cancel
Showing results for 
Search instead for 
Did you mean: 

Transaction API key not working in one system but works in another?

I have been developing and testing a simple implementation of the accept hosted form making use of the API directly, not the SDK, if that matters at all.

 

In testing with test API keys against the test endpoint, everything works fine. When we switch to the production API keys and endpoint to run a penny test, we are able to retrieve and display the accept hosted token and form. This tells me that the prod merchant key is correct, but when we actually try to process a transaction, we are met with error E00007.

 

Per authorize.net documentation, this error points to incorrect API keys. Thing is, we are already using those same keys in another system to process recurring payments for actual customers. We have already tried resetting the transaction key, but were met with the same error. 

 

Any ideas as to what may be causing this?

JL2017
Member
1 ACCEPTED SOLUTION

Accepted Solutions

Thinking through your message a little bit, do you mean that error is actually returned on the form, when clicking "Pay" on the form itself?

 

If that's the case, that's probably an instance of posting a sandbox token to the production URL or vice versa. If you request a token from the production endpoint with production credentials, you get a token back that contains all of the information about the transaction, including the merchant the transaction is for. The browser then posts that token to either the sandbox system or the production system to request and load the form. The merchant is not authenticated at that time.

 

So, it's possible to use a sandbox/test token on production and vice versa to get a form loaded, but the actual authentication happens when "Pay" button is clicked. At that point, if you're on the wrong system, the transaction will fail because the merchant ID will not be found on that system.

 

The fix would be to double-check the code that's causing the browser to post the token, and ensure that it's posting it to the production URL (accept.authorize.net/payment/payment) when you're posting a token requested from production.

View solution in original post

3 REPLIES 3

@JL2017,

 

We could probably tell what's going on for sure if we looked at the code in question. But, can you clarify a few things first?

 

When are you getting the E00007 error? You're right that that's an error in authentication, but the only authenticating against the system is when you're requesting a token. Everything after that takes place in the customer's browser, where the customer's browser is submitting the token back to us to load the form.

 

If the token request is working, and displaying the form is working, what other API request would you be doing that would get that error?

Aaron
All Star

Thinking through your message a little bit, do you mean that error is actually returned on the form, when clicking "Pay" on the form itself?

 

If that's the case, that's probably an instance of posting a sandbox token to the production URL or vice versa. If you request a token from the production endpoint with production credentials, you get a token back that contains all of the information about the transaction, including the merchant the transaction is for. The browser then posts that token to either the sandbox system or the production system to request and load the form. The merchant is not authenticated at that time.

 

So, it's possible to use a sandbox/test token on production and vice versa to get a form loaded, but the actual authentication happens when "Pay" button is clicked. At that point, if you're on the wrong system, the transaction will fail because the merchant ID will not be found on that system.

 

The fix would be to double-check the code that's causing the browser to post the token, and ensure that it's posting it to the production URL (accept.authorize.net/payment/payment) when you're posting a token requested from production.

Yep that was it this time around! It was the perfect storm of swapping out end points. The first time we tried, before the key reset, everything was hitting the correct endpoint. Once that didn't work, i switched it back to the test endpoints for safety. 

After we had a new transaction key, I went back in to switch them back to prod, but the form endpoint lives in a wordpress frontend and it simply didn't update when I thought it did! If you've ever worked with wordpress, you know how finicky it can be. 

 

I actually noticed this myself last night, but you're not wrong so I'll accept that solution :)

 

Thanks!