorize.Net API. After validating unique transaction data we used our new class to easily process a transaction utilizing the Authorize.Net gateway.

At a glance our task may have seemed difficult to complete. Most developers, and merchants for that matter, know very little about credit card processing in general much less how to do it online. But after breaking it down and looking at the process step-by-step you can see it is not as complex as it first appears. Combined with our new class, processing transactions online has become much simpler and straight forward. Hopefully the task of processing transactions online will now become a regular part of your development portfolio.

Improving the Class

The code we have written in this class is fully functional and should give you everything you need to create a working processing script to interact with the Authorize.Net API. But that does not mean it is necessarily complete or well-written. Below are some suggestions for improving the class.

  • Make it a static class

    When processing a transaction only one Authnet object needs to be created. To prevent multiple instances of it from existing we can force it to be a static class. To do this we will create a static variable that will keep track of how many instances of the Authnet object we have created. (Static variables are unique to a class as opposed to being unique to an object. This means every Authnet object we create will share the value of this variable including when another Authnet object changes that value). We can then check the value of this static variable when we attempt to create a new Authnet object. If there are no existing Authnet objects (i.e. the static variable has a value of zero) we will go ahead and create our object and increment the value of our static variable. If the value of the static variable is one (or more), we will not create our object and cause an error.

    static $instances = 0;
    public function __construct($test = false) { if (self::$instances == 0) { // Institiate Object
    // Increment our static variable self::$instances++; } else { return false; } }
  • Changing the transaction type

    The vast majority of online merchants wish to have their credit card transactions processed in real time. But not all merchants wish to do this. Merchants with delayed delivery times or very strict fraud prevention methodologies in place will prefer to process their transactions at a later time. But that does not mean they cannot take advantage of this class. We can add a method that changes the transaction type to any acceptable type. This includes doing an AUTH_ONLY transaction. The mothod might look like this:

    public function setTransactionType($type) { $this->params['x_type'] = strtoupper(trim($type)); }
  • Create more accessor methods

    Although there are a total of 73 fields returned by the Authorize.Net API the code in this article only provides methods to access five of them. That leave 68 fields that we cannot access. It would be a simple task to create accessor methods to access each field using a descriptive name for each.

Further Discussion

Although the scope of this article was limited to the integration of the Authorize.Net gateway into your ecommerce application, it doesn't mean we can't point you in the right direction for related topics that might affect your application. Below are a few related topics that you should be aware of and some resources to help you understand how they might affect your project.

Electronic Commerce Indicator

Any transactions that originate online, that is the customer enters their payment information into an online form, must identify itself as such. Even if the transaction is not processed in real time it still must identify itself as originating online. This is called the Electronic Commerce Indicator (ECI). Authorize.Net is ECI compliant. To learn more about ECI read the entry in our merchant account blog entry, called the Electronic Commerce Indicator.

Storing Credit Card Numbers

It is possible that your application may store credit card numbers on the web server. Although this is legal and acceptable to the major card issuers, storing credit card numbers on your server is a ricky proposition. The recent security breaches that have comprimised tens of thousands of credit cards only highlight the risk and potential consequences of failing to store this information properly.

If you must store your customers' credit card information on the server there are guidelines that should be followed to ensure the highest possible level of security is applied. Visa has created a standard for storing credit card information called the Payment Card Industry (PCI) Data Security Standard. It is part of Visa’s larger security initiative called Cardholder Information Security Program (CISP). You can read more about the PCI Data Security Standard in our article Visa's PCI Data Security Standard Explained.

SSL Certificate

Naturally, part of developing a responsible, safe, and secure shopping experience for your customers includes having a SSL certificate installed on your web server. There are a variety of SSL providers available to choose from. Here are some of the more popular: Godaddy, Comodo, Thawte, and Verisign.

Source Code

Would you like a nice clean copy of the class created in this article? You can download a copy here: Authorize.Net AIM PHP

Looking for a more polished version of this script that is ready to go out of the box? You can download a copy of it here: Authorize.Net Integration Script (PHP) (Sorry, no documentation for it yet).

Discuss This Article

Want to discuss this article? Have questions about the content? Be sure to use our merchant account forums.

Using our Class | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

BlinkList digg Furl linkaGoGo Newsvine reddit Shadows Simpy Tailrank Yahoo! My Web

Rate This Article