Search

OUR API

API Developer Guides API Reference Sample Code [on GitHub]
SDKs [on GitHub] API Change Log System Change Log
Upgrade Guide

Hello World

Get Started Common Setup Questions How Payments Work
Testing Guide Go-Live Checklist

Support

Get Support News and Announcements Forums
Authorize.Net on GitHub Authorize.Net on Stack Overflow Developer Blog
Response (Error) Codes FAQs Knowledge Base

Sign In

Sandbox Affiliate

Search Developer Site

Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Contributor
dev-usa
Posts: 16
Registered: ‎03-05-2016
Accepted Solution

WooCommerce $_GET??

‎06-09-2016 07:51 AM

Authorize.net is sending emails telling merchants that they are using software that is generating $_GET requests to AN and that they should change to $_POST.  The merchants that I have been workiing with are using WooCommerce, which uses $_POST, at least in all of my applications.  Does anyone know of a "GET" option for WooCommerce?  Or, better yet, why is AN telling merchants that are using POST that they are using GET?

Message 1 of 4 (66,423 Views)
Reply
0 Kudos

Accepted Solutions
Solution
Accepted by topic author dev-usa
‎06-17-2016 06:51 AM
Lilith
Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: WooCommerce $_GET??

[ Edited ]

‎06-09-2016 10:04 AM - edited ‎06-09-2016 10:05 AM

@dev-usa We're blocking GET requests to Transact -- in other words, to these domains:

 

  • secure.authorize.net
  • secure2.authorize.net
  • cardpresent.authorize.net
  • transact.authorize.net
  • test.authorize.net

What we're really hoping to do here, is to encourage API details to be placed in the HTTP body, which is what POST does. Using GET means URLs with parameters can be cached, logged, or bookmarked, so there is a risk of sensitive details being retained by accident.

The Authorize.Net API -- that is, the XML/SOAP/JSON API -- must use POST since you can't easily turn structured data into a URL query string.

When we release our RESTful API, it will allow GET for requesting server resources, but not for submitting data.

And of course, GET works on our corporate site, and in the Merchant Interface, for its intended purpose of requesting HTML, graphics, and other server resources.

As for testing for uptime, I'd recommend using POST for that, and simply include x_login. You'd get RRC 103 since you aren't providing full API credentials, but that should be enough to distinguish a successful connection from one that terminates with HTTP 500, HTTP 503, or a connection timeout.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

View solution in original post

Message 4 of 4 (92,039 Views)
Reply
0 Kudos

All Replies
Lilith
Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: WooCommerce $_GET??

‎06-09-2016 08:24 AM

@dev-usa If we're telling merchants they're using GET, it's because we can see the HTTP GET calls in our Transact logs.

If you send specific API Login IDs to https://developer.authorize.net/support/contact_us/ we can research this and confirm whether we're seeing GET, POST, or a combination thereof, for these merchants. We can also provide originating IP addresses, and if these are successful transaction requests, we can provide transaction IDs for auditing purposes.

Note that it's entirely possible -- although conjecture on my part -- that Woo Commerce might be using GET to test for server availability, rather for submitting transactions outright. But it's hard to say without having API Login IDs to research.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Message 2 of 4 (66,419 Views)
Reply
0 Kudos
Contributor
dev-usa
Posts: 16
Registered: ‎03-05-2016

Re: WooCommerce $_GET??

‎06-09-2016 09:09 AM

WooCommerce does use GET for some non-monetary transactions such as testing, as you suggest.  Are you saying that AN is going to block ALL GET access after 30 July?

Message 3 of 4 (66,408 Views)
Reply
0 Kudos
Solution
Accepted by topic author dev-usa
‎06-17-2016 06:51 AM
Lilith
Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: WooCommerce $_GET??

[ Edited ]

‎06-09-2016 10:04 AM - edited ‎06-09-2016 10:05 AM

@dev-usa We're blocking GET requests to Transact -- in other words, to these domains:

 

  • secure.authorize.net
  • secure2.authorize.net
  • cardpresent.authorize.net
  • transact.authorize.net
  • test.authorize.net

What we're really hoping to do here, is to encourage API details to be placed in the HTTP body, which is what POST does. Using GET means URLs with parameters can be cached, logged, or bookmarked, so there is a risk of sensitive details being retained by accident.

The Authorize.Net API -- that is, the XML/SOAP/JSON API -- must use POST since you can't easily turn structured data into a URL query string.

When we release our RESTful API, it will allow GET for requesting server resources, but not for submitting data.

And of course, GET works on our corporate site, and in the Merchant Interface, for its intended purpose of requesting HTML, graphics, and other server resources.

As for testing for uptime, I'd recommend using POST for that, and simply include x_login. You'd get RRC 103 since you aren't providing full API credentials, but that should be enough to distinguish a successful connection from one that terminates with HTTP 500, HTTP 503, or a connection timeout.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Message 4 of 4 (92,040 Views)
Reply
0 Kudos