Authorize.net WebLink, SIM, or AIM... which is it?

[Guest JABevan]

Which method is the CubeCart Authorize.net payment gateway using to send transactions to Authorize.net, WebLink, SIM, or AIM?

I have three different experiences with SIM and AIM and in each case my shopping cart never left my domain, for this reason I'm assuming CubeCart uses WebLink (I've also read on the forums that it uses WebLink but cannot confirm). This is a terrible method for a number of reasons, including security, the fact that it takes the user away from the storefront domain, AND, not least of all, Authorize.net is discontinuing support of WebLink soon.

From Authorize.net:

"Keep in mind that WebLink will soon be discontinued as an accepted connection method. You may need to prepare and plan for migration to either Simple Integration Method (SIM) or Advanced Integration Method (AIM)."

I believe AIM is Authorize.net's preferred method of sending transactions.

Can anyone comment? I would like to see the current gateway upgraded ASAP before all Authorize.net users here suddenly lose their payment gateway.

[Guest JABevan]

More info from Authorize.net on WebLink:

What is WebLink?

WebLink is the simplest and quickest method of integrating with the payment gateway, and requires minimal programming expertise to implement. Using this method, the customer’s browser interacts directly with the gateway to submit transaction data. Merchants have the option to let the gateway handle all the steps in transaction processing—payment data collection, data submission, and response to the customer.

Important Note:Please be aware that the WebLink method of submitting transactions to the gateway is a temporary integration solution. As security standards for online payment transactions have increased, WebLink has become insufficient to meet the newest security needs of merchants. As a result, this connection method will eventually be discontinued as an acceptable method of submitting transactions to the gateway. All merchants currently using the WebLink method of integration are encouraged to migrate to new integration methods supported by the gateway.

How Does WebLink Work?

When using WebLink, the customer enters payment information into a payment form on the merchant’s Website. The customer’s browser transmits payment information to the gateway using an HTTPS form POST. The gateway receives transaction information and sends a response, or a Receipt Page, to the customer’s browser.

The merchant can configure their WebLink connection method to allow the gateway to securely host the payment form in which the customer enters payment data, and also to handle the transaction response. The merchant can configure the gateway-hosted Payment Form and Receipt Page in the Merchant Interface.

Submitting and Collecting Payment Data

Using the Weblink method of integration, the merchant can choose to host the Web page in which the customer enters payment data, or allow the gateway to host the page. The gateway-hosted page that collects payment data is called the Payment Form, and can be configured by the merchant to look like their Website. Using the gateway-hosted Payment Form, merchants can collect payment data securely without having a secure Website.

Rendering a Response to the Customer

The response returned directly to the customer’s browser by the gateway is a Receipt Page. The merchant can configure certain elements of the Receipt Page to look like their Website. However, the merchant can also request to receive the response from the gateway first, format it, and send it back to the gateway. The gateway then relays the merchant-formatted Receipt Page to the customer’s browser. This response option is referred to as Relay Response. Merchants that use Relay Response can exercise a greater degree of control over the messaging of a response to the customer.

What is Required to Implement WebLink?

To use the WebLink connection method, merchants must be able to construct an HTML form that posts information to

https://secure.practicepaysolutions.com/gateway/transact.dll

. The post string will consist of a set of NAME/ VALUE pairs. The NAME is the field name and indicates to the gateway what information is being submitted. The VALUE contains the content of the field. The response rendered by the gateway depends on the information in the post string. The set of fields that are recognized by the gateway are detailed in the Standard Transaction Submission API for WebLink section of this document.

More info from Authorize.net on AIM:

Advanced Integration Method (AIM)

What is AIM?

AIM is the recommended method of submitting transactions to the payment gateway. This method allowsa merchant’s server to securely connect directly to the payment gateway to submit transaction data. The merchant retains full control of the payment data collection and the user experience. This method requires merchants to be able to initiate and manage secure Internet connections.

How Does AIM Work?

When using AIM, transactions flow in the following way:

1. The Customer’s browser connects securely to the Merchant’s server to transmit payment information.

2. The Merchant’s server initiates a secure connection to the payment gateway and then initiates an HTTPS post of the transaction data to the gateway server.

3. The payment gateway receives and processes the transaction data.

4. The payment gateway then generates and submits the transaction response to the Merchant’s server.

5. The Merchant’s server receives and processes the response.

6. Finally, the Merchant’s server communicates the success or failure of the authorization to the Customer’s browser.

What is Required to Implement AIM?

Merchants must be able to perform the following functions in order to submit transactions to the gateway using AIM:

1. Establish a secure socket connection

2. Provide both server and client side encryption

3. Develop scripts on a Web server for the integration to the gateway (e.g., for submitting transaction data and receiving and translating system responses)

The AIM Application Program Interface (API)

The Standard Transaction Submission API defines how transactions should be submitted to the gateway using the AIM method. The gateway response API describes the gateway’s responses to transactions submitted to the gateway. These APIs are discussed in detail in this document.

Note: The merchant will use the Merchant Interface to configure the transaction response from the gateway. (The Merchant Interface is a tool through which merchants can manage their accounts and transaction activity. A Login ID and password are required to access this tool. The URL to the Merchant Interface is available to the merchant from their merchant service provider.)

