Google Checkout is a payment gateway system by the same company that bought you Gmail and... the search engine. It provides low cost processing with a powerful API. Google checkout is a remote payment gateway, with customers being directed to Google's secure payment page in order to conduct their credit card transaction. However, it is far more complex than most other integrations, because the user does the whole checkout including shipping selections from Google's site.
YOUR SITE MUST HAVE A SECURE CERTIFICATE TO USE GOOGLE CHECKOUT
Google Checkout (Level 2 integration) requires that the callback must run under SSL. This means your site must have its own secure certificate. Shared SSL is not sufficient for CactuShop to run Google Checkout. The certificate MUST be for your site domain and applied such that any web site pages can be called with https without generating an error.
Google provides some information on obtaining secure certificates that are acceptable here:
http://www.google.com/che ckout/ssl-certificates
You should ensure you check with your host about purchasing secure certificates as many will not install those not purchased via
themselves.
Furthermore, you will need the ability to set basic
username/password authentication on specific folders. Google Checkout requires that the callback script is protected in this way.
Important: Google Checkout support (Level 2 integration, with callback) requires you have SSL running with your own secure certificate on your site.
It also requires that you set basic authentication on the callback script. These may not be available on all hosting packages; if available, a secure secure certificate will add extra cost to your hosting. Please see the sidebar for more information.
For further Google Checkout information, go to:
http://checkout.google.com
10.9.1 Overview
CactuShop's Google Checkout integration is a 'Level 2' implementation, which means that the entire checkout process is done on Google's web site. For elements such as shipping and tax, Google interfaces with CactuShop to obtain pricing details. At the end of the checkout process, Google passes data collected from the user so that an account and order record can be created in CactuShop. This differs significantly from the usual gateway process in CactuShop.
As mentioned above, for Level 2 integration, you must have SSL and basic authentication available on your hosting package.
10.9.2 Google Checkout setup on CactuShop
Go to the ‘Google Checkout’ section of the config settings in the Payment and Shipping Gateways section.
For config settings that are common to all payment methods, see section 10.1.4.
10.9.2.1 GOOGLE_MerchantID
Your Merchant ID supplied by Google Checkout.
10.9.2.2 GOOGLE_MerchantKey
Your Merchant Key supplied by Google Checkout.
10.9.2.3 GOOGLE_ProxyURL
The path to your google.asp script, which is the one Google connects to when communicating with your store. As default, this will be located at:
https://www.demo.xyz/payment/proxy/google.asp
For testing you can use http, but for live use this path must begin with https.
The 'proxy' folder must be protected with basic authentication.
10.9.2.4 GOOGLE_ProcessCurrency
You must set this config setting to the 3 letter ISO currency code of your Google Checkout account. For example, if your account processes Euros, this setting must be set to ‘EUR’. Setting this config setting correctly ensures that all orders will be converted to Euros prior to passing over to Google Checkout.
If you don’t set this (and your store supports multiple currencies), you will pass values in GBP or USD to the Google Checkout gateway, but it will assume these amounts are in Euros.
10.9.2.5 Callback proxy - further info
Google Checkout requires that the callback script be protected by SSL as well as basic username/password authentication. However, basic authentication can only be applied on a per-folder basis. You cannot apply it to an individual script like the callback.asp. Even if you could, putting basic authentication on the callback.asp alone would cause problems if you had other payment gateways set up that did not support it.
The solution is a callback proxy script. For Google Checkout, this is located at payment/proxy/google.asp. The way is works is that Google Checkout posts its callback information to this script, which in turns posts it to the regular callback.asp script on the root of your store. Effectively the proxy script is an intermediate step that can have basic authentication, and can then relay the received values to the main callback which does not.
To set this up, apply basic authentication to the payment/proxy/ folder. You may need to contact your server administrator to do this, or you might have the option on your web hosting control panel. The username and password you set up for basic authentication should match your Google Checkout ID and Google Checkout key respectively.
10.9.3 Setup on Google Checkout
For Google Checkout to notify your shop with new orders (Level 2
Integration), you must first provide Google Checkout with the URL of your callback page. Unlike most other payment gateways, Google Checkout requires that the callback script is protected by basic authentication and SSL.
As detailed in 10.9.2.5 above, we must use a proxy script to receive the callback rather than the main callback.asp page. The URL would therefore be:
https://www.demo.xyz/payment/proxy/google.asp
If your site runs CactuShop in a subfolder, you would need to reflect this in the URL of course.
You can set this by logging to Google Checkout’s Merchant Center with your Google Account ID and password. Select the “Settings” tab and click on the
“Integration” link in the left pane. This should display the Integration Settings page where you can set your API Callback URL. Be sure to tick the “For extra security, my company will only post digitally signed XML shopping carts.
(Google should reject all other)” checkbox and select “XML” option as the Callback method.
10.9.4 Testing Google Checkout
CactuShop automatically chooses where the XML calls are sent based on the GOOGLE_Status setting. If it’s set to “test”, CactuShop will pass the XML call to Google Checkout's Sandbox instead of to the “live” Google Checkout Servers. You may need to register a separate account to have access to the Sandbox as using your actual Merchant Account is not advisable.
Note: the sandbox tests will work without basic authentication or SSL protection on your callback proxy script. But the live Google Checkout will not – do not be fooled by the sandbox into thinking you can get away without SSL or basic authentication. You must have these in place for Google Checkout to work in 'live' mode.