I need to be able to pass identifying information through to Authorize.net's server so I can use this information when the confirmation comes back for logging purposes. We have information such as IDs for the items we sell on our site, and I'd like to have Authorize.net's response include this information to plug into our database along with the rest of the transaction data that Authorize.net's API natively supplies. Sort of like "merchant-private-data" in Google Checkout carts.
The only field I see that doesn't hold some other specific information in Authorize.net's API is x_description. My question is does the data in x_description get displayed to the customer at any point? The information I'd like to include is sensitive and not for customer's eyes. I've been over the API documentation provided by Authorize.net and it's not clear to me what is done with this field.
If this field is not private, is there a better solution to my problem which I am not seeing?
Dig through their list of API fields and see what you can use. If you want to build a list of line items, for example, look at their x_line_item field. If you're using the AIM/CIM SDK and not telling Authorize.net to e-mail a receipt then I don't see how the customer would see anything you submit to Authorize.net besides the charge on their credit card. If your customer does receive an e-mail directly from Authorize.net though, they will most likely see everything you submit. But double-check the docs I linked to be sure.
You have x_description, but also x_invoice_num and x_po_num. These fields are for the internal use of the merchant. The fields x_description and x_invoice_num can be set in the virtual terminal, if you use it to submit transactions, and also via the API. Authorize.net will return them in the response. If you set any of these two fields in an automatic recurring billing subscription, it will be returned in each individual payment response. They might be included in the email receipt also - I never used the authorize.net email receipt to the buyer. You can disable this email receipt and send your own email receipt.
I know x_description gets sent in plain text to the merchant's email, so I wouldn't use it for anything too sensitive. The description does not, however, appear on my credit card statement (as a customer).
There is another field you can use, refId. It's not well documented, but what you pass in refId will be returned in the response object as refId.
Personally, I recommend creating a database table to store your data, and then use refId to keep track of the insert ID.
Related
I am working on a beta-stage writing tool SaaS that is built with NextJS, React, and Django REST. As I’m gaining some user base, I am starting to research on introducing a premium plan to the mix using Stripe.
As most other SaaSs, I will have a subscription-based premium plan which grants access to premium-only features. However, even after days of research, I am still lost how this is commonly implemented in Django/Backend. Here is what I’ve thought of so far, but again, I am not sure if it’s the best/common way to accomplish this.
User model has a ‘premium’ field which is either True or False
Whenever user clicks on a premium-only API call, Django will check if user is premium or not to decide whether to make the actual API call. I currently have a '/user/me/' route which returns basic user information as API GET call.
Upon successful stripe payment, stripe redirects user to the success_url. Then, somehow I will detect when user lands on success_url and then set that user’s premium field to True.
I know this is not the ideal way, because I already see lots of issues/hurdles:
How will I set ‘premium’ field back to False after user’s payment stops
How can I ‘detect’ stripe’s payment to set user’s premium field
Is this feature supposed to be implemented with Stripe customer objects instead? I would appreciate any guidance on where I should be looking for solutions.
If you use subscription on Checkout Session (low code solution), you can add additional key-value pair data such as premium: true in metadata and subscription_data.metadata fields when creating a subscription.
Once the payment is completed, those metadata will appear in checkout.session.completed and customer.subscription.updated webhook events, which you can then set the user as premium in your own database.
A customer object in Stripe can have multiple subscriptions, so this feature will be implemented on subscription object instead.
Can anyone provide me with working example how to show analytics (Visits, Page views, Page views per visit, etc) for logged users? As I understand there is no OOB solution, so I've tried to implement flexible dimensions, but didn't find any good examples and failed.
First of all you have to identify your logged in contact by calling the Sitecore.Analytics.Tracker.Current.Session.IdentifyAs() method, see more details here. When the contact logs in you can use their username to identify them upon the successful login.
Note, that the identification and authentication are separate unrelated events. Contacts are identified against the xDB and authenticated against the authentication mechanism used by the website.
When the contact identifies, it is saved to xConnect with a known identifier based on the information passed into theIdentifyAs() method: Identifier, Source and
IdentifierType will be set to ContactIdentifierType.Known (it is set to ContactIdentifierType.Anonymous for anonymous contacts). Then you can use IsKnown property on the Sitecore.XConnect.Contact that returns true if a contact has any known identifiers.
