Let me preface the question by stating that I’m not a programmer and am requesting a response that an infant could grasp.
I’m building a payment form via Authorize.net using the PHP SIM method. I’ve noticed that the hidden fields of the form (which contain my API Login ID and Transaction Key) are visible in the source code. Obviously this is not good.
The only solution I’ve found to keep them hidden is to pull in the values from a secure external file during the POST of the form.
Sounds logical, but how do I do this? What does that look like in PHP? Have mercy!
The transaction key is not visible in the source code of the form. The API login is but that’s ok. The transaction key, along with the API login and other criteria which are dynamic and unique to the transaction, are included with the form in the form of a MD5 hash and cannot be guessed or created by hackers. This is safe and secure.
You really should hire a programmer to do this for you. Ecommerce isn’t something a non-programmer should even think about playing with. This is how lives are ruined.