Customer Information Manager (CIM) XML Guide Authorize.Net CIM
User Manual: Pdf
Open the PDF directly: View PDF .
Page Count: 119
Download | |
Open PDF In Browser | View PDF |
Merchant Web Services API Customer Information Manager (CIM) XML Guide Authorize.Net Developer Support http://developer.authorize.net Authorize.Net LLC 082007 Ver.1.0 Authorize.Net LLC (“Authorize.Net”) has made efforts to ensure the accuracy and completeness of the information in this document. However, Authorize.Net disclaims all representations, warranties and conditions, whether express or implied, arising by statute, operation of law, usage of trade, course of dealing or otherwise, with respect to the information contained herein. Authorize.Net assumes no liability to any party for any loss or damage, whether direct, indirect, incidental, consequential, special or exemplary, with respect to (a) the information; and/or (b) the evaluation, application or use of any product or service described herein. Authorize.Net disclaims any and all representation that its products or services do not infringe upon any existing or future intellectual property rights. Authorize.Net owns and retains all right, title and interest in and to the Authorize.Net intellectual property, including without limitation, its patents, marks, copyrights and technology associated with the Authorize.Net services. No title or ownership of any of the foregoing is granted or otherwise transferred hereunder. Authorize.Net reserves the right to make changes to any information herein without further notice. Authorize.Net Trademarks: Advanced Fraud Detection Suite™ Authorize.Net® Authorize.Net Your Gateway to IP Transactions™ Authorize.Net Verified Merchant Seal™ Authorize.Net Where the World Transacts® Automated Recurring Billing™ eCheck.Net® FraudScreen.Net® Last revised: 5/24/2011 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 1 Table of Contents Revision History ................................................................................. 5 Section 1 Developer Introduction...................................................... 6 Integration Methods.........................................................................................................6 Standard API .............................................................................................................................. 6 Hosted Option API ..................................................................................................................... 6 Minimum Requirements ..................................................................................................7 Developer Support ..........................................................................................................7 Software Development Kits .............................................................................................7 Section 2 Using the Hosted CIM Option............................................ 8 Designing Your Web Page ..............................................................................................9 Implementing a Redirect to Authorize.Net .......................................................................9 Example of a redirect to the hosted page: ........................................................................... 10 Implementing an iframe popup ......................................................................................10 Add payment ........................................................................................................................ 12 Edit payment ........................................................................................................................ 13 Add shipping ........................................................................................................................ 14 Edit shipping ......................................................................................................................... 15 Manage payment and shipping ............................................................................................ 16 Guidelines for Settings Parameters ...............................................................................17 Section 3 Executing an API Call ...................................................... 18 Web Service Locations ..................................................................................................18 CIM Functions ...............................................................................................................18 Field Validation and Test Mode .............................................................................................. 20 Authentication .......................................................................................................................... 20 Input Elements for createCustomerProfileRequest ............................................................. 21 Input Elements for createCustomerPaymentProfileRequest .............................................. 27 Input Elements for createCustomerShippingAddressRequest .......................................... 31 Input Elements for createCustomerProfileTransactionRequest ......................................... 33 For Authorization Only Transactions .................................................................................... 34 For Authorization and Capture Transactions ....................................................................... 40 Last revised: 5/24/2011 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 2 For Capture Only Transactions ............................................................................................ 46 For Prior Authorization and CaptureTransactions ............................................................... 52 For Refund Transactions ..................................................................................................... 58 For Void Transactions .......................................................................................................... 66 Input Elements for deleteCustomerProfileRequest ............................................................. 68 Input Elements for deleteCustomerPaymentProfileRequest .............................................. 69 Input Elements for deleteCustomerShippingAddressRequest ........................................... 70 Input Elements for getCustomerProfileIdsRequest ............................................................. 71 Input Elements for getCustomerProfileRequest .................................................................. 71 Input Elements for getCustomerPaymentProfileRequest ................................................... 72 Input Elements for getCustomerShippingAddressRequest ................................................ 