Active Merchant and Authorize.net returning failure in production

Question

I have an app that has some basic ecommerce activity. I tried it with a test authorize.net account, and it works fine. I entered in the APIs for production mode though, and I keep getting redirected to the failure screen when I try to purchase anything. I'm not getting any errors, nothing in the logs on heroku, and I don't even know where to start debugging. I am connecting to Authorize.net successfully, transactions are successful in development mode - I based it heavily off of Ryan Bate's RailsCast episode 145 (http://railscasts.com/episodes/145-integrating-active-merchant), but here are some highlights of my code (since I'm testing ti, I'm forcing it to do 1 cent transactions despite what I order)

in enviroments/production.rb

config.after_initialize do
  ActiveMerchant::Billing::Base.mode = :production
  ::GATEWAY = ActiveMerchant::Billing::AuthorizeNetGateway.new(
    :login => "scrubbed",
    :password => "scrubbed",
    :test => false
  )
  end

orders_controller.rb

 def create
    @order = Order.new(params[:order])
    @order.cart = current_cart
    if @order.save
      if @order.purchase
        @order.state = 'paid'
        @order.save
        render :action => "success"
        end
      else
        render :action => "failure"
      end
    else
      redirect_to home_page_path, notice: "The order failed to save"
    end
  end

def purchase
    response = GATEWAY.purchase(1, credit_card, purchase_options)
    transactions.create!(:action => "purchase", :amount => price_in_cents, :response => response)
    #cart.update_attribute(:purchased_at, Time.now) if response.success?
    response.success?
  end

order.rb

  def purchase
    response = GATEWAY.purchase(1, credit_card, purchase_options)
    transactions.create!(:action => "purchase", :amount => price_in_cents, :response => response)
    #cart.update_attribute(:purchased_at, Time.now) if response.success?
    response.success?
  end

private

  def purchase_options
    {
      :ip => ip_address,
      :billing_address => {
        :first_name   => first_name,
        :last_name    => last_name,
        :address1     => address_line_1,
        :address2     => address_line_2,
        :city         => city,
        :state        => billing_state,
        :country      => "US",
        :zip          => zip_code,
        :phone        => phone_number,
        :company      => company
      },
      :shipping_address => {
        :first_name   => sfirst_name,
        :last_name    => slast_name,
        :address1     => saddress_line_1,
        :address2     => saddress_line_2,
        :city         => scity,
        :state        => sbilling_state,
        :country      => "US",
        :zip          => szip_code,
        :phone        => sphone_number,
        :company      => scompany
      }
    }
  end

  def validate_card
    unless credit_card.valid?
      credit_card.errors.full_messages.each do |message|
        errors.add :base, message
      end
    end
  end

  def credit_card
    @credit_card ||= ActiveMerchant::Billing::CreditCard.new(
      :brand              => card_type,
      :number             => card_number,
      :verification_value => card_verification,
      :month              => card_expires_on.month,
      :year               => card_expires_on.year,
      :first_name         => first_name,
      :last_name          => last_name
    )
  end

Answer 1

I need to ask just to be sure - Have you done everything to get your merchant account setup with Authorize.net and your Bank for production usage already, and you've coordinated with them to start posting funds to your bank account when the money starts coming in?

If so, check out their developer documentation page here for the difference between test and production transactions

http://developer.authorize.net/guides/AIM/5_TestTrans.html

Transactions that work in test mode should work in production mode when everything is properly configured on the Gateway side. I would contact authorize.net there may be technical or administrative details which need to be finalized for your account to process live transactions.

Answer 2

I haven't personally dealt with authorize.net but I have used a similar web service which also required PCI compliance. In my case this meant that I needed a valid SSL certificate for transactions to work in production. In fact, if I remember correctly the transaction was failing in a very similar way and it wasn't obvious that was the cause.

It looks like authorize.net requires some type of security depending on which API you are making use of. http://developer.authorize.net/integration/