Have your own great idea for a new API feature?

or maybe a suggested improvement to an existing one? Share it and become a god of the developer world.

New Idea

As we build out our integration we noticed it would nice to have some additonal search types added to the getCustomerPaymentProfileListRequest endpoint. The most useful for us would be to search by customerProfileID.  Also an expiration date range would be nice along with a paymentType (credit card or bank account)

 

A future request i could see is having the ability to have multiple searchTypes like customerProfileID and and an expiration month/year or range, or customerProfileID and paymentType.

 

Thanks,

-Nick

Status: Accepted

Approve Held Transactions via API

Status: Delivered
by andrewskaggs on ‎03-17-2016 05:48 AM

Currently, transactions flagged as suspicious and held for review by the Fraud Detection Suite can only be approved via the Merchant Interface.

 

It would be much more convenient if we were able to approve these held transactions via the API without requiring our admins to log into the Merchant Interface.

0 Votes

I need to be able to create new payment profiles on existing customer profiles at the same time as a transaction is being done, so I can skip the test transaction step. Currently, I can create new payment profiles with an authCaptureTransaction only if I also want a new customer profile. I am getting lots of complaints about the test transactions, and this would solve the problem.

Status: Delivered

This is now available through the API.

Despite using best security practices to protect passwords, we consider the single form authentication to the Authorize.net portal to be a critical security concern.

 

The concern is especially high with regard to CIM. When CIM is enabled, anybody breaking into the Authorize.net account can do a lot of damage (like creating transactions).

 

We are in 2015 and two form factor authentication is widespread and easy to implement. It does not have to be a full blown 2-factor with MFA devices. A simple solution - for example using a mobile phone access code - would already be a huge improvement over the current system.

 

 

Status: Under Review
0 Votes

It seems so stupid that this is not already available.

 

If you have an ARB subscriber for a service you are offering on a monthly basis, you would of course want to know, often and simply, if that subscriber has paid his last bill before you continue to service him.

 

But instead of a simple API function, I have to parse through mountains of data and, if I dont want to have to do this everytime someone logs in ( to check if they should be able to), i also now have to create a database table to track this status and when it was last checked.

 

CRAZY!

 

Please Authorize.net, create a simple API to do this simple check!!!

 

 

Status: Accepted

Create transaction and recurring billing subscription with single request

Status: Delivered
by Omkaar1 on ‎02-06-2015 06:25 AM - last edited on ‎02-06-2015 10:21 AM by Administrator Administrator

how i create ARB subscription using single payment in php

I want to integrate ARB with AIM in core php website.please give me proper intructions with example.

Status: Delivered

We're marking this idea as delivered but it does require two steps:

 

See https://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Recurring-billing-and-... for more details on creating or updating a subscription using a profile

 

Richard

Hi

 

Following our recent Gap Analysis for PCIDSS Compliance, it was suggested that at the point of entering the Credit/Debit card details for payments, the PAN should be masked. This would then take away the opportunity for screen scraping where the user could screen shot the full details, or copy and paste them somewhere else.

 

After getting in touch with the dev team at Authorize, they have advised that this would be a good idea to get rolling and the best way to do this is to add it here. So here we are!

 

Many thanks

Amber

Status: Under Review
0 Votes

I'm currently working on a solution where our customers have requested a migration-tool, to tie existing CIM entries to their business partners in their ERP system.

 

In this case a method to retrieve all CIM profiles along with their corresponding payment profiles would be helpful.

 

Currently the only option is to query the API for all CIM profile IDs and then iterate them and call the API for each one.

In the sandbox environment this takes roughly 20 minutes for 4000 entries, using multi-threaded requesting. This performance is obviously pretty poor, and I imagine the method I described above would allviate this problem.

Status: Accepted

Test Opaque Token

Status: New
by mlunn01 on ‎02-15-2017 12:55 PM

It would be great if there was a test token that could be used to test the server side code that transmits the AcceptJs token to the Gateway, similiar to the way one uses test credit card numbers.

