Screen: ShopSite > Orders
Note: |
The information on this page applies to Orders only.
For information on automated XML uploads and downloads of Products or Pages, see
Database Automated XML Upload/Download.
|
Note: |
To implement this feature as intended, you should familiarize yourself with the sample OAuth source code. It can be downloaded here:
OAuth_Sample.zip If you plan to implement OAuth in PHP, we've created a pair of files that can be used to accelerate your development. The first, oauth.php, is an OAuth module that can be plugged directly in to your custom PHP script. The second, oauth_tester.php, contains examples of how to use the module with ShopSite. The zip file containing these files can be downloaded here: OAuth_PHP.zip |
You can use a merchant-supplied program to automatically download a store’s orders as an XML-formatted text file. This help page describes the programmatic interface; the XML DTD is described on Orders Download XML Format.
Your orders download program must send a request to a ShopSite Authorization CGI program (authorize.cgi) and provide authentication to receive a token that can authorize a request to a ShopSite Download CGI program (db_xml.cgi) to start the download. To keep order information secure, the ShopSite CGI program must be invoked through a secure connection (https). If the connection is not secure, customer credit card information will not be included in the download.
The db_xml.cgi program can accept these optional parameters:
Note: | CVV2 information is only stored by ShopSite when the store is accepting credit cards for manual processing. This information is purged from ShopSite when orders are viewed or downloaded. Sometimes it is necessary to download the order information before authorizations occur, such as when using order managing software. For example, let's say that you manually authorize your credit card transactions and have an order manager that automatically downloads information from ShopSite. When those orders are downloaded to the order manager, the CVV2 information is purged from ShopSite, even if it is not used by the order manager. By setting the value for the "pay" parameter to "no_cvv" ( pay=no_cvv ), the CVV2 information will remain in ShopSite until the order is viewed or downloaded through the back office. |
While it is possible to use startorder and endorder or startdate and enddate to download a specific set of orders, you do not have to use both the start and end value. You could, for example, use startdate without enddate to download all the orders that have come in since the last time you downloaded orders.
The db_xml.cgi will output the following line, followed by the XML order information:
Content-type: application/x-www-form-urlencoded\n\n
This example program functions as though the client has already entered the appropriate information on the Applications screen of the back office. The example also relies heavily on the sample OAuth source code found in the OAuth_Sample.zip which you should download and review.
This example uses a non-secure connection to request order information. Because the CGI directory on the server requires authentication, the program first requests a token from ShopSite, passing the authentication keys set up on the Application screen in the back office. It then passes the token as authentication for the order information request. This program does not process the XML, so it does not test the response values (Success or Failure).
if ((msg_socket = getconnection("mystore.com",80)) == -1)
{
printf("Big trouble, no socket connection\r\n");
exit(1);
}
/* create the HTTP header for authentication request */
sprintf(send_msg,
"POST /cgi-bin/sc/authorize.cgi HTTP/1.1\r\n"
"Host: mystore.com\r\n"
"Content-Length: 127\r\n
"Content-Type: application/x-www-form-urlencoded\r\n\r\n"
"grant_type=authorization_code&code=MTQxMDZ8ZGViYmllfDJ8&client_credentials=QjlEMzI5OUI6ODAwMjZiYzc=&signature=rfw0k21l9YdXl0r240Uw+3aa9A4=");
/* send the HTTP header for authentication request */
resource = send(msg_socket, send_msg, strlen(send_msg),0);
/* create the HTTP header for download */
sprintf(send_msg,
"POST /cgi-bin/sc/db_xml.cgi HTTP/1.1\r\n"
"Host: mystore.com\r\n"
"Content-Length: 164\r\n
"Content-Type: application/x-www-form-urlencoded"\r\n\r\n
“clientApp=1&dbname=orders&version=11.0&token=MTMwMjA5NjAyOHxkZWJiaWV8MnxCYWlsZXl8MjU2fA==×tamp=1302101084&nonce=503bb763&signature=LXIUwI9RSLqzd19GpOJnbO0hTQg=”);
/* send the HTTP header for download */
count = send(msg_socket, send_msg, strlen(send_msg),0);
/* loop to receive order info */
while (count = recv(msg_socket, buf, 2048, 0))
{
buf[count] = '\0';
printf("%s",buf); /* since just testing write the order info to the screen */
/* Here is where you would create a buffer */
/* containing all the order info */
/* and then process that information */
}
close(msg_socket);
The getconnection() function creates a socket link to the specified host. Once the socket connection has been established the program will "send" the HTTP header that specifies the CGI to be invoked, the Host and the Authorization which is needed because the CGI is in a oAuth protected web server directory.
ShopSite Help and Resource Center Last updated: August 21, 2012 Give Feedback |
ShopSite Shopping Cart Software |