Merchant Account Services

Integrate the Authorize.Net Payment Gateway with PHP

Integrate the Authorize.Net payment gateway seamlessly into your ecommerce website


Author: Jim Conners

Rating: 10.0

Pages: 1|2|3|4|5|6|7|8|9|10

Using our Class

Now that we have a clear understanding of how the Authorize.Net API works, how we can use it, and how a transaction occurs, we can tie it all together into a cohesive unit.

Processing the Transaction

Thanks to our class handling almost all of the work integrating it into a script is very simple to do. Let's look at a basic framework that uses our class and then break it down:

$payment = new Authnet(true); $payment->transaction($creditcard, $expiration, $total); $payment->process(); if ($payment -> isApproved()) { // Display a printable receipt } else if ($payment -> isDeclined()) { $reason = $payment -> getResponseText(); // As for another form of payment } else { // Ask the merchant to call us }

The first line of code $payment = new Authnet(true) creates an instance our Authnet object and initializes all of the properties in the constructor. $payment->transaction($creditcard, $expiration, $total) assigns the credit card number, expiration date, and amount of the transaction we wish to process. $payment->process() sends the transaction to Authorize.Net for processing and returns the results to our object. All we need to do from here is find out if the transaction was approved, declined, or resulted in an error. A simple if/else statement handles this nicely.

You'll notice that if our transaction is declined we use the getResponseText() method to find out why. This will be handy to let our customer know why their card was declined.

And that's it! Believe it or not that's all it takes to process a credit card transaction through Authorize.Net's API. But there are a couple of shortcomings to our code:

  1. We do not do AVS
  2. We do not verify the CVV2 number

Fortunately, ensuring that both of these are done is very easy to do with our class:

$payment = new Authnet(true); $payment->transaction($creditcard, $expiration, $total, $cvv); $payment->setParameter("x_address", $business_address); $payment->setParameter("x_zip", $business_zipcode); $payment->process();

To make sure that we verify the CVV2 number we simply as it as the fourth parameter to our transaction() method. Performing AVS is slightly more involved but still very simple to do. We use the setParameter() method to add the street address and zip code to our list of parameters we will send to Authorize.Net. Now we have helped to reduce our risk of fraud and we only added two lines to our code!

Inducing a Declined Transaction

The test account offered by Authorize.Net will automatically approve all transactions by default. While this is important for testing your application's response to approved transaction, it doesn't help us test our application's handling of declined transactions or errors. Fortunately forcing Authorize.Net to decline a transaction is easy to. Authorize.Net allows a merchant to have transactions be declined even if they were originally approved by the processing bank if AVS does not meet the merchant's criteria for an acceptable response. We can take advantage of this to force our transactions to decline by creating a situation where AVS will fail to meet our own criteria.

To change our test account's AVS settings follow these steps:

  1. Log into your test account
  2. Click on "Settings" (under "Account")
  3. Click on "Address Verification Service" (under "Basic Fraud Settings")
  4. Check the checkbox that says, "Reject if... Address information is not provided for AVS check (B)"
  5. Press the "Submit" button

Now to have a transaction declined we need only to submit a transaction without the street address and zip code (as we did in our first example of using our class). Without these two pieces of information our test account will automatically decline the transaction.

Inducing an Error

Just as we need to create the circumstances for our test transactions to be declined, we will need to do that same to produce an error. Fortunately this is just as easy to accomplish and we can do it by munging our own code. Simply changing the URL we use for contacting the Authorize.Net API we can cause our transaction to fail. In the example below we simply change the test URL to be oops.Authorize.Net:

if ($this->test == true) { $this->url = ""; }

More Data Validation | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Conclusion