concretecms-community-store / community_store

An open, free and community developed eCommerce system for Concrete CMS
https://concretecms-community-store.github.io/community_store/
MIT License
106 stars 66 forks source link

Authorize.net integration #33

Closed OKDnet closed 7 years ago

OKDnet commented 8 years ago

For whatever reason(s), in the USA Authorize.net is probably the most common and popular merchant account gateway provider. As such, this is just a suggestion for getting this implemented into the Community Store project, ideally sooner than later. I think it will go a long way towards fast tracking this project and implementation. It's not something I can take on right now unfortunately, so if anyone else wants to have at it, please do.

Mesuva commented 8 years ago

I agree it would be great to support further popular gateways like Authorize.net.

Personally I don't have much of a reason to invest time it myself (being an Aussie where we deal in Dollarydoos), but I'm happy to provide a bit of guidance.

Fortunately Authorize.net is a gateway support by Ominipay: https://github.com/thephpleague/omnipay-authorizenet The Stripe gateway already released uses Ominpay, which means it could potentially be cloned, with the library swapped out for the authorizenet one.

BUT... and I think it's a big but... from having a look at the way Authorize.net processes cards, I can't see in their API a token or direct payment mechanism for accepting cards. In other words, it appears that to use Authorize.net you HAVE to directly accept the card data on your webserver first, then send it server to server to do the transactions.

Doing a transaction this way means that your server has to be PCI compliant, and you're simply exposed to more risk. When many/most sites are on shared hosting, this compliance isn't really practical.

I personally recommend only using gateways that allow token or direct processing, where the card data is always sent directly from the customer's browser to the payment gateway, with the webserver only dealing in tokens and redirects.

So I'd be hesitant to encourage a new gateway along these lines.

I could be wrong about this though, there might be a way to do it with Authorize.net, I just couldn't find it in their doco.

Remo commented 8 years ago

@Mesuva I think their AuthorizeNet_SIM method allows you to redirect to their server and then use a callback to finish the order in your own store. I've got the same problem though, no one cares about authorize.net over here.

Mesuva commented 8 years ago

Ah yes, I was quite wrong about Authorizenet. I was focusing on their AIM method, I think I misread their description about SIM, I thought it was for something else.

So my rant about really only applies to Authorize.net AIM.

I reckon the DPM version (Direct Post Method) would be the one to go for, as it means a payment form can still be customised on a site and you don't get redirected to one of those ugly payment forms.

OKDnet commented 8 years ago

Yes, you beat me to it @Remo, there are both methods available.

pinecreativelabs commented 8 years ago

I'm also in need of this for a client.

Mesuva commented 8 years ago

@pinecreativelabs This might be a really good one for you to tackle. You could take the Stripe add-on as a base, rename it, pull in the AIM package from github (i.e. change the composer file) and use the DPM mechanism.

If you wanted to do this, I can easily add you to to the community store organisation, for you to create the new repo - even if you got stuck, just the package up with the namespacing, etc, would be beneficial.

pinecreativelabs commented 8 years ago

Go ahead and add me to the organization. I think I'll make an attempt at this.

Mesuva commented 8 years ago

That's great. Now that I think about it a bit more I reckon a good way to approach this would be for you to have a crack at putting the package together, publish that to your own github account, where you can put a clear notice that it's under development. Then we can easily work on it there and review it.

Then once it became stable, it's very easy to move it to under the organisation account (if you still wanted to do that). My thinking is that it might be better to always treat things that are published under the community store group as 'complete and stable' rather than using it for heavy development. The goal with the store in general is that 'the master is always deployable', so I don't think it should be different with related projects.

pinecreativelabs commented 8 years ago

Has Authorize.net been added yet?

Mesuva commented 8 years ago

@pinecreativelabs Not that I'm aware of. Have you investigated what is required?

Mesuva commented 7 years ago

Just a heads-up, I have this mostly complete

Mesuva commented 7 years ago

BAM! - https://github.com/concrete5-community-store/community_store_authorize_net