credit card processing

[Armin Roehrl]

Hi,

does anybody have any experience processing credit card
transactions (eg. online shop) using ruby?

What third-party software do you suggest to use? I guess
as most protocols used by clearing houses are given away
only by signing NDAs all is commercial software.

Thanks for your help,
-A.

 

[Dave Thomas]

Hi,

does anybody have any experience processing credit card
transactions (eg. online shop) using ruby?

What third-party software do you suggest to use? I guess
as most protocols used by clearing houses are given away
only by signing NDAs all is commercial software.

My "Summer Vacation" app used Authorize.net. The basic version of their
protocol is pretty simple: you populate the final page of your cart
with some hidden fields (including an MD5 checksum to stop folks
meddling) and arrange for the POST to go to them. You then get control
back after they've handled the credit-card side of things. I liked it
because it meant that my app was never directly involved in credit
cards: in fact we never see a credit card number.

Authorize.net also have a more advanced interface which is more like
RPCs: you do the work locally and they just handle authorization and
capture.

You can download their manuals and code samples (no NDA required) from
http://www.authorizenet.com/support/


Cheers

Dave

 

[Lothar Scholz]

Hello Armin,

Saturday, January 31, 2004, 5:44:50 PM, you wrote:

AR> Hi,

AR> does anybody have any experience processing credit card
AR> transactions (eg. online shop) using ruby?

AR> What third-party software do you suggest to use? I guess
AR> as most protocols used by clearing houses are given away
AR> only by signing NDAs all is commercial software.


Maybe the best way is to use a 3rd party for credit card processing
like www.swreg.org or www.regsoft.com or duzends others.
They normally have some kind of XML data exchange protocol. But there
is no standart among these companies.

 

[Ruby Baby]

someone asked:
someone answered:

Authorize.net also have a more advanced interface which is more like
RPCs: you do the work locally and they just handle authorization and
capture.
You can download their manuals and code samples (no NDA required) from
http://www.authorizenet.com/support/

Yes! I can HIGHLY recommend using Authorize.net because of their openness
in being able to just use regular HTTP POST over SSL.

I used the cURL (http://curl.haxx.se) library to post our info to them
and it was so easy.

Before that I had used three different companies that all made you use
some special stupid binary on your server to connect to theirs.


Here it is in PHP, but I hope this helps:
(how weird to be posting PHP code on the Ruby list! ack!)


<?php
/* the basic info for authorize.net. same for every order. */
$passinfo = 'x_Login=YOUR_USERNAME_HERE';
$authinfo=array();
$authinfo['x_ADC_Delim_Data']='TRUE';
$authinfo['x_ADC_Delim_Character']='|';
$authinfo['x_ADC_URL']='FALSE';
$authinfo['x_Method']='CC';
$authinfo['x_Password']='YOUR_PASSWORD_HERE';
$authinfo['x_Recurring_Billing']='FALSE';
$authinfo['x_Type']='AUTH_CAPTURE';
$authinfo['x_Version']='3.0';
$authinfo['x_Email_Customer']='FALSE';
$authinfo['x_Email_Merchant']='FALSE';
$authinfo['x_Tax']='0';
$authinfo['x_Currency_Code']='USD';
$authinfo['x_Invoice_Num']=$invid;
$authinfo['x_Description']=$x_Description;
$authinfo['x_Amount']=$inv['total'];
$authinfo['x_Card_Num']=$_cc_number;
$authinfo['x_Exp_Date']=$_cc_expmonth . $_cc_expyear;
$authinfo['x_Cust_ID']=$c['uid'];
$authinfo['x_First_Name']=$c_firstname;
$authinfo['x_Last_Name']=$c_lastname;
$authinfo['x_Address']=$c['addr1'];
$authinfo['x_City']=$c['city'];
$authinfo['x_State']=$c['state'];
$authinfo['x_Zip']=$c['zip'];
$authinfo['x_Country']=$country;
$authinfo['x_Phone']=$phone;
$authinfo['x_Email']=$c['email'];
$authinfo['x_Customer_IP']=$_SERVER['REMOTE_ADDR'];
$authinfo['x_Ship_To_First_Name']=$i_firstname;
$authinfo['x_Ship_To_Last_Name']=$i_lastname;
$authinfo['x_Ship_To_Address']=$inv['addr1'];
$authinfo['x_Ship_To_City']=$inv['city'];
$authinfo['x_Ship_To_State']=$inv['state'];
$authinfo['x_Ship_To_Zip']=$inv['zip'];
$authinfo['x_Ship_To_Country']=$inv['country'];

/* CREATE THE STRING TO PASS USING cURL */
foreach($authinfo as $fieldname=>$value)
{
$passinfo .= '&' . $fieldname . '=' . $value;
}

/* #-#-#-#-#-#-#-#-#-#-#-# START - CHARGE CARD WITH AUTHORIZE.NET #-#-#-#-#-#-#-#-#-#-#-#-#-# */
/* sometimes we get no response, so I'm going to loop it until we get SOME response */
$approved=0;
while ($approved==0)
{
/* cURL: no headers returned, no direct output to web browser, post info */
$ch = curl_init("https://secure.authorize.net/gateway/transact.dll");
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_REFERER, 'http://www.YOUR_WEBSITE.com');
curl_setopt ($ch, CURLOPT_POSTFIELDS, $passinfo);
$response = curl_exec ($ch);
$response = trim($response);
curl_close ($ch);
/* EXPLODE THE RESPONSE INTO AN ARRAY: $responseline */
$responseline = explode($authinfo['x_ADC_Delim_Character'], $response);
/* APPROVED CODE: 0=no response, 1=successful, 2=declined, 3=error */
$approved = (int)$responseline[0];
}
/* #-#-#-#-#-#-#-#-#-#-#-# END - CHARGE CARD WITH AUTHORIZE.NET #-#-#-#-#-#-#-#-#-#-#-#-#-# */

/* GET JUST WHAT I NEED FROM THE AUTHORIZE.NET RESPONSE */
$bank_response = array();
$bank_response['avs'] = $responseline[5] . ' = ' . $avs_response[$responseline[5]];
$bank_response['response'] = $responseline[0] . ' = ' . $response_code[$responseline[0]];
$bank_response['response_reason'] = $responseline[2] . ' = ' . $response_reason[$responseline[2]];
$bank_response['auth_code'] = $responseline[4];
$bank_response['trans_id'] = $responseline[6];
$bank_response['md5_hash'] = substr($responseline[37], 0, (strlen($responseline[37])-1));

?>

 

[Lucas Carlson]

I have actually been working on this for a while:

http://rubyforge.org/projects/payment/