Have your own great idea for a new API feature?

or maybe a suggested improvement to an existing one? Share it and become a god of the developer world.

New Idea

The current minimum 7 day interval for ARB makes testing impossible.

Developers need a shorter interval, for example 1 minute, to be able to test their applications.

Status: Accepted
0 Votes

One of the problems with using CIM hosted forms is that it's difficult to determine what profile information has changed (payment profiles added or edited).

 

Another issue is that it's difficult to provide an audit trail which identifies who initiated the changes.

 

One possibility that could address these issues is specifying some kind of reference id (not the per-transaction refid field) in the getHostedProfilePageRequest which would be assigned to each payment profile (or shipping address, although this is not something I use) which the end user created or edited using this token.   Or it could be the token itself.

 

Then return that identifier for each payment profile (or shipping address) returned by

getCustomerPaymentProfileListRequest.

 

End-developers can easily identify which payment profiles were modified by a specific token consumer.   We can also provide an audit trail of which token consumer modified a record most recently.Comments?

Status: Under Review
0 Votes

Support 19 Digit Card Numbers

Status: Accepted
by jmagaro88 on ‎01-24-2017 06:30 AM - last edited on ‎02-13-2017 04:13 PM by Administrator Administrator

A customer on my site just attempted to place an order with a valid Discover card number that is 19 digits long. Apparently, Discover and Visa have begun rolling out valid cards with 19 digits. The card passed my Luhn algorithm validation and was passed to Authorize.NET for authorization. The XML request was sent succefully; however, I received the following error response from Authorize.NET:

 

The 'AnetApi/xml/v1/schema/AnetApiSchema.xsd:cardNumber' element is invalid - The value XXXXXXXXXXXXXXXXXXXXX is invalid according to its datatype 'String' - The actual length is greater than the MaxLength value.

I checked on the Authorize.NET documentation, and it appears that only card numbers between 13 and 16 characters long are supported. When will this be changed to accommodate 19 digit card numbers?

Status: Accepted

Converted community thread to an idea and changed to accepted.

0 Votes

extend refund window past 120 days

Status: Under Review
by mwh on ‎01-24-2017 08:22 PM

A credit card payment can only be refunded for up to 120 days without having to resort to using ECC.  ECC is cumbersome and creates PCI compliance hassles.  Competitor gateways can often refund transactions up to a year after they happen.  

 

Please extend the non-ECC refund window to 365 days.

Status: Under Review

Support for EMV (Chip and PIN)

Status: Under Review
by paladinlogic on ‎02-11-2015 10:03 AM

We presently use Authorize.net with Iconic, our mobile ERP and point of sale solution for iOS.  As of October 2015, merchants are being required to support Chip and PIN to avoid new liabilities imposed by the major credit card companies (including VISA, which appears to own the company that provides the Authorize.Net service)  It would seem imperative that payment gateways allow for Chip and PIN transactions.  From everything I see--though I hope I am mistaken--Authorize.Net does not yet support Chip and PIN in its AIM interface (even for Card-Present transactions) despite its close ties with VISA.  All of the searching I have done through the forums and developer documentation have not produced any results.

 

We need to be able to develop our Chip and PIN solution now, well in advance of the October deadline.  Please implement this (if it does not already exist) and/or direct us to the documentation on how to pass ARQC (or equivalent cryptogram) data to the Authorize.Net payment gatway to support EMV/Chip and PIN transactions.

Status: Under Review

Idea: A read-only key that can be generated specifically for the Transaction Details API.

 

Background:

We are developing an app that only uses the Transaction Details API.

Which means we are only reading information.

 

From a liability standpoint, we want to avoid saving a write-capable transaction key.

 

Ideally a separate "read-only" transaction key could be created when a user turns on the Transaction Details API.

Status: Accepted

Payment Page

Status: Comments Requested
by Fcm on ‎12-10-2014 10:56 AM
Hi, An option of a payment page would be a great idea! For a retail business which uses a gateway due to the convenience of reporting etc., it is very annoying to need to login each time a customer wants to pay. If a merchant processes payments every 10-15 minutes, although they still have authorize.net open the page logs out due to inactivinty and they need to login again. This means they constantly need to login in. ANNOYING! As well, authorize.net does currently not properly support level II & level III processing. (Although you claim you do) Numerous merchants entered the data in the fields you advised and did not qualify for level II -level III rates. When they processed with a different gateway, they did. (IT"S A BIG PROBLEM!) The authorize.net community would appreicate action to the above mentiones matters. Thanks!
Status: Comments Requested

 @Fcm could you please help us understand more about your needs with Level 2 and Level 3 data?

 

Richard

We are a software developer with an interface to Authorize.net's API for storing card data using Customer Information Manager and issuing transactions based on the saved payment profiles.
A number of our clients separate credit card transactions by card type. To do this we need to know the card type for a payment profile saved in CIM. This information does not appear to be in your CIM documentation. Are there any plans for returning this data?

Status: Delivered

integration with Zapier

Status: New
by 4aGoodCause on ‎03-03-2017 08:40 AM

Does Authorize net have plans to integrate with Zapier? It is has been listed on their website as "upcoming" for over a year. When will it come? 