73 Input Parameters for getHostedProfilePageRequest ........................................................... 74 Example getHostedProfilePageRequest.............................................................................. 74 Input Elements for updateCustomerProfileRequest ............................................................ 75 Input Elements for updateCustomerPaymentProfileRequest ............................................. 76 Input Elements for updateCustomerShippingAddressRequest ......................................... 82 Input Elements for updateSplitTenderGroupRequest ......................................................... 85 Input Elements for validateCustomerPaymentProfileRequest ........................................... 85 Section 4 Responses........................................................................ 88 CIM Responses .............................................................................................................88 Output for createCustomerProfileResponse ........................................................................ 89 Output for createCustomerPaymentProfileResponse ......................................................... 92 Output for createCustomerShippingAddressResponse...................................................... 93 Output for createCustomerProfileTransactionResponse .................................................... 94 Output for deleteCustomerProfileResponse ........................................................................ 95 Output for deleteCustomerPaymentProfileResponse ......................................................... 95 Output for deleteCustomerShippingAddressResponse ...................................................... 96 Output for getCustomerProfileIdsResponse ........................................................................ 97 Output for getCustomerProfileResponse ............................................................................. 98 Output for getCustomerPaymentProfileResponse ............................................................ 103 Output for getCustomerShippingAddressResponse ......................................................... 107 Output for getHostedProfilePageResponse ....................................................................... 110 Output for updateCustomerProfileResponse ..................................................................... 110 Output for updateCustomerPaymentProfileResponse ...................................................... 111 Output for updateCustomerShippingAddressResponse .................................................. 112 Output for updateSplitTenderGroupResponse .................................................................. 113 Last revised: 5/24/2011 Copyright © 1998 - 2007 Authorize.Net Corp. 3 Table of Contents Output for validateCustomerPaymentProfileResponse .................................................... 113 Duplicate Profile Verification........................................................................................114 Response Codes .........................................................................................................115 Index ............................................................................................... 117 Last revised: 5/24/2011 Copyright © 1998 - 2007 Authorize.Net Corp. 4 Revision History PUBLISH DATE UPDATES November 2007 Initial release of the Customer Information Manager (CIM) API May 2008 Remove SecureSource requirements and various updates January 2009 Addition of getCustomerProfileIdsRequest and various updates July 2009 Clarified usage of validationMode for createCustomerProfileRequest calls when no payment profile information is included. Added index. Added note about optional fields and .NET programming Corrected values for taxable variable. September 2009 Add note describing credit card authorizations for Visa April 2010 Clarified duplicate profile verification Updated table of error codes Updated createCustomerProfileTransactionRequest for Refund transactions June 2010 Changes required for Partial Authorization processing July 2010 Correct code examples May 2011 Add hosted option Clarification of validationMode Last revised: 5/24/2011 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 5 Section 1 Developer Introduction This guide describes the Web development required to create and manage customer profile information for the purpose of submitting transactions to the Authorize.Net Payment Gateway directly from a Web site or other application using extensible markup language (XML). Specifically, the Authorize.Net Customer Information Manager (CIM) Application Programming Interface (API) provides a mechanism for developers and value added resellers (VARs) to create, delete, get, and update customer profile information, including payment and address information, by means of direct integration between client software or applications and the Authorize.Net Payment Gateway. The CIM API accomplishes these functions through an XML call and subsequent XML response. Integration Methods Various options exist for integrating payments, designed to accommodate a range of business needs and coding abilities. Standard API You can use the API to submit transaction information to Authorize.Net when your customers enter data on your website. In this case, the customer enters data on your website, your website calls the API using either XML or SOAP: • XML: The Authorize.Net Application Programming Interface (API) offers an XML-only option, which allows you to invoke methods using XML for the exchange of information. • SOAP: The Authorize.Net API offers an alternate communication method, SOAP, to exchange information. The choice of XML or SOAP depends on the programming language you use. For PHP and Ruby, XML is recommended. For C# and other .NET languages, SOAP is recommended. With Java, either option will work. For information regarding requirements for using the API, see “Minimum Requirements” below. Hosted Option API For more secure exchange of information, the API allows you to establish a hosted connection, where any exchange of information occurs on the Authorize.Net secure servers. If the merchant needs to transmit sensitive cardholder information (for example, if a customer needs to change credit card information or add a new payment method), the hosted CIM option can be used. With the hosted CIM option, credit card data never needs to flow through the merchant’s website. You can use the hosted option either as an XML or a SOAP implementation. Last revised: 5/24/2011 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 6 Merchant Web Services API You must still use the standard API (either SOAP or