Skip to main content

A simple interface to Authorize.Net's AIM API

Project description

Authorize.Net provides credit card (henceforth “CC”) processing via a protocol on top of HTTPS. Authorize.Net’s customers are “merchants”. The merchant is the entity accepting a CC as payment. This package provides a simple interface to Authorize.Net’s “Advanced Integration Method” (AIM).

Several terms used in this document:

  • authorize: check validity of CC information and for sufficient balance
  • capture: the approval of transfer of funds from the CC holder to the merchant
  • settlement: the actual transfer of funds from the CC holder to the merchant
  • credit: issuing a refund from the merchant to the card holder
  • voiding: canceling a previous transaction

Settlement is performed in daily batches. The cut-off time for which is specified in the merchant’s settings available on the Authorize.Net merchant interface.

There are many other settings which can be configured via the merchant interface, but this module attempts to work independently of most of them. Where specific settings are required they will be marked with the phrase “required merchant interface setting”.

Transaction Keys

Each AIM transaction must be accompanied by a merchant login and a “transaction key”. This key is obtained from the merchant interface. After importing the CcProcessor class you must pass it your login and transaction key:

>>> from zc.authorizedotnet.processing import CcProcessor
>>> from import (AMEX, DISCOVER, MASTERCARD,
...                            VISA, UNKNOWN_CARD_TYPE)
>>> cc = CcProcessor(server=SERVER_NAME, login=LOGIN, key=KEY)


To authorize a charge use the authorize method. It returns a Transaction object.

>>> result = cc.authorize(amount='2.00', card_num='4007000000027',
...                       exp_date='0530')

The result object contains details about the transaction.

>>> result.response
>>> result.response_reason
'This transaction has been approved.'
>>> result.approval_code
>>> auth_trans_id = result.trans_id
>>> result.trans_id

When the card_num is sent in, the result also contains the type of credit card:

>>> result.card_type == VISA

If no credit card number is provided, card_type is None:

>>> result2 = cc.authorize(amount='2.00', exp_date='0530')
>>> result2.card_type == None
>>> result2 = cc.authorize(amount='2.00', card_num='', exp_date='0530')
>>> result2.card_type == None

Capturing Authorized Transactions

Now if we want to capture the transaction that was previously authorized, we can do so.

>>> result = cc.captureAuthorized(trans_id=result.trans_id)
>>> result.response

Credit (refund) transactions

A previosly credited transaction can be refunded. The amount of the refund cannot exceed the amount captured. At least the last four digits of the credit card number must be provided, along with the transaction id.

Credit will only work when the transaction has been settled by the banks, that is if we try refunding immediately, it will fail:

>>> result =,
...                    card_num='4007000000027',
...                    exp_date='0530',
...                    amount='1.00',
...                    )
>>> result.response_reason
'The referenced transaction does not meet the criteria for issuing a credit.'
>>> result.response

Voiding Transactions

If we need to stop a transaction that has not yet been completed (like the crediting of the captured transaction above) we can do so with the void method.

>>> result = cc.void(trans_id=auth_trans_id)
>>> result.response

Transaction Errors

If something about the transaction is erroneous, the transaction results indicate so.

>>> result = cc.authorize(amount='2.50', card_num='4007000000027',
...                       exp_date='0599')

The result object reflecs the error.

>>> result.response
>>> result.response_reason
'The credit card has expired.'

The valid values for the response attribute are ‘approved’, ‘declined’, and ‘error’.

Address Verification System (AVS)

AVS is used to assert that the billing information provided for a transaction must match (to some degree or another) the cardholder’s actual billing data. The gateway can be configured to disallow transactions that don’t meet certain AVS criteria.

>>> result = cc.authorize(amount='27.00', card_num='4222222222222',
...                       exp_date='0530', address='000 Bad Street',
...                       zip='90210')
>>> result.response
>>> result.response_reason
'The transaction resulted in an AVS mismatch...'

Duplicate Window

The gateway provides a way to detect and reject duplicate transactions within a certain time window. Any transaction with the same CC information (card number and expiration date) and amount duplicated within the window will be rejected.

The first transaction will work.

>>> result = cc.authorize(amount='3.00', card_num='4007000000027',
...                       exp_date='0530', invoice_num='123')
>>> result.response

A duplicate transaction will fail with an appropriate message.

>>> result2 = cc.authorize(amount='3.00', card_num='4007000000027',
...                       exp_date='0530', invoice_num='123')
>>> result2.response
>>> result2.response_reason
'A duplicate transaction has been submitted.'

Similar transactions can be unaliased by including a unique invoice_num field:

>>> result3 = cc.authorize(amount='3.00', card_num='4007000000027',
...                        exp_date='0530', invoice_num='124')
>>> result3.response

The default window size is 120 seconds, but any other value (including 0) can be provided by passing duplicate_window to the transaction method.

>>> cc.captureAuthorized(trans_id=result.trans_id).response
>>> cc.captureAuthorized(trans_id=result.trans_id).response_reason
'This transaction has already been captured.'
>>> cc.captureAuthorized(trans_id=result.trans_id, duplicate_window=0
...                     ).response

But voiding doesn’t report errors if the same transaction is voided inside the duplicate window.

>>> cc.void(trans_id=result.trans_id).response
>>> cc.void(trans_id=result.trans_id).response

Line items

An itemized listing of the order can be included in the authorization data as a sequcence of sequences.

>>> result = cc.authorize(amount='2.98', card_num='4007000000027',
...                       exp_date='0530',
...                       line_items=[
...                       # id  name      description qty  unit price tax
...                       ('1', 'G-1000', 'Gadget',   '1', '1.99',    'Y'),
...                       ('2', 'A-150',  'Accessory','1', '0.99',    'Y'),
...                       ])
>>> result.response

the result will have a card_type attribute.

>>> result.card_type == VISA

The MD5 Hash Security Feature

Authorize.Net provides for validating transaction responses via an MD5 hash. The required merchant interface setting to use this feature is under “Settings and Profile” and then “MD5 Hash”. Enter a “salt” value in the fields provided and submit the form. You may then provide the salt parameter to the CcProcessor constructor to enable response validation.

WARNING: The format of the “amount” field is very important for this feature to work correctly. The field must be formatted in the “canonical” way for the currency in use. For the US dollar that means no leading zeros and two (and only two) decimal places. If the amount is not formatted properly in the request, the hashes will not match and the transaction will raise an exception.

If you want to enable hash checking, provide a salt value to the CcProcessor constructor. If an incorrect salt value is used, or the hash given in the transaction doesn’t match the true hash value an exception is raised.

>>> cc = CcProcessor(server=SERVER_NAME, login=LOGIN, key=KEY,
...                  salt='wrong')
>>> result = cc.authorize(amount='10.00', card_num='4007000000027',
...                       exp_date='0530')
Traceback (most recent call last):
ValueError: MD5 hash is not valid (trans_id = ...)

Error Checking

If you don’t pass a string for the amount when doing an authorization, an exception will be raised. This is to avoid charging the wrong amount due to floating point representation issues.

>>> cc.authorize(amount=5.00, number='4007000000027', expiration='0530')
Traceback (most recent call last):
ValueError: amount must be a string

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for zc.authorizedotnet, version 1.3.1
Filename, size File type Python version Upload date Hashes
Filename, size zc.authorizedotnet-1.3.1.tar.gz (9.5 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page