User Manager/User payments

From MikroTik Wiki
Jump to navigation Jump to search

Supported payment methods

Authorize.Net (since version 2.9.40 or 3.0beta5) and PayPal (since version 2.9.41 or 3.0beta6) payments are supported.

Authorize.Net

Authorize.Net requirements

To allow Authorize.Net payments for users the following requirements must be met:

Authorize.Net setup

Authorize.Net merchant account configuration

Relay URL

Relay URL list must either be empty or contain URL to the User Manager router. For example, if you are using userman.mt.lv as User Manager router, then Relay URL list must contain URL https://userman.mt.lv/ (works with and without trailing slash). Relay URL list can be configured in Authorize.Net merchant gateway under Account > Settings > Response/Receipt URLs

API Login ID

API Login ID is shown in Authorize.Net merchant gateway under Account > Settings > API Login ID and Transaction Key.

Transaction Key

Transaction Key can be obtained in Authorize.Net merchant gateway under Account > Settings > Obtain Transaction Key.

MD5-Hash value

MD5-Hash value can be set in Authorize.Net merchant gateway under Account > Settings > MD5-Hash.

Payment Form

Payment Form configuration can be found in Authorize.Net merchant gateway under Account > Settings > Payment Form. The look of this form is customizable here. While the only required fields for processing transaction are credit card number and expiration date, another fields are allowed to be shown in the form. Form customization is up to merchant.

Authorize.Net subscriber configuration

Subscriber attribute values can be edited using customer detail form in customer page.

Subscriber Authorize.Net attributes

Subscribers have a set of specific Authorize.Net attributes which must be configured properly to allow Authorize.Net payments:

  • Only subscribers have Authorize.Net attributes, other customers don't;
  • Attribute values can be changed only in customer web page, not in console. There is only possibility to change values, not to see them. As these attributes contain sensitive data, their values are encrypted on the router;
  • Customer web page must be opened using secure SSL connection (https) to change attribute values;

All the attributes can be found in Authorize.Net attribute group: Authorize.Net attribute group

  1. "Allow Payments" must be checked to allow this payment method;
  2. Login ID, Transaction Key and MD5 Value must have same values as set in Authorize.Net merchant gateway.
Other subscriber requirements
  • Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amount for the payment;
  • Correct currency must be specified for subscriber. If USD is accepted by Authorize.Net merchant, currency attribute can be left unchanged for subscriber:

Subscriber's currency

Subscriber's public host

Authorize.Net usage

  • Payment section is available on main menu only if subscriber has allowed any payment method.
  • To buy credit user chooses "Buy credit" from "Payments" section:

Buy credit

  • If https connection is not used for web session, a message with error and link to https site will be opened:

Warning about https

User chooses credit

  • Current balance is also shown:

Current balance

  • User chooses Authorize.Net as payment method:

Payment method

  • When the credit is chosen, "Buy" button must be pressed to start payment transaction:

Buy button

  • User is redirected to Authorize.Net gateway payment form, which should look similar to following:

Authorize.Net Payment form

  • User fills in credit card number and expiry date. Other fields are optional:

Authorize.Net Payment form filled

Authorize.Net Payment form submit

  • The data is transmitted directly to Authorize.Net gateway via secure connection. Neither credit card number nor expiry date is submitted to User Manager router.
  • Authorize.Net gateway processes the data and sends response to specified User Manager router. This response contains only data required to identify payment in User Manager and detect result status of transaction - was it successful or not. It does not contain any information about the user - credit card number, expiry date or other sensitive data.
  • User Manager processes the response and updates payment record status;
  • If the transaction was successful requested credit is added to user's account;
  • A message describing payment result is shown to user:

Payment successful

Payment finished, return button

Payment history table

PayPal

PayPal requirements

To allow PayPal payments for users the following requirements must be met:

  • User Manager v3.0 (>= 3.0beta6) or v2.9.x (>= 2.9.41) package installed on the router. See: Getting started;
  • User Manager subscriber created (See: Getting started);
  • Subscriber must have merchant PayPal account;
  • Web server on the router must be configured to support secure SSL connections (See HTTPS connection enabling);
  • HotSpot router should contain entries in 'walled-garden to User Manager router and paypal webpage,
/ ip hotspot walled-garden ip add dst-address=x.x.x.x action=accept 

where x.x.x.x is address of User-Manager server,

/ ip hotspot walled-garden add dst-host=:^www\\.paypal\\.com\$ dst-port=443 action=allow 
/ ip hotspot walled-garden add add dst-host=:^content\\.paypalobjects\\.com\$ dst-port=443 action=allow 

These two entries are used to allow access to Paypal system.

