Basically you will POST a hash of data, with fields defined by the authorization service. These names vary but are usually similar across different services. Like "card_holder_name", etc. Then they return a hash , to a cgi of your choice, which you then split into name-value pairs, like any other cgi. Then you do what you need to do with the response. Almost all verifying services have a detailed developer's guide "hidden" somewhere on their website. These guides detail the various required field names, and usually give you a test server to practice on. For instance http://www.authorizenet.com/support/