views:

122

answers:

1

I'm a web developer looking to move a lot of clients to use authorize.net for their CC processing. I have used authorize.net once in PHP doing SIM integration for a simple site.

Now the problem is, some of our clients have established processes that takes the CC info from our site, and it goes through a fulfillment process outside the control of our site. In at least one case, the client uses the CC info to bill for shipping after it's packaged, long after it leaves our website, because of international rates.

The main reason of using authorize.net is security. We want to be PCI compliant so the idea is that the CC never even goes through our web server. It is entered on authorize.net and never leaves there. So I need to figure out the API to conduct this process.

So my question is, without ever handling the CC info, how do I create a "pending" transaction that takes the user's cc info at one point, and then has the cost updated at another point? I am picturing I will have to tell the client to log back into our site (or authorize.net) to update the cost of the order.

All I have found is this FAQ, my question is the same as the top, but it isn't clear if I have to keep the CC info to do this process, which I simply cannot do.

http://www.inventiveweb.com/RoboCharge/faq.htm

Can it be done?

A: 

OK they have great support at authorize.net and an excellent knowledge base. I bet their support guys just paste out of the database.

As outlined in the link above, if you know the high-end of the costs, you can pad, and do an AUTH_ONLY followed by a PRIOR_AUTH_CAPTURE.

As of now there is no API for this, but you can log into your authorize.net account and perform a re-bill. Transactions are stored for up to 90 days, so you can then issue a new transaction with a re-bill and you don't need the CC info.

The downside? A re-bill only works on a successfully settled transaction, and that takes 1-3 days.

tkotitan