User Manager/User payments

Supported payment methods

Authorize.Net (since version 2.9.40 or 3.0beta5) and PayPal (since version 2.9.41 or 3.0beta7) payments are supported.

Authorize.Net

Requirements

To allow Authorize.Net payments for users the following requirements must be met:

• User Manager v3.0 (or v2.9.x, >= 2.9.40) package installed on the router. See: Getting started;
• User Manager subscriber created (See: Getting started);
• Subscriber must have merchant account in Authorize.Net gateway;
• Web server on the router must be configured to support secure SSL connections (See HTTPS connection enabling);

Setup

Merchant account configuration

Relay URL

Relay URL list must either be empty or contain URL to the User Manager router. For example, if you are using userman.mt.lv as User Manager router, then Relay URL list must contain URL https://userman.mt.lv/ (works with and without trailing slash). Relay URL list can be configured in Authorize.Net merchant gateway under Account > Settings > Response/Receipt URLs

API Login ID

API Login ID is shown in Authorize.Net merchant gateway under Account > Settings > API Login ID and Transaction Key.

Transaction Key

Transaction Key can be obtained in Authorize.Net merchant gateway under Account > Settings > Obtain Transaction Key.

MD5-Hash value

MD5-Hash value can be set in Authorize.Net merchant gateway under Account > Settings > MD5-Hash.

Payment Form

Payment Form configuration can be found in Authorize.Net merchant gateway under Account > Settings > Payment Form. The look of this form is customizable here. While the only required fields for processing transaction are credit card number and expiration date, another fields are allowed to be shown in the form. Form customization is up to merchant.

Subscriber configuration

Subscriber attribute values can be edited using customer detail form in customer page.

Subscriber Authorize.Net attributes

Subscribers have a set of specific Authorize.Net attributes which must be configured properly to allow Authorize.Net payments:

• Only subscribers have Authorize.Net attributes, other customers don't;
• Attribute values can be changed only in customer web page, not in console. There is only possibility to change values, not to see them. As these attributes contain sensitive data, their values are encrypted on the router;
• Customer web page must be opened using secure SSL connection (https) to change attribute values;

All the attributes can be found in Authorize.Net attribute group:

1. "Allow Payments" must be checked to allow this payment method;
2. Login ID, Transaction Key and MD5 Value must have same values as set in Authorize.Net merchant gateway.

Other subscriber requirements

• Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amount for the payment;
• Correct currency must be specified for subscriber. If USD is accepted by Authorize.Net merchant, currency attribute can be left unchanged for subscriber:

• If users access User Manager page through a local IP address, public host attribute must be specified. It must contain a public address of User Manager router which is acceptable as Relay URL for Authorize.Net gateway (See: Authorize.Net Merchant account configuration). Domain name or IP address can be used. Only the address must be specified, not URL (for example, userman.mt.lv, not https://userman.mt.lv/ and not https://userman.mt.lv/userman):

Usage

• User can buy credits in User Manager page. First he/she has to log on the page. See: User page.

• Secure connection must be used for web page, so user has to use https://router_IP/user instead of http://router_IP/user (https instead of http).

• Payment section is available on main menu only if subscriber has allowed any payment method.

• To buy credit user chooses "Buy credit" from "Payments" section:

• If https connection is not used for web session, a message with error and link to https site will be opened:

• In this form user chooses credit he/she wishes to buy;

• Current balance is also shown:

• The only available payment method is at the moment Authorize.Net, but other methods are in development:

Payment method

• When the credit is chosen, "Buy" button must be pressed to start payment transaction:

• User is redirected to Authorize.Net gateway payment form, which should look similar to following:

• The actual look of this form can be configured in Authorize.Net merchant gateway

• User fills in credit card number and expiry date. Other fields are optional:

• User submits the form::

• The data is transmitted directly to Authorize.Net gateway via secure connection. Neither credit card number nor expiry date is submitted to User Manager router.

• Authorize.Net gateway processes the data and sends response to specified User Manager router. This response contains only data required to identify payment in User Manager and detect result status of transaction - was it successful or not. It does not contain any information about the user - credit card number, expiry date or other sensitive data.

• User Manager processes the response and updates payment record status;

• If the transaction was successful requested credit is added to user's account;

• A message describing payment result is shown to user:

• Click on the button redirects the user back to User Manager page:

• User is returned to payment section displaying table with payment history:

PayPal

Not supported at the moment, in development.

Related activities

HTTPS connection enabling

Creating certificate

Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign. An unsigned certificate can be generated by hand, for example, using command apache2-ssl-certificate on a Linux box;

Importing certificate

Certificate file can be then uploaded to the router and imported with command

/certificate import file-name=...

The command should return

    certificates-imported: 1
    private-keys-imported: 1
           files-imported: 1
      decryption-failures: 0
 keys-with-no-certificate: 0

If it doesn't, could happen that the file contains private key and certificate sections in incorrect order. In this situation the output should be

    certificates-imported: 1
    private-keys-imported: 0
           files-imported: 1
      decryption-failures: 0
 keys-with-no-certificate: 1

Just repeat the same command

/certificate import file-name=...

once again and the output should be this time

    certificates-imported: 0
    private-keys-imported: 1
           files-imported: 1
      decryption-failures: 0
 keys-with-no-certificate: 0

Now certificate is imported correctly and ready for use;

Enabling WWW SSL

SSL connections for WWW server can be enabled with command

/ip service set www-ssl disabled=no certificate=cert1

where cert1 must be replaced by a correct certificate name (from /certificate section)