Payment Methods

Authorize.Net

The Server Integration Method (SIM) API of Authorize.Net that is used by Sana's Authorize.Net add-on is deprecated. Authorize.Net announced the end of life for MD5 Hash that is used in the SIM API.

Authorize.Net payment provider enables the merchants to make purchases via the Authorize.Net account. Authorize.Net supports the credit card and electronic check payments.

Sana Commerce uses the Authorize.Net Server Integration Method (SIM) to process secure transactions through the payment gateway. SIM uses a unique fingerprint that is sent with each transaction. This fingerprint is used by Authorize.Net to authenticate both the merchant and the transaction.

For more detailed information about SIM, please visit this website http://developer.authorize.net/api/sim/.

To configure the Authorize.Net payment provider and payment methods you should have the Authoize.Net test/ live account with all the necessary data.

The table below provides the description of the Authorize.Net payment provider fields:

Field	Description
x_login	The merchant API Login ID is provided in the Merchant Interface and must be stored securely. Default value: depends on the PSP account (test/ live)
x_transaction_key	The key which is provided by Authorize.Net. This key and the API Login ID are the fingerprints, which provide the merchant authentication required for the access to the payment gateway. For more information, see 'Merchant Integration Guide'. Default value: depends on the PSP account (test/ live)
x_MD5_HashKey	This value is used to authenticate the transaction response. It should be installed in the Merchant Interface. Default value: empty string
x_relay_response	This field instructs the payment gateway to return transaction results to the merchant using the HTML form POST to the merchant's webserver for a relay response. The default values should be used only. Default value: TRUE   Make sure that URL which you use as a Relay Response URL (x_relay_url parameter) is on port 80 (or port 443 if you have an SSL certificate installed) and is publically accessible and exists within a firewall that does not prevent Authorize.Net from connecting with it. For testing Authorize.Net payment module the web page address which is posted to Authorize.Net as a value of x_relay_url parameter must be available from outside because it will be called by Authorize.Net.
x_test_request	Indicates if a transaction should be processed as a test transaction. The live account does not post x_test_request parameter to Authorize.Net. This parameter is needed for testing purposes. Default value: TRUE
IpRange	It is used as a security measure to prevent fraud. Some payment providers pass the payment status of an order by calling the confirm page. In this case it is possible for a malicious user to simulate this call and change the status of the order. To prevent this, a check on the IP of the call can be made by specifying the allowed IP (ranges) in this field. Multiple values can be separated by the '|' character.       Starting from June 30, 2016 Authorize.Net will launch a distributed network of servers over dynamics IP addresses. Thus, when it is in place, all connections to Authorize.Net will go through this new network. To be able to process transactions through a new Authorize.Net network and to avoid any problems, you should leave the 'IpRange' field empty. For more information, see 'Akamai SureRoute FAQs'.

When Authorize.Net is configured you can set up the necessary payment methods in Sana Admin that are supported by Authorize.Net.

For information about how to create and configure payment methods in Sana Admin, see 'Payment methods'.

Configure the Authorize.Net bank account confirmation task for checking the status of the orders which are transferred through the Authorize.Net payment provider eCheck.Net method.
For more information, see 'Scheduled Tasks'.

Test the payment/checkout flow to see if everything works fine using the created payment methods and the correct payment statuses.

When everything is done and tested, keep an eye on the payment log in the following days to be sure that everything is configured correctly and that every PSP status is covered.

Customizing the Hosted Payment Form Fields

Additional fields can be configured for the payment form in the Merchant Interface. You can find the detailed information on how to do this in the official Authorize.Net Developer Guide. See the 'Customizing the Hosted Payment Form Fields' article in Chapter 3.