If you want to track some custom events for the logged in users to then use them for reporting needs you can add user interactions by calling the client.AddInteraction() extension method. I have given an example here.
If you want to extend the contact with your own custom data then you can create custom contact facets, read more here.
In order to implement your custom report with flexible filtering by logged in and not users, of course, you will need to define your custom dimensions and metrics, read more here.
I am trying to allow my users to pay for their booking (for an event) on my website using Stripe. I've got most of the processing working well but I don't know how to connect the response I get from Stripe which indicates that the payment has been successful to my database so that it knows all the details required to make the booking.
In the standard situation of "buying X number of products", I know that I can create an order on the server which contains those details. Then I can put that order ID into the Stripe request and I can use that when the payment is successful to go and fulfil that order.
But in my case, I have to accept a load more information than that. Each booking can have multiple attendees attached to it - each attendee will have a name and load more information about them which needs to be used when the booking is created.
Is the only way to do this to add ALL of this attendee information in to the request to Stripe so that it can be used when the payment succeeds? Or is there another way?
If it helps to answer this question, I'm using Django on the backend.
The main way to achieve this is to:
Store the information related to the order in your own database with the corresponding payment intent ID (or checkout session ID).
Listen to the webhook event payment_intent.succeeded (or checkout.session.completed) to know when the payment is successful.
In the webhook event, get the payment ID with event.data.object.id and use that to look into your database to retrieve the information needed to fulfill the order.
You can learn more on how to fulfill orders in the Stripe documentation here.
Another option would be to use the metadata field of your payment intent (or checkout session) to directly store all the information related to the order. But I wouldn’t recommend this since it has some limitations (number of keys, length of values, etc.).
Here is the situation. My company has an e-commerce store, but we don't gather or process credit card information ourselves. When a user selects "Pay with credit card", they are immediately taken to the payment site, and then that site processes their credit card and sends the status back to us so that the order can be marked paid. Our site runs on ColdFusion, and it receives the data from the site as form data, processes the form variables, and creates an order for the customer, marked as paid. The credit card site only sends the information once, and there is no "handshake".
In the last month and a half we have been having an issue where occasionally we are not getting the information from the credit card processing site, although they say they have sent it. Hence orders are not being created, and products are sitting in customers' carts, even though the credit card has been charged. This problem is intermittent. We can't tie it to any server changes on our side, and the credit card site denies changes on their side.
So among the things we are trying to do is to log when the customers are actually trying to pay by credit card (so we can catch the missed ones more easily). So I want to somehow log the event when someone clicks "Pay with credit card." Issue is that form action submits the data to the credit card site. The only way I can think of to do this, is to change the form action to a page on our site, log the payment attempt, and then submit the form again to the credit card company. I know I can submit a form automatically with JavaScript, but that seems like a bad solution (what if JS is turned off?), but don't know how it would be possible to do server-side.
Please try to avoid solutions that involve AJAX if possible, as I know very little about it (I am a very rookie web developer in general, and just inherited this whole set-up).
Better solutions for how to log this event, or suggestions in general for this mess, will be greatly appreciated!
Responses to comments:
To Sam Dufel:
Would love to change to another provider like Paypal. Unfortunately my company is actually part of a university and we all have to use the same payment gateway.
To flup:
Would using a 301 or 302 status code preserve the form data? I tried looking this up, and it looks like it works with "get", but I need it to be sent with "post", since that is what the payment gateway is expecting.
To imthepitts:
We receive it as form data.
To Revent:
The issue is that orders aren't getting created at all (so customer and order information is just sitting in the temporary basket/customer/order tables). It seems like the page that is supposed to process the form data from the payment gateway isn't being accessed. I have added some logging to that page, but my company is so freaked out that they have disabled credit card payments and so I am not getting any data. If I can convince them that I have implemented a good logging solution to identify bugged orders quickly, they will turn it back on.
To Laksma:
We are using a unique identifier that is sent back. What I meant by handshake is some way of the payment gateway verifying that they have made a connection with our server. Maybe I was using the word incorrectly. Thank you for the suggestion of the log on the receiving page- I have added that.
