Changing the endpoint url won’t do it. You would need to change your entire integration. Sounds like you are using a SIM form. The upgrade for that would be to get accept Hosted. Accept Hosted can be used within an iframe in such a way that it “feels” like to the customer that they are on your website. The payment page is still actually hosted by authorize.net and on their server.
To do things “on site” has big implications for PCI compliance. Your current integration most likely falls under the SAQ A scope, which is easy to comply with and also the scope
the Accept Hosted Form falls under. To do things on your own form on your own server you have 2 options, 1 is a method that tokenizes the CC data in the browser and then sends the tokenized data through your server. The solution for that is Accept.js. The other is where the CC data is transmitted directly across your server, meaning no client side tokenization happens.
Option 1 would put you at SAQ A-EP, and would increase your compliance requirements by a good bit. If you use the second option where the CC data hits your server, you are going to be SAQ D and the list of requirements you have to meet runs about 67 pages. A handful of those requirements pertain to vulnerability scanning and pen testing, with probably a minimum cost of $15,000 a year. I have no idea of the actual fees people are paying, but I’d be surprised if it’s much less than that and I will bet the farm that many companies pay much more.
If I were you I would stick to the hosted payment form you have or even better upgrade to an accept Hosted payment form. There will be dozens less hoops for you to jump through. If you do opt for a solution with a greater compliance burden I would do some research on Wix hosting. At anything above SAQ A, your hosting company is required to comply with every item on your list of requirements pertaining to the web server and it is your responsibility verify that they do so. At your current scope you are likely compliant no matter who you are Hosted with.
