mojoPortal has the re-usable features of ecommerce built into the core so that they don't have to be re-implemented in each commerce enabled feature. The configuration settings in this article apply to all commerce enabled features. Currently mojoPortal supports accepting payments using Authorize.NET, PayPal, and Google Checkout.
Commerce Configuration is set at the site level so it is possible in some cases to have a single installation with more than one commerce enabled site, but there are limitations and this is not recommended. We recommend that if you are going to be doing ecommerce with your site, you make it a single site installation. Its important in most cases to have an SSL certificate installed on your site to do ecommerce though in some cases its possible to accept PayPal without having SSL on your site, it is not recommended.
Note that all the settings are prefixed with Site1-
In most cases this will be correct for a single site installation because the first site will typically have SiteID = 1, however you may want to verify your SiteID by looking in the mp_Sites table. If you SiteID is 2 then your prefix will be Site2- and so on depending on your SiteID.
Authorize.NET
Authorize.NET is a service that allows you to charge credit cards on your own site without redirecting the user elsewhere to complete the transaction. You absolutley must have an SSL certificate to use Authorize.NET because users will be entering sensitive data like their credit card number and billing address into your site. When you sign up for Authorize.NET, they will provide you with an API Login and an API Transaction Key. You will enter these values in the following settings which should go in your Web.config or user.config file, ideally user.config.
This setting determines whether to use the test server or the production server:
<add key="Site1-PaymentGatewayUseTestMode" value="false" />
These settings are where you put your API credentials for testing in the Authorize.NET sandbox. You will have different crednetials for production use:
<add key="Site1-AuthorizeNetSandboxAPILogin" value="" />
<add key="Site1-AuthorizeNetSandboxAPITransactionKey" value="" />
These settings are for your production Authorize.NET API credntials:
<add key="Site1-AuthorizeNetProductionAPILogin" value="" />
<add key="Site1-AuthorizeNetProductionAPITransactionKey" value="" />
PayPal Website Payments Pro
PayPal Website Payments Pro also allows you to charge credit cards right on your site using their DirectPay API calls. An SSL certificate is absolutely required to use DirectPay and there is also a charge to use PayPal Pro, $30/month as of 2008-07-24. Although the DirectPay API allows you to charge the card without the user leaving your site, to use DirectPay, you are also required to support PayPal ExpressCheckout (mojoPortal implements this). PayPal Express Checkout is a convenience for people who have a PayPal account that they want to pay with instead of entering a credit card on your site. The customer is redirected to PayPal where they do an initial authorization and are passed back to your site for final payment. This saves the user some time because they don't have to enter their shipping/billing info on your site as PayPal passes that data back to us. On our final checkout page its ok to add shipping or tax that we calculate from the shipping address and when the user clicks the final payment button we submit the adjusted amount back to PayPal.
This setting determines whether to use the test sandbox server or the production server:
<add key="Site1-PaymentGatewayUseTestMode" value="false" />
Note that we get different credentials for the sandbox and production environments.
<add key="Site1-PayPalSandboxAPIUsername" value="" />
<add key="Site1-PayPalSandboxAPIPassword" value="" />
<add key="Site1-PayPalSandboxAPISignature" value="" />
<add key="Site1-PayPalProductionAPIUsername" value="" />
<add key="Site1-PayPalProductionAPIPassword" value="" />
<add key="Site1-PayPalProductionAPISignature" value="" />
PayPal Website Payments Standard
PayPal Website Payments Standard allows users to pay with either their PayPal account or a credit card, but the payment happens on the PayPal site. If you use only PayPal Standard and no other payment options, then you can get away with not having an SSL certificate, because no sensitive information is entered directly in your site. PayPal passes a token back to our site then the mojoportal code uses that token to make a secure SSL request to PayPal to get the details. There is no monthly fee to use PayPal Standard so it is easy and affordable. mojoPortal implements both the Payment Data Transfer (PDT) and Instant Payment Notification (IPN) handlers so that we can know when the final payment has cleared. In most cases payment clears very quickly but if the user pays on PayPal using an echeck it can take longer.
<add key="Site1-PaymentGatewayUseTestMode" value="false" />
<add key="Site1-PayPalUsePayPalStandard" value="true" />
<add key="Site1-PayPalStandardSandboxEmail" value="" />
<add key="Site1-PayPalStandardSandboxPDTId" value="" />
<add key="Site1-PayPalStandardProductionEmail" value="" />
<add key="Site1-PayPalStandardProductionPDTId" value="" />
To use PayPal Standard you need to configure some settings in your PayPal Account profile. You specify AutoReturn as true, and you configure your PDT return url to:
http://yoursiteroot/Services/PayPalPDTHandler.aspx
and you specify your IPN url in the format:
http://yoursiteroot/Services/PayPalIPNHandler.aspx
Google Checkout
Google Checkout is another affordable way to accept credit card payments. Unlike PayPal, you can not use Google Checkout to take donations unless you have a valid 501(c)(3) tax exempt status clearly displayed to the public. You definitely should read the Google Checkout Content Policies, if you violate them your account could be suspended.
Customers are redirected to the google checkout site to make payment and they must have a google account to complete the transaction. If they don't already have a google account they will be prompted to create one. The mojoportal code makes a secure post from the web server to the google server with the order information and google responds by providing an url to redirect the customer to for checkout. The mojoportal code then redirects to the url provided by google. Google does not redirect the customer back to your site after completing the payment transaction, though they do provide a link back to your site that the customer can click.
Google sends the merchant an email whenever an order is received. Google also provides a set of web pages for managing your orders. You can see when the payment has cleared and you can click a button that indicates to google that you have fulfilled the order (ie shipped the order).
Use of the google checkout merchant web pages may be sufficient if you are physically shipping products, but since the WebStore feature in mojoPortal currently only supports download products, manually checking google pages and marking orders as fulfilled would be a less than desireable work flow. As soon as the payment is cleared we want the downloads for the order to be available to the customer immediately. So we have implemented support for the google checkout Notification API and partial support for the Order Processing API.
The Notification API is how google can automatically tell our site that the payment has cleared and the Order Processing API is how our site can tell google that the order has been fulfilled (ie downloads made available to the user). Use of the Notification API does require an SSL certificate, because google posts details about the order back to your site and they won't post it to an unsecured page. So to sell download products using google you really need an SSL certificate so that this can be automated. When the WebStore receives the notification from google that the customer payment has cleared, mojoportal code marks the order as fulfillable which makes the downloads available on the order detail page, then it posts to google to let them know the order is fulfilled/delivered so you don't have to do it manually, and it sends a confirmation email to the customer with a link to the order detail page which has links for the downloadable items in the order. You have to configure the url for notification in your google checkout account settings. The Url will be in the format:
https://yoursiteroot/Services/GCheckoutNotificationHandler.ashx
Here is a screen shot showing the place in your google checkout account where you will specify the notification url. Remember, for this to work you must have a valid SSL certificate signed by a trusted authority.
