Configuring Authorize.net for the E-Commerce App

Configure the Authorize.net payment gateway for E-Commerce.

Last Updated

March 26th, 2019

Reading Time

4 min

User Level

Introduction

The Authorize.net payment gateway is an authorized payment gateway for the E-Commerce App on your LMS. Docebo’s integration with Authorize.net is based on the SIM method (Server Integration Method). Please refer to this link for more information. Please note that in order to use this system, you need a valid merchant account on Authorize.net.

Begin by logging into your platform as the Superadmin, then access the Admin Menu from the gear icon in the top right corner and press the Manage item in the E-Commerce section. Select the Authorize.net tab. Flag the Enable Authorize.net payment gateway option to enable this payment gateway in your platform. Then, use the corresponding text boxes to fill in the Login ID, transaction key, and the SHA2 Hash. These values authenticate you as an authorized merchant when submitting transaction requests.

You can test the configuration before using the real environment, by selection the option to enable the sandbox mode. Press Save Changes when finished.

Please note that some currencies supported by Docebo may not be accepted by Authorize.net, so remember to check if your currency is supported by both systems before proceeding. Find here the complete list of the currencies supported by Docebo.

Obtaining the Login ID and the Transaction Key

The Login ID is a complex value that is at least eight characters in length, includes uppercase and lowercase letters, numbers, and/or symbols, and identifies your account to the payment gateway. It is not the same value as your login ID for logging into the Merchant Interface, as the two values perform different functions. The Login ID is used by Docebo to communicate with the payment gateway to submit transactions. It is only used for Docebo’s connection to the payment gateway.

The Transaction Key is a 16-character alphanumeric value that is randomly generated in the Merchant Interface. It works in conjunction with your Login ID to authenticate you as an authorized user of the Authorize.Net Payment Gateway when submitting transactions from Docebo.

In order to obtain these values, log in to the Merchant Interface at https://account.authorize.net, select Settings under the Account area in the main menu and click on API Credentials & Keys in the Security Settings section.

If you have not already obtained an Login ID and Transaction Key for your account yet, you will need to enter the secret answer to the secret question you configured during account activation process. Press Submit to terminate.

Please note that the Transaction Key for your account is displayed on a confirmation page. Once you navigate away from the confirmation page, there is no other way to access the Transaction Key in the your merchant interface.

You will have to generate a new Transaction Key. It is highly recommended that you create a new Transaction Key regularly (i.e. every six months) to strengthen the security of your payment gateway account. You then need to save the new Transaction Key in the the corresponding area in your LMS to update integration code. Failure to do so will result in a disruption in transaction processing.

Setting the SHA2 Hash

The SHA2 Hash feature allows you to confirm that transaction responses are securely received from Authorize.net. The SHA2 Hash corresponds to the Signature Key generated in Authorize.net. In order to generate it, log in to the Merchant Interface at https://account.authorize.net, select Settings under the Account area in the main menu and click on API Credentials & Keys in the Security Settings section.
Move to the Create New Key(s) section and generate a new key by answering the secret question, selecting the New Signature Key option and clicking Submit. Store the obtained value securely, and insert it in the Hash field, in your LMS.
Please note that when using the Copy to Clipboard functionality in Authorize.net, the Signature Key may be copied with blanks at the beginning. Make sure you delete them, and that the signature key does not include other blanks or special characters for a proper configuration and payment processing. As an option, you can disable the old signature key immediately.

Configuring the Relay Response URL in Authorize.net

Finally, configure the Response URL. To do so, access the Account Tab. In the Transaction Format Settings, click on Response/Receipt URLs. Set the Default Receipt URL by pressing Edit in the corresponding line and by entering the URL of your platform; this configuration is mandatory. The Default Relay Response URL is optional but we suggest you configure it if the business logic you implemented in Authorize.net allows you to do so. Remember that once you enter Default Relay Response URL, you will not be able to modify it.

For those using the 7.0 theme with a custom domain, remember to insert your custom domain URL. For those using the 6.9 theme, always use the docebosaas URL. Use the examples below for guidance (note that anything in brackets will need to be replaced with your own LMS information):

– Custom Domain (7.0 theme): https://[custom_domain]/ecommerce/v1/authorizedotnet/relay_response

– Standard Domain (7.0 theme): https:///[mylms].docebosaas.com/ecommerce/v1/authorizedotnet/relay_response

– Multidomain (7.0 theme): https://[mylms].docebosaas.com/[multidomainfoldername]/ecommerce/v1/authorizedotnet/relay_response

– Custom Domain (6.9 theme): https://[mylms].docebosaas.com/lms/index.php?r=cart/authnetRelayResponse

– Multidomain (6.9 theme): https://[mylms].docebosaas.com/[multidomainfoldername]/lms/index.php?r=cart/authnetRelayResponse

Note on the MD5 Hash End of Life

Authorize.net introduced the SHA2 encryption algorithm on January 29, 2019, and will deprecate the MD5 Hash algorithm at the end of June 2019, as scheduled in the timeline available here. For existing integrations, your integration will still continue working without any interruptions at this time, and your Signature Algorithm will be set to MD5. Existing keys will still be encrypted with MD5 Hash, but we suggest you to switch to SHA2 as soon as possible. Please note that even if the Docebo interface allows you to roll back to MD5 after switching to SHA2, Authorize.net does not, and the roll back would cause keys mismatch.