AIM Implementation

To implement AIM, a developer would design a script that does the following:

1. Securely obtains all of the information needed to process a transaction.

2. Initiates a secure HTTPS POST from their server to

https://secure.practicepaysolutions.com/gateway/transact.dll

. Note: Authorize.Net will only accept transactions on port 443. This post will include all system variables mentioned in the tables below (see the following section entitled “Standard Transaction Submission API for AIMâ€).

3. Receives the response from the gateway and processes the response to display the appropriate result to the end user.

[Guest JABevan]

** bump **

PLEASE NOTE: THIS IS FAIRLY URGENT. ANYONE USING THE AUTHORIZE.NET GATEWAY WILL BE AFFECTED WHEN AUTHORIZE.NET DISCONTINUES THE WEBLINK PROTOCOL.

IF YOU ARE USING AUTHORIZE.NET YOUR GATEWAY WILL STOP WORKING SHORTLY!

An AIM version of the gateway needs to be developed and replace the current gateway asap.

[Guest loren antolik]

what's the deal? i just bought cubecart and am using authorize.net.

[Guest JABevan]

what's the deal? i just bought cubecart and am using authorize.net.

Authorize.net offers three integration methods:

1) WebLink, which CubeCart uses and which Authorize.net is canceling soon (not canceling support, canceling the integration method meaning you're payment gateway will no longer work). This method takes the user away from your store to complete the order at Authorize.net and then returns them to your store. This is a very old paradigm for ecommerce with inherent security risks and strongly discouraged by Authorize.net.

2) Simple Integration Method (SIM), will eventually lose support as well.

3) Advanced Integration Method (AIM), this is the method Authorize.net encourages everyone to use. Like SIM, this method completes the entire transaction without leaving your store, and is the most secure.

I've seen questions in the forums about why CubeCart is not a certified Authorize.net shopping cart, I suspect that this is exactly why. CubeCart does not support Authorize.net's recommended solution and only supports an archaic integration method that Authorize.net strongly discourages and will stop supporting soon.

Bottomline, this will not stop you from using Authorize.net as a solution... for now anyway... but it is definitely not the most efficient and is not taking advantage of the benefits Authorize.net offers.

CubeCart needs an Authorize.net AIM gateway soon.

[Guest loren antolik]

would anyone from cubecart like to step up to the plate and let the customers know what is going on?

[Guest JABevan]

would anyone from cubecart like to step up to the plate and let the customers know what is going on?

If CubeCart doesn't have the desire/resources to do this, is there anyone that is capable of programming an Authorize.net AIM gateway? I'd be happy to make a PayPal contribution to anyone who can...

[Guest]

I've got a few customers using Authorize.net. I'll talk to Brooky about this and see what can be done. The problem with announcements like this from companies like Authorize is that they say something like that but don't give a timeframe. That could be a week, a month or a year. The main thing is to use what we have now. As soon as we can work out a replacement, we will.

Don't start gathering rocks for the stoning unless we all tell you to take a leap and that you're on your own. Otherwise, know that we will do what we can as soon and release the module as soon as possible.

:)

[Guest HostWW]

I've got a few customers using Authorize.net. I'll talk to Brooky about this and see what can be done. The problem with announcements like this from companies like Authorize is that they say something like that but don't give a timeframe. That could be a week, a month or a year. The main thing is to use what we have now. As soon as we can work out a replacement, we will.

Don't start gathering rocks for the stoning unless we all tell you to take a leap and that you're on your own. Otherwise, know that we will do what we can as soon and release the module as soon as possible.

I'm going to be releasing an updated CubeCart module that will support all forms of payment via Authorize.net within the next month (at the absolute latest) and within the next two weeks (at the earliest) about 5-6 other new modules for CubeCart. PM if you have questions, but I will update once things are more firm. Thanks. :)

[Al Brookbanks]

It uses SIM currently. A member contacted me a couple of days ago saying Authorize.net were changing their system.

A.net have given me a developers account and I'll release a new gateway asap.

[Guest]

It uses SIM currently. A member contacted me a couple of days ago saying Authorize.net were changing their system.

A.net have given me a developers account and I'll release a new gateway asap.

Thanks for jumping on this for us. If you need any help beta testing the new gateway let me know. I have an offline store and an authorize.net accuont that I think I can use to place test orders.

[Guest HostWW]

Same here... I was going to start developing this thing next week after a current project finishes, but if you're already on it thats even better.

I'm with Zap as I have a customer who desperately needs this Authorize.net SIM module... I'll test anything you release for Authorize. Let me know. Thanks again! :blink:

[Guest loren antolik]

thanks very much for the update. this sounds like it is going to work out okay. i will be happy to do some testing.

[Guest fulmater]

thanks very much for the update. this sounds like it is going to work out okay. i will be happy to do some testing.

Brooky,

Do you have a working anet sulution yet. I just got an account with them and would like to add that option to my store.

My mhash is working but I still get the error! My gowd I wish I had known cc had issues with ait.net before I signed up for two years...

Fatal error: Call to undefined function mhash() in /home/sites/home/web/modules/gateway/Authorize_SIM/transfer.inc.php on line 120

Any ideas why the error and i checked my php settings to make sure mhash is running