Slide 1

Developing Custom Payment Gateway4/19/2012Miro Remias, Solution Architect1PayPal,Authorize.NET,Customer Credit, ? Custom Payment Gateway,

Market Place:E-way,PayPal Payflow Pro,Built-in Payment Gateways

1SQL DatabaseCheckout stepsKenticoSave orderBuyer(s)

Update result

PaymentproviderHTTP(S) POSTRedirectRedirect (optional)A)B)Payment Notification

Payment gateway class, payment gateway form (1)Payment result (2)Payment Notification (3)Security (4)Real world example - DEMO

Agenda2Update result2

PN page

Thank you page

3Confirmation (optional)Authorize.NETPayPal

(1) Payment Gateway ClassAPICMS.EcommerceProvider.CMSPaymentGatewayProviderShoppingCartControl (ShoppingCart)ShoppingCartInfoObj (ShoppingCartInfo)OrderId (int)PaymentResult (PaymentResultInfo)IsPaymentCompleted (bool) PaymentResult.PaymentIsCompletedAddCustomData() - CMSPaymentGatewayForm control is added to the payment data container and its data are loaded.RemoveCustomData() - All controls from payment data container are removed.ValidateCustomData() - CMSPaymentGatewayForm control data are validated.ProcessCustomData() - CMSPaymentGatewayForm data are processed. ShoppingCartInfoObj.PaymentGatewayCustomData (Hashtable)ProcessPayment() - Override this method to process payment by your payment processor.GetPaymentDataForm() - Override this method to get your own payment gateway form.(static)GetPaymentGatewayProvider(int paymentOptionId) Loads payment gateway.UpdateOrderPaymentResult() - Updates order payment result in database.OrderIdPaymentResult

(1) Payment Gateway Form APICMS.EcommerceProvider.CMSPaymentGatewayFormShoppingCartControl (ShoppingCart)ShoppingCartInfoObj (ShoppingCartInfo)PaymentGatewayCustomData (Hashtable)LoadData() - Initializes form controls with customer payment dataCMSPaymentGatewayProvider.AddCustomData() - ShoppingCartPaymentGatewayValidateData() - Validates form data and returns error message if some error occursCMSPaymentGatewayProvider.ValidateCustomData() - ShoppingCartPaymentGatewayProcessData() - Process form data and returns error message if some error occursCMSPaymentGatewayProvider.ProcessCustomData() - ShoppingCartPaymentGatewayUI

(1) I Dont Need Payment Gateway Form

PaymentOptionInfo poi = PaymentOptionInfoProvider.GetPaymentOptionInfo(this.ShoppingCartInfoObj.ShoppingCartPaymentOptionID); if (poi != null && poi.PaymentOptionClassName.ToLower().Equals("worldpayprovider")) { this.ButtonNextClickAction(); } else { LoadData(); }APIShoppingCartPaymentGateway

API

CMS.Ecommerce.OrderInfo OrderPaymentResultCMS.Ecommerce.PaymentResultInfoPaymentDatePaymentMethodIDPaymentMethodNamePaymentIsCompletedPaymentStatusNamePaymentStatusCodePaymentTransactionIDLoadPaymentResultXml(string xml)

CMS.Ecommerce.OrderInfo OrderIsPaid

Note: You dont need to specify both value and item text if they are identical ((1) item text, (2) item value)

(2) Working With Payment Result Database

COM_Order [Table]OrderPaymentResult [Column]

COM_Order [Table]OrderIsPaid [Column](new from version 6.0)

// Create/address new/existing PaymentResultItemInfoPaymentResultItemInfo itemObj = EnsurePaymentResultItemInfo("verified", HEADER_VERIFIED);// PaymentResultItemInfo itemObj = GetPaymentResultItemInfo("verified");

if(itemObj != null){ // item.Name // item.Header item.Value = ""; item.Text = ""; }// Save new itemSetPaymentResultItemInfo(item);

APICMS.EcommerceProvider.CMSPaymentGatewayProviderOrderIdPaymentResultUpdateOrderPaymentResult()

(3) Payment NotificationPhysical page (.aspx) vs. virtual page (served by Kentico),PN page is not displaying anything - it should only process the received data,Common location: ~\CMSModules\Ecommerce\CMSPages\PN page needs to be accessible by public user,Compare order data (COM_Order) and secret (e.g. from settings) with payment gateway response/result data,Confirm payment with payment gateway (optional),Log any exceptions, error or suspicious behavior into Event log,Update order payment result,Confirmation e-mails are automatically sent,

int orderID = 5; // from responseint paymentOptionID = 6; // from order (based on orderID)// Load payment providerCMSPaymentGatewayProvider provider = (WorldPayProvider)CMSPaymentGatewayProvider.GetPaymentGatewayProvider(paymentOptionID);provider.OrderId = orderId;// Compare data // provider.PaymentResult = provider.UpdateOrderPaymentResult();(4) SecurityConsider using SSL (HTTPS) on shopping cart page when collecting sensitive information,Use POST instead of GET (redirect) if possible,Redirect/post with SSL (HTTPS),Do not send sensitive information as part of the URL (querystring),Verify data/integrity/result/etc. against some secret information,Dont save sensitive information in Kentico,Customer credit card etc.,Use payment gateway security features,Be paranoid!, Real World ExampleUnderstand how payment gateway works,Documentation,Develop payment gateway class, form, PN page etc.Take advantage of documentation examples,Provide your code from App_Code folder,No need to rebuild your DLL file when upgrading or applying hotfix,Use custom setting keys,CMS Site Manager -> Development -> Custom Settings (new from version 6.0),Register payment option (gateway) in Kentico,Assign it to some shipping option,Test and review the security, [DEMO]

Questions?

SourcesE-commerce Guidehttp://devnet.kentico.com/docs/ecommerceguide/index.htmlContactMiro Remiase-mail: miro@kentico.comconsulting: http://www.kentico.com/Support/Consulting/Overview