Now we can adapt our checkout process to use our new shopping cart. Previously we created a simple checkout process using Django templates and the Google Checkout buy-it-now button. The obvious limitation of this approach was that customers can only purchase one item at a time. Using our shopping cart, we allow customers to select as many items as they like, but this requires us to modify the checkout process.
Earlier we discussed the checkout view and a helper method, doGoogleCheckout(), which performed two actions. First, it converted our internal representation of the customer's shopping cart to a format that Google Checkout API can understand. Second, it created a cryptographic signature of this shopping cart using our secret Merchant Key identification. This signature is how Google Checkout's API verifies that the purchase request is coming from our web application.
Here is the doGoogleCheckout function in its entirety:
Import hmac, sha, base64
from django.template.loader import render_to_string
from django.conf import settings
def sign_google_cart(cart):
cart_cleartext =render_to_string('orders/googlecheckout.xml',
{'cart': cart})
cart_sig = hmac.new(settings.GoogleMerchantKey,
cart_cleartext, sha).digest()
cart_base64 = base64.b64encode(cart_cleartext)
sig_base64 = base64.b64encode(cart_sig)
return cart_base64, sig_base64As stated earlier, Google Checkout API-compatible shopping carts are represented as XML documents. Here we render this XML document using Django's standard template rendering functions. We provide a context that includes an instance of our internal Cart class.
After rendering the XML, we capture it as the string variable cart_cleartext. This is what we use to generate a cryptographic signature. The Checkout API is specific about how to sign our shopping cart: it must use the HMAC SHA-1 algorithm. Fortunately, Python makes this sort of signature generation very easy.
Finally, both the cleartext version of our Checkout API-compatible shopping cart and the digital signature are base-64 encoded so that they can be submitted for processing through an HTML form field in an HTTP POST request.
These two base-64 encoded values are returned to our checkout view and are included in the template context. They will be rendered in the template as fields on an HTML form that submits directly to the Google Checkout API.
The last key piece of this is the XML template to render the cleartext shopping cart. The specific format and XML schema are documented at the following URL: http://code.google.com/apis/checkout/developer/Google_Checkout_XML_API.html.
The actual design of this checkout XML file will depend on the specific application because it includes things such as shipping and tax tables, coupon codes, and other merchant-specific information. For our example application, here is our basic googlecheckout.xml template. Note the use of Django template tags and variables, just as if it were an HTML document.
<?xml version="1.0" encoding="UTF-8"?>
<checkout-shopping-cart xmlns="http://checkout.google.com/schema/2">
<shopping-cart>
<items>
{% for item in cart %}
<item>
<item-name>{{ item.product.name }}</item-name>
<item-description>{{ item.product.description }}</item-description>
<unit-price currency="USD">{{ item.product.price_in_dollars }}
</unit-price>
<quantity>{{ item.quantity }}</quantity>
</item>
{% endfor %}
</items>
</shopping-cart>
<checkout-flow-support>
<merchant-checkout-flow-support>
<shipping-methods>
<flat-rate-shipping name="SuperShip Ground">
<price currency="USD">2.50</price>
</flat-rate-shipping>
</shipping-methods>
</merchant-checkout-flow-support>
</checkout-flow-support>
</checkout-shopping-cart>This is the simplest possible shopping cart XML. It works by iterating over the items in our cart; it generates an <item> element for each one that includes child elements that capture details about the item we're selling, including its price. It also includes a very simple flat-rate shipping fee. There are dozens of additional tags you can use in the checkout XML. It is a very flexible system that can handle a wide variety of scenarios. We will discuss payment processing and checkout APIs in even more depth in the next chapter.