First, what are payment gateways? Payment gateways are a pluggable system that allows you to interface with a payment provider to handle the secure payment transactions for whatever you are selling. Paypal or Authorize.net are good examples of payment providers. The systems that sends your orders off to your payment provider and brings them back to your site are called payment gateways. These gateways are all unique because they have very different features and requirements.
There are two kinds of payment methods that payment providers use: On-Site and Off-Site. Each of those are described below:
- On-Site: You can think of on-site payment as having the credit card field on your website. The software is specifically designed to not let you store that information, only to send it to a payment provider.
- Off-Site: This is the common form of payment where you send your user, with order details, off to another site that will process the transaction and then send them back (hopefully) to your site.
On-site Payment Methods
Example Payment Method - Drupal Commerce ships with an example payment method that is simply there for testing purposes to demonstrate how basic payment appears on the checkout form. It also shows how to integrate a submit form callback for the payment method that collects additional data related to the payment method during checkout.
Credit Card - The core Payment module includes a file of helper forms and functions for creating credit card payment method modules. Nothing in it allows for the storage of credit card data after the initial form submission. Instead, credit card payment method modules are responsible for immediately acting on the payment details input by the customer.
If the site needs delayed payment or recurring payment, the module should leverage some facility of the payment gateway to either retain authorization IDs for later capture or store credit card data securely at the gateway. For example implementations see the Commerce Authorize.Net and CyberSource integration modules.
Showing Authorize.net Configuration for On-Site Payments
Off-site Payment Methods
Redirected Payment Workflow
Drupal Commerce does its best to handle the redirected payment workflow in a like manner to on-site payment methods in the checkout process. Customers will leave from and return to the same place in checkout, so both your on-site and off-site customers should see all the same pages and have their orders processed identically with the sole exception of the optional payment redirect page that only appears when necessary.
Most redirected payment methods send some sort of asynchronous message to your site to provide an authoritative payment notification. Often, this can arrive at your site before the customer actually returns from the payment gateway. In this case, your payment notification listener should update the order as necessary on receipt of the successful payment notification and use the API to move the order forward to the next checkout page.
Off-site Payment Method Examples
For an example implementation, see the PayPal WPS module of the Commerce PayPal integration. The base PayPal module in that project defines a pluggable IPN listener that demonstrates how to listen for and handle asynchronous payment notifications from the payment gateway, though your implementation doesn’t necessarily need to be pluggable.