SharpGateway is a secure, modular, and production-ready REST API built with ASP.NET Core for integrating Authorize.Net payments. It supports full transaction workflows — including authorization, capture, refund, void, and safe structured logging.
- 🔐 Credit card Authorization Only & Auth + Capture
- 🔁 Capture of previously authorized transactions
- 💸 Refunds & Voids
- 📑 Swagger (OpenAPI) support for easy testing
- 🛡️ Secure request logging (card number, CVV, expiration masked)
- 🔄 Environment-based config using
.env - 📦 Clean separation of services, models, and controllers
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/Authorize |
Authorize card without capturing funds |
| POST | /api/Charge |
Authorize + Capture in one step |
| POST | /api/Capture |
Capture a previously authorized trans. |
| POST | /api/Refund |
Refund a previously settled transaction |
| POST | /api/Void |
Void an unsettled (auth-only) transaction |
- ASP.NET Core 8.0
- Authorize.Net SDK v2.0
- Swashbuckle (Swagger UI)
- DotNetEnv for
.envconfig loading - Microsoft.Extensions.Logging with safe masking
Your API credentials should be placed in a .env file (never commit this!):
AUTHORIZENET__APILOGINID=your_login_id
AUTHORIZENET__TRANSACTIONKEY=your_transaction_key
✅ Automatically mapped to the
AuthorizeNetsection in your config.
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AuthorizeNet": {
"ApiLoginId": "",
"TransactionKey": ""
},
"AllowedHosts": "*"
}dotnet restore
dotnet build
dotnet runNavigate to: https://localhost:5001/swagger
Sensitive fields like:
CardNumberCVVExpiration
...are never logged in plaintext. They are masked using secure utilities and safe anonymous logging objects.
- Support for recurring billing / customer profiles
- Webhook listener for Authorize.Net transaction updates
- Docker containerization
- Multi-environment deployment setup (dev/staging/prod)
MIT © 2025 — Devitrax
PRs are welcome! Open an issue or fork this repo to contribute improvements.