Building a small shop - payment gateway best practice?
Hi,
First of all, merry X-Mas to everyone!
I am building a small shop (Yes! getting bored when I'm not fiddling with C#/umbraco) and now I'm at a point where I need to decide how to implement the shop <-> payment gateway communication. At first, this is pretty straightforward:
Person A completes shopping with items in the basket. Payment gateway needs an order id, currency, amount etc. passed to it. Person A enters credit card-information and the gateway verifies the information. Person A is redirected back to the shop and order information is saved to the database and Person A gets a mail.
But what happens if there is Person B doing the same in the exact same moment? Then the shop assigns the same order id as the one Person A has, which in turn will lead to an error at the gateway because it requires an unique orderid. My customers will most likely want to match the orderid in the shop and at the payment gateway, so this must match.
I've thought about saving order information in a temporary table when the customer is leaving the shop to go to the payment gateway and then pass a unique key. Once the customer has completed the payment stop, then match the unique key and the orderid which is passed back to the shop when payment is completed with the same key in the database. But I'm still having trouble finding the best solution to this potential problem.
I don't see much alternative to either assigning a random unique order id or logging all cart contents in a temporary table and using the id of this table as the order id. I've used both with success in the past, but most of my shopping solutions have been pretty small scale, so perhaps there's a neater enterprise level concept that I'm not familiar with?
How about updating the current Umbraco shopping packages rather than starting from scratch? Obviously it's completely up to you, but there are a couple of shop packages in the repository which are in need of an upgrade or two, so it could be a good use of time?
I have developed a site that integrates with HSBC directly as they have their own API rather than through a payment gateway.
It too requires a unique orderID. The way my system worked was to have an order table with the orderID field as an identiy column, so SQL Server takes care of the unique allocation. You could do similar, even if it's just to create the id.
The API I worked with also required a hash based on the orderID, time and date. so a salted hash might be abother way of doing it..
Most e-commerce solutions i've worked with do something like the following
- Annoymous user visits site, and add "goldfish" to basket - Cooke is created with guid "12345" - insert into order (userGuid = 12345", orderStatus = 'basket') = returns OrderId "1111" - insert into orderItem (orderid = 1111, product = goldfish) - user click on payment and enters their details and logins - add/create new user match userGuid = 12345 with UserId ( check if this user already has a userGuid and maybe add some logic here ) - insert into order ( orderStatus = pending) - get confirmation from gate way - insert into order ( orderStatus = success/failure)
see if you get you hands on the previous version of dash commerce. if has this database structure. Also a handle Subsonic data access layer.
Hi guys - thanks for your replies :) I think I'm going to use a combo of Petr and Anthonys solutions. Then I'll setup a task to clear the pending order table once in while.
Dan: Previously I've done 2 implementations with the old Ecommerce shopping package and did one test with Paul Sterlings Commerce for Umbraco, while both are great packages, I must admit that when it comes to supporting my customers it's less difficult to provide support if I know every bit of the system rather than having to provide support for a relatively huge package such as Commerce for Umbraco (which is based on Dash Commerce). I am not building from scratch, I'm adding features at the moment (like the payment gateway integration etc.)
FWIW - *most* commerce systems assign an order id to every order whether or not the order is complete (i.e. paid). Often the use of order status determines when an order is complete. So you may have status as:
actually the dashcommerce world has gone a bit pear shaped. You could look into mvc storefront. Obviously it's mvc, but it looks like it has a fairly nice domain model behind it. There's a series on asp.net. Very beta, but could be good starting point.
Building a small shop - payment gateway best practice?
Hi,
First of all, merry X-Mas to everyone!
I am building a small shop (Yes! getting bored when I'm not fiddling with C#/umbraco) and now I'm at a point where I need to decide how to implement the shop <-> payment gateway communication. At first, this is pretty straightforward:
Person A completes shopping with items in the basket. Payment gateway needs an order id, currency, amount etc. passed to it. Person A enters credit card-information and the gateway verifies the information. Person A is redirected back to the shop and order information is saved to the database and Person A gets a mail.
But what happens if there is Person B doing the same in the exact same moment? Then the shop assigns the same order id as the one Person A has, which in turn will lead to an error at the gateway because it requires an unique orderid. My customers will most likely want to match the orderid in the shop and at the payment gateway, so this must match.
I've thought about saving order information in a temporary table when the customer is leaving the shop to go to the payment gateway and then pass a unique key. Once the customer has completed the payment stop, then match the unique key and the orderid which is passed back to the shop when payment is completed with the same key in the database. But I'm still having trouble finding the best solution to this potential problem.
Thanks,
Simon
Hi Simon,
I don't see much alternative to either assigning a random unique order id or logging all cart contents in a temporary table and using the id of this table as the order id. I've used both with success in the past, but most of my shopping solutions have been pretty small scale, so perhaps there's a neater enterprise level concept that I'm not familiar with?
How about updating the current Umbraco shopping packages rather than starting from scratch? Obviously it's completely up to you, but there are a couple of shop packages in the repository which are in need of an upgrade or two, so it could be a good use of time?
Good luck with it anyhow, and merry xmas to all.
Merry Christmas/New Year period,
I have developed a site that integrates with HSBC directly as they have their own API rather than through a payment gateway.
It too requires a unique orderID. The way my system worked was to have an order table with the orderID field as an identiy column, so SQL Server takes care of the unique allocation. You could do similar, even if it's just to create the id.
The API I worked with also required a hash based on the orderID, time and date. so a salted hash might be abother way of doing it..
Good luck
Jay
In similar situation I use guid instead of integer as primarykey (order id), and have no problems with concurrency.
Most e-commerce solutions i've worked with do something like the following
- Annoymous user visits site, and add "goldfish" to basket
- Cooke is created with guid "12345"
- insert into order (userGuid = 12345", orderStatus = 'basket') = returns OrderId "1111"
- insert into orderItem (orderid = 1111, product = goldfish)
- user click on payment and enters their details and logins
- add/create new user match userGuid = 12345 with UserId ( check if this user already has a userGuid and maybe add some logic here )
- insert into order ( orderStatus = pending)
- get confirmation from gate way
- insert into order ( orderStatus = success/failure)
see if you get you hands on the previous version of dash commerce. if has this database structure. Also a handle Subsonic data access layer.
Hi guys - thanks for your replies :) I think I'm going to use a combo of Petr and Anthonys solutions. Then I'll setup a task to clear the pending order table once in while.
Dan: Previously I've done 2 implementations with the old Ecommerce shopping package and did one test with Paul Sterlings Commerce for Umbraco, while both are great packages, I must admit that when it comes to supporting my customers it's less difficult to provide support if I know every bit of the system rather than having to provide support for a relatively huge package such as Commerce for Umbraco (which is based on Dash Commerce). I am not building from scratch, I'm adding features at the moment (like the payment gateway integration etc.)
Happy new year to all btw. :)
FWIW - *most* commerce systems assign an order id to every order whether or not the order is complete (i.e. paid). Often the use of order status determines when an order is complete. So you may have status as:
and so on.
-Paul
actually the dashcommerce world has gone a bit pear shaped. You could look into mvc storefront. Obviously it's mvc, but it looks like it has a fairly nice domain model behind it. There's a series on asp.net. Very beta, but could be good starting point.
is working on a reply...