Overview
Authorize.Net is a feature-rich, mature payment gateway that includes fraud protection and a PCI compliant checkout mode.
The only PCI Compliant checkout mode for Auth.Net is 3-Step Handshake.
Client’s AuthNet configuration
See Authorize.net’s Getting Started Guide
Once the merchant account is configured, obtain the following information from the client:
Data | Notes |
|---|---|
Public Client Key | Obtained from AuthNet Merchant Interface: Account -> Settings -> Security Settings -> General Security Settings |
API Login Id | Obtained from AuthNet Merchant Interface: Account -> Settings -> Security Settings -> General Security Settings |
AuthNet Password AuthNet Transaction Key | These credentials are need to authenticate to the AuthNet system. They cannot be obtained from the Merchant Interface. |
AFDS Settings
Determine whether the client uses the Advanced Fraud Detection Suite (AFDS). Some AuthNet-specific errors are generated based on the AFDS settings, and there are ways to edit these settings to mitigate errors in LearningBuilder.
For more information, see Authorize.Net Fraud Detection (AFDS)
LearningBuilder configuration
By policy, the only supported AuthNet checkout mode is ThreeStep, to use the PCI-compliant implementation.
“Payment - General” Config Settings
Setting Name | Setting Description | Notes |
|---|---|---|
EnableCreditCardValidation | Determines if the credit card entered is validated before submitting transaction. | This setting is not compatible with the http://Authorize.Net Gateway. |
HostedPagesTokenTimeoutMinutes | Duration after redirecting someone to a hosted pages checkout form that we consider their pending transaction to have expired. See Hosted Pages docs. | This setting is not compatible with the http://Authorize.Net Gateway. |
ManualPaymentDocumentationFileTypes | Types of files that can be uploaded as payment documentation. This should be a subset of images that can be converted to PDF. | This configuration only applies if RequireAttachmentsWhenRecordingPayments is set to The product default should suffice, unless the client only wants to review specific file types. |
PaymentAllowedCcTypes | List of allowed credit card types. This controls both what is visible on the checkout page. You must enter the values from the StringConstant attribute on the CreditCardTypesEnum. Invalid values are currently ignored. Valid values are listed in the CreditCardTypesEnum. | This setting is not compatible with the http://Authorize.Net Gateway. |
PaymentCheckoutMode | Which checkout mode to use for charge transactions - Possible options are: "SecurePost", "HostedPages", "HostedPagesIFrame", "TwoStep" or "ThreeStep" | Set to After the user enters their credit card information, LearningBuilder submits that data directly to the payment gateway as a background post. The user’s browser does not navigate away from LearningBuilder. The gateway securely stores the credit card data, without processing a transaction, and returns a token that can be used to reference those saved credentials at a later time. The user then finishes the checkout process in LearningBuilder, which includes a “checkout confirmation” page. Once the user confirms their intent, LearningBuilder makes a second background post to the gateway. This post includes the transaction details (amount, etc) plus the token that was received earlier. The payment gateway then uses the stored card data to complete a transaction. This approach provides a seamless user experience without sacrificing security. It is the recommended approach for many customers. This approach is secure because no credit card data is submitted to or processed by LearningBuilder in any way. The credit card data is submitted directly to the gateway, which then gives LearningBuilder a secure, one-time-use token for referring to those credentials at a later time. This token cannot be used to “reverse engineer” or compromise the card details. For more information on this methodology, see this link. |
PaymentDocumentationFileLibrary | This is the ID of the File Library in which newly uploaded payment documentation files are stored. If EMPTY, the ability to upload documentation when recording a payment will be suppressed. | Enables the “upload payment documentation” feature which allows users to upload a file (e.g. a scan of a check) when recording a manual payment. Keep as the Product Default If specified, this should be the ID of the File Library in which the documentation files will be stored. File libraries are managed in Sys Admin → App Configuration → File Libraries. PER HEURISTICS POLICY, in PROD environments this must point to an encrypted File Library. WARNING: Once initialized to a non-empty value, changing this to point to a different library will cause the 'view documentation' link to vanish to any payments referencing the original library. This can be resolved by manually updating the pre-existing files to belong to the new library instead. Please consult with the technical support team before changing this setting from one library to another. |
