cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP GET vs HTTP POST

Greetings-

 

We have received an email that Authorize.net will no longer allow HTTP GET methods for transaction requests.  Does this mean that we simply need to update the transact.dll URL in our code or does it mean I need to do a complete payment system revamp?

chrisdrzal
Member
18 REPLIES 18

@chrisdrzal Bearing in mind my experience is more with UNIX web servers, and not .NET web development -- my guess is that you might be better off using WebRequest to post the data: https://msdn.microsoft.com/en-us/library/debx8sh9(v=vs.110).aspx

 

I note that WebRequest is brought up in the Stack Overflow thread that @RaynorC1emen7 mentioned -- although the solution given does cover WebClient, so that might well work for you, too.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

OK, it looks like I've got it. Here is the gist of the solution, which pretty much follows the Walsh article and this article: http://upshots.org/php/transacting-with-authorize-net-via-php-and-curl. Thanks for the help.

 

$params = array(); //filled with key-value pairs

 

curl_setopt($ch,CURLOPT_HEADER,0);

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch,CURLOPT_POST, TRUE);
curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($params));

 

$output = curl_exec($ch);

 

Pretty simple, just like the articles show. I must have missed something earlier, like maybe the http_build_query call.

 

How does one test if Authorize is receiving a HTTP GET or POST I've received the notice.

 

Dear Authorize.Net Merchant:

We previously contacted you to alert you that we will soon no longer allow HTTP GET methods for transaction requests, because HTTP GET methods do not adhere to current TLS protection requirements. The date for that change has been extended to July 30, 2016.

However, to avoid any disruptions to your transaction processing, we still recommend that you immediately update your code to use the HTTP POST method instead. Any transaction request submitted using HTTP GET afterJuly 30th will be rejected.

 

I've implemented the curl post method and I've been able to run a few sandbox transactions. How can I be certain that my payments are configured correctly before the change occurs? I'd hate to find that it's incorrect on July 31st.

Hello @Alix

 

If you are testing in the sandbox, you can send us your API Login via the contact us form and we can check our logs if we are receiving transactions via GET.

 

Your merchant can also do the same by contacting customer support.

 

Richard

After making changes to fix the issue we are still receiving these emails.

 

They're still submitting GET requests. They appear to be for SIM, and so there is no origin IP address, and no transaction IDs. (SIM originates in the customer's web browser, so we have the customer's IP address rather than a server IP address. And there are no transaction IDs because the request opened the Hosted Payment Form. There'd be a follow-on request, submitted via POST, with the actual transaction ID.)
 
It appears the SIM GET requests originate at https://mysite.com/cgi-bin/xxxx/sim.asp
 
here is the code we are running, you can see on the <form> tag we are using the method="post" we as before the method was not defined.
 
So here is the problem??
 
Snippet
<!--#INCLUDE FILE="simlib.asp"-->
<!--#INCLUDE FILE="simdata.asp" -->
 
<!--
 
  DISCLAIMER:
     This code is distributed in the hope that it will be useful, but without any warranty; 
     without even the implied warranty of merchantability or fitness for a particular purpose.
 
   Main ASP that demonstrates how to use the SIM library. 
   Input (Form or QueryString):
      x_Amount
      x_Description
-->
 
<HTML>
<HEAD>
<TITLE>Order Form</TITLE>
</HEAD>
<BODY>
<H3>Final Order</H3>
 
<p>Below is the final amount that you calculated for payment to your account for your courses.</p>
 
 
<BR />
<p>If the above amount is correct, click the button below and it will take you to our secured server.</p>
<FORM action="https://secure.authorize.net/gateway/transact.dll" method="post">
<%
Dim sequence
Dim amount
Dim ret
 
' *** IF YOU WANT TO PASS CURRENCY CODE uncomment the next 2 lines **
' Dim currencycode
' Assign the transaction currency (from your shopping cart) to currencycode variable
 
' Trim $ dollar sign if it exists
amount = Request("x_amount")
 
If Mid(amount, 1,1) = "$" Then
	amount = Mid(amount,2)
End If
 
' Seed random number for more security and more randomness
Randomize
sequence = Int(1000 * Rnd)
' Now we need to add the SIM related data like fingerprint to the HTML form.
 
ret = InsertFP (loginid, txnkey, amount, sequence)
 
' *** IF YOU ARE PASSING CURRENCY CODE uncomment and use the following instead of the InsertFP invocation above  ***
' ret = InsertFP (loginid, txnkey, amount, sequence, currencycode)
 
' Insert other form elements similiar to legacy weblink integration
Response.Write ("<input type=""hidden"" name=""x_description"" value=""" & Request("x_description") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_login"" value=""" & loginid & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_amount"" value=""" & amount & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_cust_id"" value=""" & Request("x_cust_id") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_invoice_num"" value=""" & Request("x_invoice_num") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_company"" value=""" & Request("x_company") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_address"" value=""" & Request("x_address") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_city"" value=""" & Request("x_city") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_state"" value=""" & Request("x_state") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_zip"" value=""" & Request("x_zip") & """>" & vbCrLf)
 
' *** IF YOU ARE PASSING CURRENCY CODE uncomment the line below *****
' Response.Write ("<input type=""hidden"" name=""x_currency_code"" value=""" & currencycode & """>" & vbCrLf)
 
%>
<INPUT type="hidden" name="x_show_form" value="PAYMENT_FORM">
<INPUT type="hidden" name="x_test_request" value="FALSE">
<INPUT type="hidden" name="x_Special_Instructions" value="<%Response.Write Request("x_Special_Instructions")%>">
<INPUT type="submit" value="Accept Order">
</FORM>
</BODY>
</HTML>
dywrest
Member

Hello @dywrest

 

If you're unsure, we can check our logs for recent transactions.  Use the contact us form or you may also contact customer support who are available 24x7 to assist you.

 

Be sure to provide your API Login.

 

Richard 

@dywrest Is this the only place in your code where you generate transactions?

@RichardH From dywrest's post I believe they've already been in contact with CS, and we've already checked the logs and see they're posting GET requests.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

The given and suggested example is too good to understand, but  still I would suggest you to go through with our tutorials(http://www.techgeekbuzz.com/post-vs-get/) as well, Because we have provided much better information as well: 

I would recommend you to go with our tutorial (http://www.techgeekbuzz.com/post-vs-get/) as well because we have also created a post on it which will give you brief information on it.