0 Votes

Accept.js needs to ignore IP address whitelist

Status: New
by on ‎02-11-2021 07:18 AM

I'm in the process of integrating the Accept.js library to allow customer to submit their payment details directly to Authorize.net so I don't have to handle any credit card information. Unfortunately Iv'e found a major flaw: if you have the "Authorized API IP Addresses" setting enable for your account (this is an IP address whitelist for the API), Authorize.net will block Accept.js requests from your customers if they're not in your whitelist. Since these requests are sent via a JavaScript library, the IP address comes from the customer's system, not your own.

 

I've been going back and forth with Authorize.net's support system (supposedly acting as a middle man with an engineer) and they've been less than helpful. It took over a week to finally get them to admit that their system is flawed and this will never work the whitelist enabled. Their suggestion is to remove the whitelist.

 

How is this acceptable? Removing the whitelist is a bad fix for bad design and bad programming.