XML) for some operations, such as creating a transaction. The hosted page only provides functionality for creating, updating, and deleting payment profiles and shipping addresses. For more information, please refer to Section 2, “Using the Hosted CIM Option,” on page 8. Minimum Requirements Before you begin this integration for an Authorize.Net Payment Gateway account, please check with the merchant to make sure that the following minimum requirements have already been met. • The merchant must have a U.S- based merchant bank account that allows Internet transactions. • The merchant must have an active Authorize.Net Card Not Present Payment Gateway account. • The merchant must be signed up for the CIM service. • The merchant must store account authentication data securely (for example, API login ID, transaction key). • The merchant’s website must use https. • The merchant’s website must support secure user registration for returning users. Note: Merchants should avoid storing any type of sensitive cardholder information. However, in the event that a merchant or third party must store sensitive customer business or payment information, compliance with industry standard storage requirements is required. Please see the Developer Security Best Practices White Paper at http://www.authorize.net/files/developerbestpractices.pdf for guidelines. Developer Support There are several resources available to help you successfully integrate a merchant Web site or other application to the Authorize.Net Payment Gateway. • The Developer Center at http://developer.authorize.net provides test accounts, sample code, FAQs, and troubleshooting tools. • If you can’t find what you need in the Developer Center, our Integration Team is available to answer your questions by e-mail at integration@authorize.net. • Be sure to read our Developer Security Best Practices White Paper at http://www.authorize.net/files/developerbestpractices.pdf for information on how to maximize the security and reliability of your merchant integration solutions. If you have any suggestions about how we can improve or correct this guide, please e-mail documentation@authorize.net. Software Development Kits Authorize.Net offers software development kits (SDKs) that present an alternate object-oriented model, in several popular languages. The SDK performs the core payment activities (such as error handling and parsing, network communication, and data encoding) behind the scenes. The SDK provides utility methods to help developers build payment flows for each of the integration methods. You can download the SDKs at http://developer.authorize.net/downloads/. Last revised: 5/24/2011 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 7 Section 2 Executing an API Call Section 2 Using the Hosted CIM Option Authorize.Net offers merchants the option of connecting their customers directly to the Authorize.Net hosted profile page if they need to transmit sensitive data such as changes in payment profiles. The purpose of the hosted CIM option is to collect data, not to process payments. Processing payments is done using the standard CIM API where payment data is represented by a profile ID. The steps in a typical hosted CIM process are: • • A customer registers an account with a merchant website The merchant calls Authorize.Net API method CreateCustomerProfileRequest to create an empty profile Input: customer’s email address and/or other identifier that the merchant uses to identify this customer Output: customer profile ID • • • • • • • The customer logs on to the merchant website The merchant calls Authorize.Net API method GetHostedProfilePageRequest to get a token − Inputs: customer profile ID and a list of settings that control how the customer interacts with the Authorize.Net page. See Guidelines for Settings Parameters for a description of the settings. − Output: token (expires in 15 minutes) The merchant displays a button on their website The customer clicks the button and is directed either to the Authorize.Net page, or the Authorize.Net page is opened within the merchant’s website as a lightbox popup with an iframe. The customer makes changes to their credit card information, eCheck.Net information, or shipping information The customer returns to the merchant website by clicking a button or closing the popup The merchant calls Authorize.Net API method GetCustomerProfileRequest to see what changes were made by the customer − Input: customer profile ID − Output: list of payment profiles with sensitive fields masked, list of shipping addresses Last revised: 5/24/2011 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 8 Merchant Web Services API • The merchant can call Authorize.Net API method CreateProfileTransaction at any time to charge the credit card (or eCheck.Net) Designing Your Web Page There are three ways to integrate: • The customer is directed to Authorize.Net to manage payments and shipping all on one page. For a sample, see “Example of a redirect to the hosted page:” on page 10. • Open a lightbox popup with an iframe within your page to manage payments and shipping all within one popup • Open a lightbox popup with an iframe within your page for adding or editing individual payment profiles and shipping addresses. Sample screens begin on page 13. Implementing a Redirect to Authorize.Net To implement hosted CIM access by means of a redirect to Authorize.Net, you need to include the following. Once you receive the token returned by the getHostedProfilePageResponse function call, put a hidden form somewhere on your page (the value for the token is the value returned by the function call). If you are using the test environment, replace secure.authorize.net/profile/manage with test.authorize.net/profile/manage. Example: opening a new page for the Authorize.Net hostAdd a button on your page that redirects the customer to Authorize.Net’s secure site. You can customize the text to say anything you want: In this example, the button with the text “Manage my payment and shipping information” directs the user to the Authorize.Net Customer Information Manager Hosted page, where they can: • • • Create a new payment profile Update or delete current credit card or bank information Enter a new shipping address Last revised: 5/24/2011 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 9 Section 2 Executing an API Call • Update or delete current shipping address When the customer has finished, a button on the bottom of the page returns them to the merchant’s website. The following image shows what the customer will see when they are connected to the Authorize.Net hosted page. Example of a redirect to the hosted page: Implementing an iframe popup To open the Authorize.Net hosted page in a popup inside your web page, do the following: • place an