08-08-2019 07:54 AM
Authorize.Net is enhancing security with our hosted payment form (Server Integration Method (SIM) or Direct Post Method (DPM)) with Relay Response and white listing what url(s) can be used with this integration method.
On 08/15/2019 we plan on enhancing the white listing for Relay Response and requiring the Relay Response url(s) to be listed and if not reject the request with Response Code 14 and prevent the payment form from loading successfully. This is to enhance security for both merchants and customers. As a part of this change we will be changing the check of the full url to just the domain is matching with any Relay Response url(s) passed in the API call. To help with this Authorize.Net will be adding domains we see used on merchants for the month of June 2019 to their accounts settings to help prevent any issues with this update.
To prevent any impact with the coming change merchants will need to add any Relay Response url(s) or domain(s) their solution/integration uses to the Merchant Interface and Relay/Receipt Urls settings. For steps on this process please see the support article: SIM Relay Response Basics & Whitelisting and How do I add or delete Relay or Response URLs?