Versions Compared

Old Version 3

changes.mady.by.user Seth Petry-Johnson

Saved on

compared with

New Version 4

changes.mady.by.user Seth Petry-Johnson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview

Authorize.Net is a feature-rich, mature payment gateway that includes fraud protection and a PCI compliant checkout mode.

Note

The only PCI Compliant checkout mode for AuthorizeAuth.Net is 3-Step Handshake.

...

Client’s AuthNet configuration

Info

The See Authorize.Net account manager must provide their Public Client Key, API Login ID, and a Transaction Key in order to set up 3-Step Handshake in LearningBuilder.

AppConfig settings

...

Category

...

Setting

...

Notes

...

Payment

...

EnableCreditCardValidation

If enabled, LearningBuilder does an algorithmic check on the credit card number before submitting to the gateway. (For instance, ensuring that Visa cards start with a “4”, and other card-specific checks)

...

net’s Getting Started Guide

Once the merchant account is configured, obtain the following information from the client:

Data

Notes

Public Client Key

Obtained from AuthNet Merchant Interface:

Account -> Settings -> Security Settings -> General Security Settings
-> Manage Public Client Key

API Login Id

Obtained from AuthNet Merchant Interface:

Account -> Settings -> Security Settings -> General Security Settings
-> API Credentials & Keys

AuthNet Password

AuthNet Transaction Key

These credentials are need to authenticate to the AuthNet system. They cannot be obtained from the Merchant Interface.

AFDS Settings

Info

Determine whether the client uses the Advanced Fraud Detection Suite (AFDS). Some AuthNet-specific errors are generated based on the AFDS settings, and there are ways to edit these settings to mitigate errors in LearningBuilder.

For more information, see Authorize.Net Fraud Detection (AFDS)

LearningBuilder configuration

Note

By policy, the only supported AuthNet checkout mode is ThreeStep, to use the PCI-compliant implementation.

“Payment - General” Config Settings

Setting Name

Setting Description

Notes

EnableCreditCardValidation

Determines if the credit card entered is validated before submitting transaction.

Warning

This setting is not compatible with the http://Authorize.Net Gateway.

HostedPagesTokenTimeoutMinutes

Duration after redirecting someone to a hosted pages checkout form that we consider their pending transaction to have expired. See Hosted Pages docs.

Warning

This setting is not compatible with the http://Authorize.Net Gateway.

ManualPaymentDocumentationFileTypes

Types of files that can be uploaded as payment documentation. This should be a subset of images that can be converted to PDF.

This configuration only applies if RequireAttachmentsWhenRecordingPayments is set to true AND PaymentDocumentationFileLibrary is set to a File Library ID.

The product default should suffice, unless the client only wants to review specific file types

. This configuration only matters if RequireAttachmentsWhenRecordingPayments is set to true

.

PaymentAllowedCcTypes

List of allowed credit card types. This controls both what is visible on the checkout page. You must enter the values from the StringConstant attribute on the CreditCardTypesEnum. Invalid values are currently ignored. Valid values are listed in the CreditCardTypesEnum.

AuthNet’s website says they accept AmericanExpress, Discover, JCB, MasterCard, Visa; but their developer documentation says they also accept DinersClub, so unless the client specifically only wants to accept certain credit cards, the default value should suffice.

PaymentCheckoutMode

(warning) The only PCI-compliant mode supported by AuthNet is “ThreeStep”

PaymentDocumentationFileLibrary

Warning

This setting is not compatible with the http://Authorize.Net Gateway.

PaymentCheckoutMode

Which checkout mode to use for charge transactions - Possible options are: "SecurePost", "HostedPages", "HostedPagesIFrame", "TwoStep" or "ThreeStep"

Set to ThreeStep.

After the user enters their credit card information, LearningBuilder submits that data directly to the payment gateway as a background post. The user’s browser does not navigate away from LearningBuilder.

The gateway securely stores the credit card data, without processing a transaction, and returns a token that can be used to reference those saved credentials at a later time.

The user then finishes the checkout process in LearningBuilder, which includes a “checkout confirmation” page. Once the user confirms their intent, LearningBuilder makes a second background post to the gateway. This post includes the transaction details (amount, etc) plus the token that was received earlier. The payment gateway then uses the stored card data to complete a transaction.

