Authorize.Net Directpost is Overly Complex

One of the necessary evils that every ecommerce website that wants to accept credit card transactions must deal with is some sort of payment processing company. It just so happens that Authorize.net is one of the largest payment processors around, and they allow you to choose from a few different ways to integrate their payment processing functionality into your website. One of their ways is via DirectPost, which allows an eCommerce website to process a credit card transaction without the credit card information ever being sent through the website’s servers.

While the ability to ensure that no credit card information passes through your website is useful for PCI compliance and the ability to lower the potential losses in the event of a hack like the ones that have affected Sony, Home Depot, and Target among others. The implementation of this payment method is less than ideal, especially if you are utilizing Magento as your eCommerce platform. With Magento, the credit card information is entered into a form that is contained in an iFrame that originates on Authorize.net’s servers. Once the order is ready to be submitted, JavaScript triggers the form submission to a completely separate domain with a target on the form of a reloaded iFrame.

When the response from Authorize.net returns, an error may be displayed for credit card verification issues as well as many other reasons. Unfortunately, due to the nature of this iFrame’s content originating in another domain, any attempt via JavaScript to try to inspect what the content is or modify it is blocked by the browser as a part of the browser’s cross site scripting, or XSS, protections. As a result, the only way that you know that something is loaded in the iFrame is that you are able to successfully listen for the onLoad event for the iFrame and respond to it accordingly.

Many times the response that is rendered in the iFrame contains a redirection URL that redirects the browser to the checkout success page. Other responses will display a standard error message. However, this all relies upon Authorize.Net to be able to successfully validate and authorize the credit card payment information. If there is an error which would typically throw an HTTP 50X error and that message is returned to the user’s browser, there is no way of knowing what was returned to the iFrame since the JavaScript in the browser is unable to access it.

Although the DirectPost functionality provided by Authorize.Net holds great promise, there have been reports on Stack Exchange and elsewhere that users regularly have issues with DirectPost, and many developers that have attempted to implement it on their sites have tried and failed, instead turning back to much simpler Credit Card Processing processes.

Tags:

Related Posts

Mar 31, 2014
2 minutes

JavaScript Templating

Many times it becomes useful to be able to make an AJAX request for some data, insert it into some HTML that is already on the client, and then display it to the user. There are a few ways to implement this, each approach has its benefits and drawbacks.

String Concatenation

Possibly the simplest way to accomplish the templating in JavaScript is to use simple string concatenation with ‘+’. This is the approach that I see many newcomers to JavaScript use in their code, as it is the simplest to implement. However, it does have a major drawback in that this method has the worst performance of all, especially in older versions of Internet Explorer. This could be implemented as below:

#javascript
Read More
Jan 5, 2015
3 minutes

Let's talk about equality

Equality has been a major topic of discussion over the last few weeks. Whenever this topic comes up, I am always suprised how limited many people’s knowledge about true equality is. Relax everyone, I am talking about equality operators in JavaScript, and not the topic of national discussion recently.

Thinking back to some interviews I have been a part of recently, it became extremely obvious how little most Front End Web Developers know about the JavaScript equaltiy operators. You got that right, I said “operators” because there are two operators that test for equality between two objects, == and ===.

#javascript #web-development
Read More
Mar 30, 2014
2 minutes

Login Problems with Magento and Varnish

When you have a Magento website configured to use Varnish as a caching frontend, there are certain scenarios where you may have some problems logging-in to the frontend of the website. It poses some unique problems that are not frequently seen on a typical website. This issue typically manifests itself to the end user by visiting the login page, entering the correct credential, submitting the form, and then the page reloads the login page again instead of redirecting to the My Account page or whatever page is specified in the configuration.

#magento #varnish
Read More