Authorize.net’s Direct Post Method of payment gateway integration is a great option for Magento sites because it allows for a seamless customer experience while simplifying PCI compliance by keeping all sensitive credit card information off of the Magento server. Configuring Magento for use with Direct Post Method (DPM) is supposed to be quick and easy and it can be as long as you aware of a few less than obvious steps.
Make sure that your Authorize.net account is a “Card Not Present” (CNP) account. You can confirm whether or not your Authorize.net account is setup for CNP transactions by logging in to the Merchant Account Admin and verifying that you have CNP features like Recurring Billing and Fraud Detection Suite listed in the Tools section. If you do not see these options or you get errors like “Transactions of this market type cannot be processed on this system” when attempting to authorize payments, the issue is most likely that the account is setup for card present transactions only. If you are using a test account the easiest solution is to just create a new account and make sure to select Card Not Present.
Make sure to set an MD5-Hash. DPM uses an MD5-Hash as a sort of secret key that is set in in the auth.net merchant admin and the Magento admin to help secure comminication between your magento store and auth.net. If during checkout, after entering credit card information and clicking “Place Order”, you get a pop-up alert saying “Response hash validation failed. Transaction declined.” the problem is most likely that this is not set. Set an MD5-Hash in the Authorize.net merchant admin under Settings > Security Settings > General Security Settings > MD5-Hash. Then enter that same value in the Magento Admin under System > Configuration > Payment Methods > Authorize.net Direct Post > Merchant MD5.
- Make sure that your server’s time is set correctly. DPM makes use of a timestamp as a security measure and to help synchronize requests. If the server’s time is incorrect you may receive a pop up stating “Gateway error: This transaction cannot be accepted.” This is a generic error message. To get more specific error information you can go into app/code/core/Mage/Authorizenet/Model/Directpost.php and either log or dump
function process()by doing something like
var_dump($reponse); die();to output the response from auth.net. If you get a response code 3 with a response reason code of 97 the timestamp value submitted in
x_fp_timestampis either 15 minutes ahead, or 15 minutes behind in Greenwich Mean Time (GMT) (this is the equivalent of 900 seconds ahead or 900 seconds behind in Coordinated Universal Time, or UTC). You can test your timestamps accuracy using this tool http://developer.authorize.net/tools/responsecode97/ . On linux you can get the server time using the date command. If it is incorrect consider setting up Network Protocol Time by doing soething like this: http://alienlayer.com/install-and-configure-ntp-to-synchronize-the-system-clock-on-centos/
Make sure to set the Gateway URL correctly. For test accounts Test Mode should be set to NO and the Gateway URL should be set to https://test.authorize.net/gateway/transact.dll. For Live accounts this should be chagned to https://secure.authorize.net/gateway/transact.dll
Other than that the configuration is pretty straightforward. In the Magento Admin the Authoize.net Direct Post configuration should look something like this:
I hope this helps get you up and running with this very simple and secure payment method. Please feel free to drop any questions in the comments.
Originally published on magebase.com. Copyright © 2013 Magebase - All Rights Reserved.