Info

This approach provides a seamless user experience without sacrificing security. It is the recommended approach for many customers.

Tip

This approach is secure because no credit card data is submitted to or processed by LearningBuilder in any way. The credit card data is submitted directly to the gateway, which then gives LearningBuilder a secure, one-time-use token for referring to those credentials at a later time. This token cannot be used to “reverse engineer” or compromise the card details.

For more information on this methodology, see this link.

PaymentDocumentationFileLibrary

This is the ID of the File Library in which newly uploaded payment documentation files are stored. If EMPTY, the ability to upload documentation when recording a payment will be suppressed.

Enables the “upload payment documentation” feature which allows users to upload a file (e.g. a scan of a check) when recording a manual payment.

(See also RequireAttachmentsWhenRecordingPayments)Setting this to EMPTY disables

Keep as the Product Default (empty) to disable this feature.

If specified, this should be the ID of the File Library in which the documentation files will be stored. File libraries are managed in Sys Admin → App Configuration → File Libraries.

Note

PER HEURISTICS POLICY, in PROD environments this must point to an encrypted File Library.

Note

WARNING: Once initialized to a non-empty value, changing this to point to a different library will cause the 'view documentation' link to vanish to any payments referencing the original library. This can be resolved by manually updating the pre-existing files to belong to the new library instead. Please consult with the technical support team before changing this setting from one library to another.

PaymentEnabled

This must be set to true in order to use AuthNet in LB.

PaymentGateway

Must be set to “AuthNet”

Enable to support payments. Disable if payments are not required.

Set to true.

PaymentGateway

Active Payment Gateway - AuthNet or AuthNetFake - PayflowPro or PayflowProFake - PayPal or PayPalFake - Moolah or MoolahFake - USAePay - AlabamaInteractive. In 'SecurePost' PaymentCheckoutMode, the fake gateways support three simulated responses: 1. FirstName = MissingId: This will result in an Approval but no Transaction ID 2. FirstName = Decline: This will result in a Declined status. 3. FirstName = Anything else: This will result in an approval. In 'HostedPages', 'HostedPagesIFrame', or 'ThreeStep' PaymentCheckoutMode, the authorization is successful and marked as paid.

Set to AuthNet.

PaymentHistoryItemDisplayLimit

The number of transaction line items displayed on the payment history page before they get rolled up into 1 line item.

The recommended limit is the

default

Product Default of 5.

RequireAttachmentsWhenRecordingPayments

Requires a user to upload payment documentation when manually recording a

manual

payment.

Requires that PaymentDocumentationFileLibrary be

This configuration only applies if PaymentDocumentationFileLibrary is set to a

valid

File Library ID.

Requires a user to upload payment documentation when manually recording a manual payment.

ShoppingCartItemDisplayLimit

The number of shopping cart items displayed on the checkout page before they get rolled up into 1 line item.

There doesn’t seem to be an actual numerical limit. However, the

The recommended limit is the

default

Product Default of 25.

VoucherEnabled

Enable to allow vouchers to be used towards payments.

The http://Authorize.Net Gateway supports payment vouchers. Set to true to enable this feature. Set to false to keep this feature disabled.

VoucherUsageLockDurationInMinutes

The number of minutes that a Voucher code is locked as in-use when first selected for payment, to prevent multiple users from using the same code at the same time.

Only used if Vouchers are in use.Recommended limit is the default

Enter the number of minutes for which the voucher code should continue to be locked after it is initially entered into a LearningBuilder Check Out page. The recommended lock duration is the Product Default of 30 minutes.

Payment

“Payment - Authorize.

...

AuthNetApiLoginId

...

Net” Config Settings

LIVE settings

Setting Name

Setting Description

Notes

AuthNetApiLoginId

Test Credit Card: Visa 4007000000027

This is the API Login ID uniquely associated to the client’s payment gateway account. It is used to authenticate that the e-commerce site (LearningBuilder) is authorized to submit transaction to the Merchant’s payment gateway. Refer to https://heuristicsolutions.atlassian.net/wiki/spaces/~164013351/pages/3459383334/Client-Side+Configuration+of+Authorize.Net#Credentials-%26-Keys for information on where the client can find that ID.

