Knowledgebase
Home » Item #284
Can I integrate CactuShop with third party gateways myself?
Question
I am interested in using a different payment gateway to the ones you provide integration for as standard. Is it possible for me to integrate these into CactuShop myself?
Answer
Technically there is no reason why those with ASP development experience could not code the integration for CactuShop themselves. Several customers have done this already.
The best way to approach this is to analyze the system you intend using and compare it to those we already support. Payment systems generally operate in a similar way but all have unique features. The key is to use the existing scripts we provide as a base to simplify the process.
There are generally two types of gateway. AuthorizeNet AIM and Verisign Payflow Pro are 'server' type gateways. The actual payment form is hosted on your site, so you must have a secure certificate on your domain. The CactuShop scripts make a call to the gateway and get the response within a single script.
These types of gateway allow full integration with the site design, since the payment script is part of your site. However, the drawbacks are that it is more costly to set this kind of system up. Firstly, you need a secure certificate on the site itself - and with Payflow Pro, you also need to install a DLL (component) on your web server. Since most virtual (shared) hosting does not permit this, you will likely require a dedicated server. We would therefore only recommend these 'server' type methods to those with busy sites who can justify the additional set up cost.
All the other gateway integrations included with CactuShop are of the 'form' type. CactuShop routes the user off to the gateway's secure area to make the payment. The order is stored in the database prior to this, and a callback is made by the gateway to communicate the result of the card transaction to CactuShop. If it was successful, CactuShop tags the stored order as 'complete' by setting the ON_Sent field to 'y' (tblCactuShopOrderNumbers table) and confirmation mails are sent.
Note that card details are never entered on your site and the merchant will never see them or be able to access them.
We would suggest approaching any integration in the same way we do:
1. Analyze the new gateway's technical features and operation by reviewing the developer documentation they provide. If they offer different methods of integration, decide which of the above suits your site best - the 'server' type or the 'form' type approach.
2. Compare the chosen method to the gateways we already support and use these scripts as the basis for your development. For the most common 'form' type integrations, you will need to develop two scripts - a [gateway]_mailorder.asp script (which sends data to the gateway) and a [gateway]_callback.asp script which receives the transaction result from the gateway.
3. Some gateways have extra code you need to include - for example, MD5 hashes of order data that is passed in a field to the gateway to stop data tampering.
4. All our gateway support stores settings in special config settings, with unique settings for each gateway. We would suggest coding your scripts in the same way and create a new set of config settings for the gateway.
5. Once you have coded your scripts, you will need to test them. Most gateway vendors will set up test accounts, or set your account to test mode to allow you to pass dummy transactions and simulate successful and failed transactions.
6. If you get errors from the gateway, check the documentation from the gateway. Most developer guides have an appendix of error messages which should help track down the bugs.
Finally, we would again stress that integrating gateways is a fairly complex task. It takes time, an amount of web programming experience and a lot of patience and therefore we'd only recommend that experienced developers consider this option. We regret that we cannot tech support any customer modifications to CactuShop, including gateway support.