Hi,

It's great that now we finally can retrieve card expiration dates via API call. Nevertheless, on https://test.authorize.net/profile/editPayment form expiration date is still displayed as masked. Our clients find this inconvenient. The idea is to show unmasked date on hosted form.

Status: Accepted

Notice of Change reports via API

Status: Under Review
by ddri-rlevesque on ‎10-06-2016 08:27 AM

From what I understand getTransactionDetails will not provide the same information as the Notice Of Change report that is accessed via the website, i.e. corrected account and/or routing number.

 

The result of getTransactionDetails for a transaction in the NOC report is a “returned item” after the original transaction is settled successfully.  It is not until several days later that the returned item is generated. 

 

If the information provided by the NOC report could be accessed programmatically, one could correct the transaction and resubmit. 

 

Status: Under Review

Created from previous thread: https://community.developer.authorize.net/t5/Integration-and-Testing/refundTransaction-requires-expi...

 

Currently, to refund a transaction, you must provide both the masked credit card number and expiration date.   Yet this information adds nothing to the request -- in fact, if you no longer have this information, you must issue a separate getTransactionDetail transaction to fetch this information.   Rather than requiring two separate transactions to perform a single task, only require the original transaction id.

 

Status: Accepted
0 Votes

The CIM "Add New Payment Method" hosted form does not show an asterix before billing zip and street even though they are required fields.  Card Number expiration date, and Card code are clearly indicated as required via an asterix.

 

This will be confusing to our customers as the credit card number and expiration date fields are clearly marked with an asterix while street and zip appear optional, yet when customers hit save, they are told that zip and street are required.

 

Ideally whether or not zip and street are required fields and trigger an error message should be determined from the merchant account AVS settings, or be determined by a setting indicated when requesting the hosted form token.

 

 

Status: Accepted

I don't think it's fair to put the status to delivered, (as @cggamer alluded to) as the request was specifically for getCustomerProfileRequest. It's nice that it was delivered for getCustomerPaymentProfileRequest but this means that you have to do multiple requests to show a customer's full profile, which I'm guessing most systems (including mine) would rather not.

Status: Delivered

As noted in the FAQ, Authorize.net waits 10 seconds to receive a response from DPM POST requests:

http://developer.authorize.net/faqs/#rrcauses

 

It also notes that "On occasion, timeouts will occur that are outside of the control of your script or our servers. Typical reasons for these timeouts are Internet traffic, merchant server overload or malfunctions, or Internet routing issues. Depending upon your server location and what route is used to send data, it is possible that you may occasionally receive a time out message."

 

It appears that Authorize.net does not retry a failed POST, even if the 10 second timeout has not been reached. This was confirmed by an admin in the forums ("We currently do not retry failed posts").

 

I propose that this behavior be changed. If an Authorize.net POST request fails, prior to the 10 second cut-off, the POST should be retried, possibly with a short backoff (e.g., wait a second or two to reinitiate, to prevent a flood of requests).

 

As background, we have been using DPM successfully for a couple of years now, but we do occassionally see "timeout" errors. Crucially, it does not appear that these are actually caused by timeouts. The first thing we do in handling the response is log receipt of the request. But we see no evidence of having received the requests in our logs. Which suggests that the problem is happening outside of our network.

 

As it currently stands, Authorize.net's POST request could fail immediately due to some extremely transitory issue (perhaps even within their network). They would immediately receive a "connection reset by peer" error or whatever. And even though virtually none of the 10 second timeout period has been consumed, the customer receives a timeout error.

 

The DPM process should make more of an effort to communicate the transaction status and prevent this failure scenario.

 

Possibly related to this request would be additional logging facilities, so that both Authorize.net and its customers could have more insight into what exactly is occuring. IOW, it would be very helpful to have some visibility into *why* Authorize.net's POST request failed, and how long it took. It could provide much needed stats to discover how often the "timeout" problem is happening and whether these suggested changes are actually making a difference.