AuthNetLiveUrl

The fully resolved URL for the

Autorize

http://Authorize.NET API service for LIVE Transactions

This should stay as the product defaultMost clients who use AuthNet either have it as the default or empty

Leave as the Product Default https://secure.authorize.net/gateway/transact.dll.

AuthNetMerchantEmail

The email address used with Authorize.NET. Exact purpose unclear, but may be passed to AuthNet in some backend API calls.

AuthNetPassword

The Password needed for logging into the Authorize.NET API

How is this different from the transaction key? Is the product default fine?

https://account.authorize.net/helpCP/Account/Settings/Security_Settings/General_Settings/API_Login_ID_and_Transaction_Key.htm ← According to this, there’s no such thing as an AuthNet password for the API. It’s only a transaction key. So what does LB mean when they ask for the Password? Are they actually asking for the merchant interface password (meaning that the tooltip is incorrect), or are they asking for access to the API and either I’m not finding the correct documentation OR this is just the same thing as the Transaction Key and the same information should be entered? See also: https://developer.authorize.net/hello_world/common_setup_questions.html#API_login

Deprecated. Do not use.

Warning

This setting was intended to store the client’s login information to their Merchant Account. It serves no function in LearningBuilder. We do not store this type of sensitive information in our system. Do not use.

AuthNetMode

Determines whether transactions should be processed as Test transactions. Acceptable values are 'Test', 'Live' or empty.

And what does this mean? Most using 3-step have it as Live, but some have it empty. Does it matter? Those using AuthNet but SecurePost have some defaulted to test, but I guess payments still work. What gives?

Set to Live. If left empty, this will default to Live.

AuthNetPassword

Deprecated. Do not use.

Warning

This setting was intended to store the client’s login information to their Merchant Account. It serves no function in LearningBuilder. We do not store this type of sensitive information in our system. Do not use.

AuthNetPublicClientKey

This is the key that is used for the 'ThreeStep' payment checkout mode. Obtain key from Auth.Net Merchant Interface: Account > Settings > Security Settings > General Security Settings > Manage Public Client Key

This is the Public Client Key generated from the http://Authorize.Net merchant interface. It is used to identify client application requests from the Accept client libraries such as Accept.js, Accept Mobile, etc.

Refer to https://heuristicsolutions.atlassian.net/wiki/spaces/~164013351/pages/3459383334/Client-Side+Configuration+of+Authorize.Net#Credentials-%26-Keys for information on where the client can find that key.

AuthNetRestApiUrlLive

The fully resolved URL for the http://Authorize.net REST API service for LIVE Transactions

Used for in-app refunds. Leave as Product Default https://api.authorize.net/xml/v1/request.api.

AuthNetRestApiUrlTest

The fully resolved URL for the http://Authorize.net REST API service for TEST Transactions

Used for in-app refunds. Leave as Product Default https://apitest.authorize.net/xml/v1/request.api.

AuthNetTestUrl

The fully resolved URL for the http://Autorize.NET API service for TEST Transactions

Leave as the Product Default https://test.authorize.net/gateway/transact.dll.

AuthNetTransactionKey

Unique key provided by Client for using http://Authorize.NET API

AuthNetTransactionMethod

Determines the type of transaction. This value should always be CC

Leave as the Product Default CC.

AuthNetTransactionType

Determines what actions http://Authorize.NET should take with the information provided. This value should be set to AUTH_CAPTURE unless client has specifically requested another method. Acceptable values are AUTH_CAPTURE or AUTH_ONLY

This value should be set to AUTH_CAPTURE unless client has specifically requested another method. Acceptable values are AUTH_CAPTURE or AUTH_ONLY.

AuthNetVersion

The version of the http://Authorize.NET API that should be used.

Leave as the Product Default; it will only be updated if LearningBuilder is updated to use a newer version of the http://Authorize.Net integration.

TEST settings

Setting Name

Setting Description

Notes

AuthNetApiLoginId

Test Credit Card: Visa 4007000000027

Ask QA for the http://Authorize.Net test credentials.

