And definately a way out to integrate level2 without "https://"
I'd like to SECOND that request. Small merchants simply cannot afford
the cost of an SSL certificate. If we could afford SSL, we could
accept credit cards directly anyway, we wouldn't need Google or PayPal!
So, in some ways, the SSL requirement for Level 2 integration is
contrary to the WHOLE CONCEPT of an "order/payment processor" -- which,
essentially, is to have somebody else (a "big guy") aggregate at lower
cost the stuff that is too expensive for us (the "little guy"). SSL
certificates are one of those things! (Not the only thing, to be sure.
I realize that "big guys" can do more of the back-office processing
and thus get better rates from the credit card companies and banks.)
None of the other order/payment processors (at least not PayPal, nor
VeriSign, which I used before their order processing business was
bought by PayPal) have the extensive security requirements that Google
Checkout has (base64 encoded, cryptographically signed order submission
and SSL-protected callbacks). Then again, maybe the added security is
why Google's fees are so much lower (because it potentially reduces
their exposure to fraud).