 

 

 

 

 

 

Status: Delivered

DPM is now replaced by Authorize.Net Accept.js, a javascript library for accepting payments: http://developer.authorize.net/api/reference/features/acceptjs.html

There seems to be many companies that have more than a 1,000 unsettled transactions they need to review on a daily basis. Being able to pull this down programmatically is an important feature for us to evaluate/validate unsettled transactions each day. Removing the limit on the Get Unsettled Transactions API function would be a great help! Thanks,
Status: Delivered

We have delivered this capability with an update to the reporting API methods:

 

 

Element

Description

sorting

Contains sorting information

         orderBy

Order of transactions in response:

         id

         submitTimeUTC

         orderDescending

true, false, 1 or 0

Paging

 

         limit

1-1000.

The number of transactions per page.

         offset

1-100000.

The number of the page.

 

Unsettled Transactions

The example request below will retrieve the last 100 unsettled transactions by time submitted.  With this release, sorting can be on either transaction ID or transaction submit time.

 

 

<getUnsettledTransactionListRequest>
    <merchantAuthentication>
        <name>API_LOGIN_ID</name>
        <transactionKey>TRANSACTION_KEY</transactionKey>
    </merchantAuthentication>
    <sorting>
      <orderBy>submitTimeUTC</orderBy>
      <orderDescending>true</orderDescending>
    </sorting>
    <paging>
      <limit>100</limit>
      <offset>1</offset>
    </paging>
</getUnsettledTransactionListRequest>

 

 

The resulting GetTransactionList response is unchanged apart from one new field, totalNumInResultSet.

 

Settled Transactions

Pagination works exactly the same way for settled transactions. Use the paging elements to page through a settled batch of transactions 100 at a time. 

 

<getTransactionListRequest> 
  <merchantAuthentication> 
<name>API_LOGIN_ID</name>
<transactionKey>TRANSACTION_KEY</transactionKey>
</merchantAuthentication>
<batchId>6416551</batchId>
<paging>
<limit>300</limit>
<offset>1</offset>
</paging>
</getTransactionListRequest>

 

The resulting GetTransactionList response is unchanged apart from one new field, totalNumInResultSet.

The CIM iframe works great but lacks some display options.  For example, I use it at a newspaper where the billing and shipping info are both useful to have.  Unfortunately we cannot change the name of "Shipping" to delivery.  In the case of a newspaper, this might imply we will mail the subscription which is not the case.  It would also be nice to be able show or hide the shipping field if it wasn't needed.

 

The iframe should also support a responsively designed site.  It will position further down on the page by default when viewed on a mobile device.

Status: Delivered

ARB subscription details

Status: Accepted
by mandah0520 on ‎01-26-2015 02:02 PM

There needs to be a feature that allows you to get subscription information like when was the last valid payment, all attempt of card processing and whether it failed or went through, etc etc etc. ARB really is tiny with no usefull functions other than create and cancel subscriptions. Even the update is useless with the amount of things u can update about a transaction. So please add some features that gives users some idea of what is going on with their subscription. Is there a better payment processor than authorize.net that does this?

Status: Accepted
0 Votes

Our store uses WooCommerce (WordPress) and we use Google Analytics to track our transactions. Because users leave our site to make their payment via Authorize.net, Google Analytics is unable to correctly attribute the subsequent conversions (showing as referrals from authorize.net).

We've setup Analytics in Tag Manager and have enabled third party cookies (auto link domains), but without actually adding the code to the authorize.net pages, this is useless. I've seen many places where your customers ask this exact question and yet I've not seen a single workable response. Please create a way customers (or their developers) can enable and implement this tracking continuity. 

Status: Delivered

@annestahl This may be easier now that WooCommerce has released support for Accept.js, which uses a JavaScript library to avoid sending sensitive information through the merchant's server.

 

Richard