AuthNetMerchantEmail

The email address used with http://Authorize.NET

Exact purpose unclear, but may be passed to AuthNet in some backend API calls…

Most clients who use AuthNet either have it as the default or empty.

AuthNetMode

Determines whether transactions should be processed as Test transactions. Acceptable values are 'Test', 'Live' or empty.

Set to Live. If left empty, this will default to Live.

AuthNetPassword

The Password needed for logging into the http://Authorize.NET API

I don’t think this setting makes any difference whatsoever?

AuthNetPublicClientKey

This is the key that is used for the 'ThreeStep' payment checkout mode. Obtain key from Auth.Net Merchant Interface: Account > Settings > Security Settings > General Security Settings > Manage Public Client Key

This is the Public Client Key generated from the http://Authorize.Net merchant interface.

Refer to https://heuristicsolutions.atlassian.net/wiki/spaces/~164013351/pages/3459383334/Client-Side+Configuration+of+Authorize.Net#Credentials-%26-Keys for information on where the client can find that key.

AuthNetTestUrl

The fully resolved URL for the http://Autorize.NET API service for TEST Transactions

This should stay as the product default

Leave as the Product Default https://test.authorize.net/gateway/transact.dll.

AuthNetTransactionKey

Unique key provided by Client for using http://Authorize.NET API

See AuthNetPassword question

Ask QA for the http://Authorize.Net test credentials.

AuthNetTransactionMethod

Determines the type of transaction. This value should always be

“CC”

CC

Leave as the Product Default CC.

AuthNetTransactionType

Determines what actions http://Authorize.NET should take with the information provided. This value should be set to AUTH_CAPTURE unless client has specifically requested another method. Acceptable values are AUTH_CAPTURE or AUTH_ONLY

This value should be set to AUTH_CAPTURE unless client has specifically requested another method. Acceptable values are AUTH_CAPTURE or AUTH_ONLY.

AuthNetVersion

The version of the http://Authorize.NET API that should be used.

This should stay

Leave as the

product default

Product Default; it will only be updated if LearningBuilder is updated to use a newer version of the

AuthNet

http://Authorize.Net integration.

Configurations for 3-Step Handshake (LB Version 10.5.1)

PaymentCheckoutMode

This must be set to ThreeStep in order to use 3-Step Handshake.

AuthNetPublicClientKey

This must be entered before 3-Step Handshake can be enabled. The client will need to provide the public client key. They can find it through their Auth.Net Merchant Interface: Account > Settings > Security Settings > General Security Settings > Manage Public Client Key.

AuthNetMode

This must be set to Live in order to use 3-Step Handshake.

AuthNetApiLoginId

This is the Account ID that the client will need to provide in order to log in to the Authorize.NET API. This should already be configured if the client is using AuthNet.

AuthNetPassword & AuthNetTransactionKey

...

“Payment - Test Settings” Config Settings

Setting Name

Setting Description

Notes

PaymentTestCCNum

This value will be prepopulated into the Credit Card number field on payment screens when the PaymentTestMode is set to true

Warning

This setting is not compatible with the http://Authorize.Net Gateway.

Leave this field empty.

PaymentTestCVVCode

This value will be prepopulated into the CVV security field on payment screens when the PaymentTestMode is set to true

This configuration only applies if PaymentTestMode is set to true.

Enter a 3- or 4-digit number to prepopulate the CVV/CVC Code field on the Check Out form.

PaymentTestExpMonth

This value will be prepopulated into the Expiration Month field on payment screens when the PaymentTestMode is set to true

This configuration only applies if PaymentTestMode is set to true.

Enter an integer value between 1 and 12 to prepopulate the Expiration Date month field on the Check Out form.

PaymentTestExpYear

This value will be prepopulated into the Expiration Year field on payment screens when the PaymentTestMode is set to true

This configuration only applies if PaymentTestMode is set to true.

Enter an integer value between [current year] and [current year + 10] to prepopulate the Expiration Date year field on the Check Out form.

PaymentTestMode

Setting test mode to true only results in prefilling the payment page with the values entered in the other "test" settings

Only set this field to true when testing payments if you want to prepopulate credit card information into the Check Out form. Otherwise, leave as false.