PaymentEnabled | Enable to support payments. Disable if payments are not required. | Set to |
PaymentGateway | Active Payment Gateway - AuthNet or AuthNetFake - PayflowPro or PayflowProFake - PayPal or PayPalFake - Moolah or MoolahFake - USAePay - AlabamaInteractive. In 'SecurePost' PaymentCheckoutMode, the fake gateways support three simulated responses: 1. FirstName = MissingId: This will result in an Approval but no Transaction ID 2. FirstName = Decline: This will result in a Declined status. 3. FirstName = Anything else: This will result in an approval. In 'HostedPages', 'HostedPagesIFrame', or 'ThreeStep' PaymentCheckoutMode, the authorization is successful and marked as paid. | Set to |
PaymentHistoryItemDisplayLimit | The number of transaction line items displayed on the payment history page before they get rolled up into 1 line item. | The recommended limit is the Product Default of |
RequireAttachmentsWhenRecordingPayments | Requires a user to upload payment documentation when manually recording a payment. | This configuration only applies if PaymentDocumentationFileLibrary is set to a File Library ID. Requires a user to upload payment documentation when manually recording a manual payment. |
ShoppingCartItemDisplayLimit | The number of shopping cart items displayed on the checkout page before they get rolled up into 1 line item. | The recommended limit is the Product Default of |
VoucherEnabled | Enable to allow vouchers to be used towards payments. | The http://Authorize.Net Gateway supports payment vouchers. Set to |
VoucherUsageLockDurationInMinutes | The number of minutes that a Voucher code is locked as in-use when first selected for payment, to prevent multiple users from using the same code at the same time. | Enter the number of minutes for which the voucher code should continue to be locked after it is initially entered into a LearningBuilder Check Out page. The recommended lock duration is the Product Default of |
“Payment - Authorize.Net” Config Settings
LIVE settings
Setting Name | Setting Description | Notes |
|---|---|---|
AuthNetApiLoginId | Test Credit Card: Visa 4007000000027 | This is the API Login ID uniquely associated to the client’s payment gateway account. It is used to authenticate that the e-commerce site (LearningBuilder) is authorized to submit transaction to the Merchant’s payment gateway. Refer to https://heuristicsolutions.atlassian.net/wiki/spaces/~164013351/pages/3459383334/Client-Side+Configuration+of+Authorize.Net#Credentials-%26-Keys for information on where the client can find that ID. |
AuthNetLiveUrl | The fully resolved URL for the http://Authorize.NET API service for LIVE Transactions | Leave as the Product Default |
AuthNetMerchantEmail | Deprecated. Do not use. | This setting was intended to store the client’s login information to their Merchant Account. It serves no function in LearningBuilder. We do not store this type of sensitive information in our system. Do not use. |
AuthNetMode | Determines whether transactions should be processed as Test transactions. Acceptable values are 'Test', 'Live' or empty. | Set to |
AuthNetPassword | Deprecated. Do not use. | This setting was intended to store the client’s login information to their Merchant Account. It serves no function in LearningBuilder. We do not store this type of sensitive information in our system. Do not use. |
AuthNetPublicClientKey | This is the key that is used for the 'ThreeStep' payment checkout mode. Obtain key from Auth.Net Merchant Interface: Account > Settings > Security Settings > General Security Settings > Manage Public Client Key | This is the Public Client Key generated from the http://Authorize.Net merchant interface. It is used to identify client application requests from the Accept client libraries such as Accept.js, Accept Mobile, etc. Refer to https://heuristicsolutions.atlassian.net/wiki/spaces/~164013351/pages/3459383334/Client-Side+Configuration+of+Authorize.Net#Credentials-%26-Keys for information on where the client can find that key. |
AuthNetRestApiUrlLive | The fully resolved URL for the http://Authorize.net REST API service for LIVE Transactions | Used for in-app refunds. Leave as Product Default |