PayPal setup

PayPal merchant account configuration

Basically there is no specific PayPal account configuration that must be done. The only requirement is to have PayPal account which is allowed to receive money.

Warning! User Manager accepts payment as successful only when it receives status "Completed" from PayPal gateway. If the status is "Pending" and some manual operations must be done by merchant (or the merchant has not verified the account) to accept payment, the credit will be transfered to User Manager user account only when the payment will be accepted.

PayPal subscriber configuration

Subscriber attribute values can be edited using customer detail form in customer page.

Subscriber PayPal attributes

The only PayPal attribute subscribers have is business login. It is the login (usually an email address) merchants use to log on their account. Only subscribers have this business login, other customers don't;

All the attributes can be found in PayPal attribute group:

PayPal attribute group

  1. "Allow Payments" must be checked to allow this payment method;
  2. Login (email) must be the PayPal merchant account login.
Other subscriber requirements
  • Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amount for the payment;
  • Correct currency must be specified for subscriber. If USD is accepted by PayPal merchant, currency attribute can be left unchanged for subscriber:

Subscriber's currency

  • If users access User Manager page through a local IP address, public host attribute must be specified. It must contain a public address of User Manager router which is acceptable as response URL for PayPal gateway (PayPal will send payment result to this address). Domain name or IP address can be used. Only the address must be specified, not complete URL (for example, userman.mt.lv, not https://userman.mt.lv/ and not https://userman.mt.lv/userman):

Subscriber's public host

PayPal usage

  • Payment section is available on main menu only if subscriber has allowed any payment method.
  • To buy credit user chooses "Buy credit" from "Payments" section:

Buy credit

  • If https connection is not used for web session, a message with error and link to https site will be opened:

Warning about https

User chooses credit

  • Current balance is also shown:

Current balance

  • User chooses PayPal as payment method:

Payment method

  • When the credit is chosen, "Buy" button must be pressed to start payment transaction:

Buy button

  • User is redirected to PayPal gateway payment form, which should look similar to following:

PayPal Payment form

  • User logs on to the account. Payment is now displayed with the Pay button:

PayPal Payment form, user logged in

  • When user presses Pay button, PayPal starts to process data. On successful payment result page is displayed:

PayPal success page

  • This page contains button "Return to merchant" pressing which returns user to User Manager payment history page:

Payment history table


  • The data is transmitted directly to PayPal gateway via secure connection. Neither credit card number nor expiry date is submitted to User Manager router.
  • PayPal gateway processes the data and after that sends response to specified User Manager router. It may take time, usually not more than one minute. That means that payment may have status "Started" for a few seconds, the status is updated only when PayPal sends response to User Manager.
  • PayPal response contains only data required to identify payment in User Manager and detect result status of transaction - was it successful or not. It does not contain any information about the user - credit card number, expiry date or other sensitive data.
  • User Manager processes the response and updates payment record status;
  • If the transaction was successful requested credit is added to user's account;

PayPal chargeback

When a payment changes status from "Approved" to "Aborted" (For example, "Reversed") User Manager tries to remove credit bought for this money. This is however possible only if the two following requirements are met:

  • The credit is not started yet;
  • The credit is last for current user, i.e., no other credit is bought after this one.

Related activities

HTTPS connection enabling

Creating certificate

Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign. An unsigned certificate can be generated by hand, for example, using command apache2-ssl-certificate on a Linux box;

Importing certificate

Certificate file can be then uploaded to the router and imported with command

/certificate import file-name=...

The command should return

    certificates-imported: 1
    private-keys-imported: 1
           files-imported: 1
      decryption-failures: 0
 keys-with-no-certificate: 0

If it doesn't, could happen that the file contains private key and certificate sections in incorrect order. In this situation the output should be

    certificates-imported: 1
    private-keys-imported: 0
           files-imported: 1
      decryption-failures: 0
 keys-with-no-certificate: 1

Just repeat the same command

/certificate import file-name=...

once again and the output should be this time

    certificates-imported: 0
    private-keys-imported: 1
           files-imported: 1
      decryption-failures: 0
 keys-with-no-certificate: 0

Now certificate is imported correctly and ready for use;

Enabling WWW SSL

SSL connections for WWW server can be enabled with command

/ip service set www-ssl disabled=no certificate=cert1

where cert1 must be replaced by a correct certificate name (from /certificate section)