UnMasked Expiration Date in Hosted CIM's getCustomerProfileRequest

Status: Delivered
by CoryAuth on ‎01-23-2015 10:08 AM

As mentioned in the following post:




The card expiry date is masked when returned in the getCustomerProfileRequest.  As the card number is masked, there is no PCI requirement that the expiry date of the card also be masked.  Without the expiry date, it makes it impossible for us to automate the process of notifying our customer's clients that their card will be soon expiring.  The reason for us going this route is to offer an ARB solution managed completely from within our application.  It is imparative for us to have access to this date.


The idea is a simple one.  Return the expiry date in the CIM getCustomerProfileRequest unmasked.



Status: Delivered
by Developer Developer
on ‎12-28-2015 01:14 PM

 Hi there,


Latest version of the .NET SDK (1.8.8) has the option and we have updated the sample code here to illustrate the usage:  https://github.com/AuthorizeNet/sample-code-csharp/blob/master/CustomerProfiles/GetCustomerPaymentPr...



by Christophe
on ‎01-24-2016 05:30 AM

Please addd the unmasked numbers in getCustomerProfileRequest

as the original request stated.

It will be much more useful than if only accessible in GetCustomerPaymentProfileRequest



by rev23dev
on ‎01-28-2016 07:58 AM

Can this be used with ARB in a getSubscription reuqest too?

by Developer Developer
on ‎01-28-2016 08:43 AM

We specifically didn't turn this on by default across the API to avoid a wholesale change in behaviour from masked to unmasked.  We're taking all this feedback to consider making that change but right now you can get the customerPaymentProfileId from the ARB GetSubscription response and call GetCustomerPaymentProfile with that ID to return the unmasked expiration.


Hope this helps,



by wizzy
on ‎03-21-2016 08:12 AM

As I said earlier, this is a really important feature for every client I'm working with. It's imperative that the customers can see the expiration date, so that it can be used to checkout, and be updated as needed.

While being able to access it with GetCustomerPaymentProfileRequest is a nice workaround, it is not a great solution, for any developer that cares about performance. Think about customers that have multiple cards saved - having to make multiple CIM requests just to load a page with their payment options is not UX friendly. (They take up to 3-6 seconds in my tests which is not passable.)

The idea that was proposed was: "The idea is a simple one.  Return the expiry date in the CIM getCustomerProfileRequest unmasked.". It's nice that we got a workaround, but to change the status to delivered is just wrong and a bit condescending to us developers.

by Developer Developer
‎03-21-2016 09:38 AM - edited ‎03-21-2016 09:39 AM

 I think that's a fair enough comment @wizzy.  Rest assured, even if the status has been set to delivered, we are working right now on the update for getCustomerProfileRequest.

by wizzy
on ‎03-21-2016 12:30 PM

I appreciate the response @brianmc. I wasn't aware that this was being worked on, and we look forward to the update!


(I'm sorry if my comment was a bit harsh. It felt like we were being ignored and one of my previous comments was moved to a new thread for some reason.)

by kmasuko
‎07-08-2016 02:12 PM - edited ‎07-08-2016 02:15 PM

Hello, I'm still unable to retrieve an unmasked expiration date.


Like most people in this thread, I started by using the getCustomerProfileRequest call and was diappointed to find all expiration dates were "XXXX".  After reading this thread, I was annoyed to have to implement an extra call to getCustomerPaymentProfileRequest for each payment profile, but at least I was hopeful a solution was within my reach.


I added the extra call to getCustomerPaymentProfileRequest with the unmaskExpirationDate attribute set to true and I still get "XXXX" for the expiration date.


What am I doing wrong?




using AuthorizeNet;
using AuthorizeNet.Api.Contracts.V1;
using AuthorizeNet.Api.Controllers.Bases;
using AuthorizeNet.Api.Controllers;

    public static getCustomerPaymentProfileResponse GetCustomerPaymentProfileRequest(string ApiLoginId, string ApiTransactionKey, string customerProfileId, string paymentProfileId)
        ApiOperationBase<getCustomerPaymentProfileRequest, getCustomerPaymentProfileResponse>.RunEnvironment = AuthorizeNet.Environment.SANDBOX;
        // define the merchant information (authentication / transaction id)
        ApiOperationBase<getCustomerPaymentProfileRequest, getCustomerPaymentProfileResponse>.MerchantAuthentication = new merchantAuthenticationType()
            name = ApiLoginId,
            ItemElementName = ItemChoiceType.transactionKey,
            Item = ApiTransactionKey,

        var request = new getCustomerPaymentProfileRequest();
        request.customerProfileId = customerProfileId;
        request.customerPaymentProfileId = paymentProfileId;
        request.unmaskExpirationDate = true;

        var controller = new getCustomerPaymentProfileController(request);

        getCustomerPaymentProfileResponse response = controller.GetApiResponse();

        if (response != null && response.messages.resultCode != messageTypeEnum.Ok)
            string error = string.Format("GetCustomerPaymentProfile error code: {0}  error text: {1}",
            Logger.Error(MB.GetCurrentMethod().Name, error);

        return response;



Calling code:


                getCustomerPaymentProfileResponse customerPaymentProfileResponse = myClass.GetCustomerPaymentProfileRequest(AuthnetApiLogin, AuthnetTransactionKey, customerProfileId, paymentProfile.ProfileID);
                var creditCard = (creditCardMaskedType)customerPaymentProfileResponse.paymentProfile.payment.Item;
                string cardExp = creditCard.expirationDate;




by kmasuko
on ‎07-13-2016 02:46 PM

Developer support found my error:

    In your actual request code you are missing the line: request.unmaskExpirationDateSpecified = true;


    The correct code is:


    var request = new getCustomerPaymentProfileRequest();
    request.customerProfileId = customerProfileId;
    request.customerPaymentProfileId = paymentProfileId;

    request.unmaskExpirationDateSpecified = true;
    request.unmaskExpirationDate = true;


My mistake is I forgot to set the flag that indicates that I set the unmaskExpirationDate flag.


Mystery solved.


by Developer Developer
on ‎08-10-2016 08:02 AM - last edited on ‎08-10-2016 08:43 AM by Administrator Administrator

Hi @wizzy@Christophe and others,


Pleased to let you know we now have unmasked expiration support in GetCustomerProfile.


Apologies again that it took us a little while to complete this missing piece but we're always delighted to get these Ideas from the community into production.  We'll have the SDKs updated in the next few days.


Thank you!