As we build out our integration we noticed it would nice to have some additonal search types added to the getCustomerPaymentProfileListRequest endpoint. The most useful for us would be to search by customerProfileID.  Also an expiration date range would be nice along with a paymentType (credit card or bank account)

 

A future request i could see is having the ability to have multiple searchTypes like customerProfileID and and an expiration month/year or range, or customerProfileID and paymentType.

 

Thanks,

-Nick

Status: Accepted
0 Votes

I need to be able to create new payment profiles on existing customer profiles at the same time as a transaction is being done, so I can skip the test transaction step. Currently, I can create new payment profiles with an authCaptureTransaction only if I also want a new customer profile. I am getting lots of complaints about the test transactions, and this would solve the problem.

Status: Delivered

This is now available through the API.

Approve Held Transactions via API

Status: Delivered
by andrewskaggs on ‎03-17-2016 05:48 AM

Currently, transactions flagged as suspicious and held for review by the Fraud Detection Suite can only be approved via the Merchant Interface.

 

It would be much more convenient if we were able to approve these held transactions via the API without requiring our admins to log into the Merchant Interface.

0 Votes

It seems so stupid that this is not already available.

 

If you have an ARB subscriber for a service you are offering on a monthly basis, you would of course want to know, often and simply, if that subscriber has paid his last bill before you continue to service him.

 

But instead of a simple API function, I have to parse through mountains of data and, if I dont want to have to do this everytime someone logs in ( to check if they should be able to), i also now have to create a database table to track this status and when it was last checked.

 

CRAZY!

 

Please Authorize.net, create a simple API to do this simple check!!!

 

 

Status: Accepted

Despite using best security practices to protect passwords, we consider the single form authentication to the Authorize.net portal to be a critical security concern.

 

The concern is especially high with regard to CIM. When CIM is enabled, anybody breaking into the Authorize.net account can do a lot of damage (like creating transactions).

 

We are in 2015 and two form factor authentication is widespread and easy to implement. It does not have to be a full blown 2-factor with MFA devices. A simple solution - for example using a mobile phone access code - would already be a huge improvement over the current system.

 

 

Status: Under Review

Create transaction and recurring billing subscription with single request

Status: Delivered
by Omkaar1 on ‎02-06-2015 06:25 AM - last edited on ‎02-06-2015 10:21 AM by Administrator Administrator

how i create ARB subscription using single payment in php

I want to integrate ARB with AIM in core php website.please give me proper intructions with example.

Status: Delivered

We're marking this idea as delivered but it does require two steps:

 

See https://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Recurring-billing-and-... for more details on creating or updating a subscription using a profile

 

Richard

0 Votes

Many stores need an automatic return to register the conversion for Google eCommerce.  By limiting the SIM method to a manual click by the customer causes a high degree of abandonment at the payment completion stage and therefore, no conversion registered with Google eCommerce.  It does work as it should if authorize.net's domain is excluded in the Google eCommerce settings AND the customer clicks on the authorize.net receipt page button.  HOWEVER, many times, they don't.

This is aggravated by the fact that the receipt page proclaims "Thank you for your order!" in bold text that is hard-coded and cannot be changed by the merchant.  This reinforces the impression to the customer that he is done and exacerbates the abandonment issue.

The Relay Response method DOES NOT WORK correctly when using SIM, and Silent Post URL does not send the information needed to clear the customer's cart in the store. 

 

DPM is out of the question due to issues regarding that approach not actually lessening scope of PCI compliance.  Officers at companies like Trustwave state that it puts the store completely in-scope and is no different than AIM, regardless of claims that by Authorize.net that DPM lessens scope.

There are 2 things that need to be addressed and modified in the SIM receipt page:

1. There should be an option for the post back to the merchant store using SIM be automatic and not wait for user input on a receipt page. (Again Relay Response does NOT work!)

2. The field that states success on the receipt page ("Thank you for your order!") should be editable text by the merchant for situations where the receipt page IS displayed but a different message is desired.

Please consider these two minor modifications to the SIM platform.  They would be a great benefit to many, many merchants, especially those using conversion tracking systems.

Thank you.

Status: Under Review

Hi

 

Following our recent Gap Analysis for PCIDSS Compliance, it was suggested that at the point of entering the Credit/Debit card details for payments, the PAN should be masked. This would then take away the opportunity for screen scraping where the user could screen shot the full details, or copy and paste them somewhere else.

 

After getting in touch with the dev team at Authorize, they have advised that this would be a good idea to get rolling and the best way to do this is to add it here. So here we are!

 

Many thanks

Amber

Status: Under Review
0 Votes

I'm currently working on a solution where our customers have requested a migration-tool, to tie existing CIM entries to their business partners in their ERP system.

 

In this case a method to retrieve all CIM profiles along with their corresponding payment profiles would be helpful.

 

Currently the only option is to query the API for all CIM profile IDs and then iterate them and call the API for each one.

In the sandbox environment this takes roughly 20 minutes for 4000 entries, using multi-threaded requesting. This performance is obviously pretty poor, and I imagine the method I described above would allviate this problem.

Status: Accepted
0 Votes

Test Opaque Token

Status: New
by mlunn01 on ‎02-15-2017 12:55 PM

It would be great if there was a test token that could be used to test the server side code that transmits the AcceptJs token to the Gateway, similiar to the way one uses test credit card numbers.