To Nenotlep:
I know I said no AJAX, but I would like to hear more about your idea. Would the call to the logging page interfere with the form submission at all? I'm assuming it would be set up so that the function would trigger on the "onclick" event for the form button, and then form submission would proceed as normal? If it is easy to set up, then maybe that would be a good way of doing it.
I'm thinking of trying Sanjeev's solution, since that is similar to what I was planning to do anyway, but I actually would like to hear more about the AJAX idea if it is really that simple, mainly because it won't change the customer experience at all (unlike seeing the redirecting screen).
Additional response to steve:
I appreciate your input, and normally I love teaching myself new things, but I am just way too overwhelmed right now to even think about tackling a new technology.
I work on a payment gateway and had the same problem as yours. This was my solution -
Post the values to a intermediate page called as 'requestHandler.cfm'.
requestHandler.cfm saves the values into database table.
Continue to creates a <form> with all the required values as <input hidden>. Place a submit button and also JavaScript to fire 'submit' in say 2 seconds. Also put a note that, "If the page does not refresh in some time, click the submit button". As you are not going to do any validation on the form, a 'submit' button will just submit the form with or without JavaScript being active.
The Creditcard company will process the information and reply back with the values to a 'responseHandler.cfm' page.
I shall update my data based on the 'primarykeyvalue' sent to them. (Or just any reference that can identify the user)
Database table sample
The TransactionID will be '0' by default and will change to the number given by the credit card company
The paid flag which is default 'N' shall change to 'Y'
The Actual amount is what I have sent to be charged on the user credit card.
The Paid Amount should match the actual amount. This is to help me find if the details are tampered in any case by the user or middle man.
Handshake:
When a user is taken to the payment site, you should include a unique identifier to distingush the order, such as OrderID. Your payment provider must have some custom fields for your own use. Then, when the user is taken back to your site, the payment site response data should include the OrderID. That way you can match them. In other words, "handshake" is occured.
Intermittent successful payment:
On the listener, the page where the payment provider returns form data, you should implement a log to record from where the page is called and what data is sent.
"... is to change the form action to a page on our site, log the payment attempt, and then submit the form again to the credit card company." This is a doable solution.
I have a page where user is asked only for the payment amount, then user will be redirected to another website where the payment will be processed, I want the amount to be set on the redirected page without using querystring,cokkie, etc..
I tried to use web service but here is my challange:
user enters amount on the website.
webservice is called and set the amount to ex:400$
then user is redirected without any query string to another website.
Now:
how this payment website will know that this user is the user entered 400$ on the redirecting page?
I can count on approaches more secure than this also.
thanks
I have made some research on net and asked my experienced friends, the answer is "impossible" this way.
Because redirected website somehow identify that user and there is no solution without querystrings or browser related components,
Here is my friend's advice and i am little bit satisfied, not totally :)
He calls this approach as ticketing,
First create a datetime.now integer, with that number add id and amount of money to be processed.
Then make a complex function to encrypt data. take square of every odd digit then divide to 7 etc.
then on the other website, decrypt data and check datetime if its within 5 minutes for example,
the link is valid.
You have to pass the data to the other website somehow.
Cookies wouldn't work due to domain restrictions.
Query string or form posts could work, but you don't want to use query strings.
Alternatively, if both sites share infrastructure, you could use that to share information - for example if they both have access to the same database, you could use that to share data (though you would still need to identify the specific user to both sites).
The way the service would have to work is to give back some token, probably a GUID, that the site will then look for in the querystring of an HTTP request, to identify the owner of that pre-populated data. You then tack that token onto your redirect, and the client makes a request that causes the payment site to go pull the pre-loaded data for that client.
You still have to use a query string, but now, the query string doesn't contain any human-consumable information; they can't identify their $400 amount in the query string and change it to a different amount of money. If they change the GUID at all, the request will most likely fail as that GUID won't exist in whatever datastore of pre-populated data exists behind the payment site.
Contact the website/web service/gateway. They will provide you the API which will define parameters and methods to accept payment amount. If you are the author of such service, provide mechanism to accept such parameters from your caller application. Communication should be secure, using SSL.
For example for payment gateway Paypal, check this for ideas:
Use of the PayPal payment system in ASP.NET
Have a look on wikipedia.
Shortly the answer is impossible this way, because somehow the redirect website should identify the user, all the ways are browser related or ip ( which can cause many issues later)