AuthNetRestApiUrlTest | The fully resolved URL for the http://Authorize.net REST API service for TEST Transactions | Used for in-app refunds. Leave as Product Default |
AuthNetTestUrl | The fully resolved URL for the http://Autorize.NET API service for TEST Transactions | Leave as the Product Default |
AuthNetTransactionKey | Unique key provided by Client for using http://Authorize.NET API | |
AuthNetTransactionMethod | Determines the type of transaction. This value should always be CC | Leave as the Product Default |
AuthNetTransactionType | Determines what actions http://Authorize.NET should take with the information provided. This value should be set to AUTH_CAPTURE unless client has specifically requested another method. Acceptable values are AUTH_CAPTURE or AUTH_ONLY | This value should be set to |
AuthNetVersion | The version of the http://Authorize.NET API that should be used. | Leave as the Product Default; it will only be updated if LearningBuilder is updated to use a newer version of the http://Authorize.Net integration. |
TEST settings
Setting Name | Setting Description | Notes |
|---|---|---|
AuthNetApiLoginId | Test Credit Card: Visa 4007000000027 | Ask QA for the http://Authorize.Net test credentials. |
AuthNetMerchantEmail | The email address used with http://Authorize.NET | Exact purpose unclear, but may be passed to AuthNet in some backend API calls… Most clients who use AuthNet either have it as the default or empty. |
AuthNetMode | Determines whether transactions should be processed as Test transactions. Acceptable values are 'Test', 'Live' or empty. | Set to |
AuthNetPassword | The Password needed for logging into the http://Authorize.NET API | I don’t think this setting makes any difference whatsoever? |
AuthNetPublicClientKey | This is the key that is used for the 'ThreeStep' payment checkout mode. Obtain key from Auth.Net Merchant Interface: Account > Settings > Security Settings > General Security Settings > Manage Public Client Key | This is the Public Client Key generated from the http://Authorize.Net merchant interface. Refer to https://heuristicsolutions.atlassian.net/wiki/spaces/~164013351/pages/3459383334/Client-Side+Configuration+of+Authorize.Net#Credentials-%26-Keys for information on where the client can find that key. |
AuthNetTestUrl | The fully resolved URL for the http://Autorize.NET API service for TEST Transactions | Leave as the Product Default |
AuthNetTransactionKey | Unique key provided by Client for using http://Authorize.NET API | Ask QA for the http://Authorize.Net test credentials. |
AuthNetTransactionMethod | Determines the type of transaction. This value should always be CC | Leave as the Product Default |
AuthNetTransactionType | Determines what actions http://Authorize.NET should take with the information provided. This value should be set to AUTH_CAPTURE unless client has specifically requested another method. Acceptable values are AUTH_CAPTURE or AUTH_ONLY | This value should be set to |
AuthNetVersion | The version of the http://Authorize.NET API that should be used. | Leave as the Product Default; it will only be updated if LearningBuilder is updated to use a newer version of the http://Authorize.Net integration. |
“Payment - Test Settings” Config Settings
Setting Name | Setting Description | Notes |
|---|---|---|
PaymentTestCCNum | This value will be prepopulated into the Credit Card number field on payment screens when the PaymentTestMode is set to true | This setting is not compatible with the http://Authorize.Net Gateway. Leave this field empty. |
PaymentTestCVVCode | This value will be prepopulated into the CVV security field on payment screens when the PaymentTestMode is set to true | This configuration only applies if PaymentTestMode is set to Enter a 3- or 4-digit number to prepopulate the CVV/CVC Code field on the Check Out form. |
PaymentTestExpMonth | This value will be prepopulated into the Expiration Month field on payment screens when the PaymentTestMode is set to true | This configuration only applies if PaymentTestMode is set to Enter an integer value between 1 and 12 to prepopulate the Expiration Date month field on the Check Out form. |
PaymentTestExpYear | This value will be prepopulated into the Expiration Year field on payment screens when the PaymentTestMode is set to true | This configuration only applies if PaymentTestMode is set to Enter an integer value between [current year] and [current year + 10] to prepopulate the Expiration Date year field on the Check Out form. |
PaymentTestMode | Setting test mode to true only results in prefilling the payment page with the values entered in the other "test" settings | Only set this field to |