The Authorize.Net Developer Blog

Posts from Authorize.Net employees, community members and experts about integrating with the Authorize.Net Payment Gateway: sample code, tutorials, and problem-solving techniques, just to name a few.

Use Accept.js Payment Nonce for All Transaction Types, unmasked expiration for customer profiles

by Administrator Administrator ‎08-10-2016 08:46 AM - edited ‎08-10-2016 09:06 AM (68,112 Views)

Today we are announcing three new enhancements to the Authorize.Net API


Use Payment Nonce with All Transaction Types


Authorize.Net Accept.js now supports using the payment nonce to create transactions, customer profiles or subscriptions. You can now create a custom card-on-file experience, while avoiding sensitive credit card data passing through your server. Accept.js also provides developers more UI control for managing payment profiles.





Unmasked Expiration Date for Customer Profiles


Developers can set <unmaskExpirationDate> with getCustomerProfile and the response will include an unmasked expiration date.




IP Address Whitelisting


The latest release of the Authorize.Net API enhances support for client connection whitelisting for customer profiles, recurring billing and reporting API requests. 





by blackbeltdev
on ‎08-11-2016 11:04 AM

This looks really nice. I have a little Angular POC working using this for managing customer payment profiles. I do have a few questions though.


#1) Without disabling CORS in Chrome/IE  using a plugin I wasn't able to use the Accept.js API (it is blocked by the browser as security precaution). Is there any documentation about how to setup infrastructure to allow this to work with a vanilla browser? I have a high level understanding of CORs but I don't know all the nuances for setting it up correctly to work. I already have my server setting the HTTP header

"Access-Control-Allow-Origin: *" but the authnet site doesn't


$ curl -i
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 23 Jun 2016 23:29:09 GMT
Accept-Ranges: bytes
ETag: "1013a8aa7cdd11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 4187
Date: Thu, 11 Aug 2016 17:59:53 GMT
Connection: keep-alive


Like I said I'm not a CORs expert but I think that both servers might need to set this header to work. I haven't spent much time on this but it defintely works OK when using the disable plugin (


Otherwise I get in the console an error:


XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://dev027:5000' is therefore not allowed access.


#2) What is the JSON cardData payload look like for including the CVV?



For example in step #3,


cardData.cardNumber = document.getElementById('CARDNUMBER_ID').value;
cardData.month = document.getElementById('EXPIRY_MONTH_ID').value;
cardData.year = document.getElementById('EXPIRY_YEAR_ID').value;


I couldn't find any documentation about the Accept functions and data structures, i.e.

Accept.dispatchData(secureData, 'responseHandler');



It would be better if this supported non-global functions for the 'responseHandler' callback. Is that a technical limitation?





on ‎03-07-2017 10:24 AM

Hi @blackbeltdev,


We've released code in sandbox that fixes at least #1 and #3 on your list, and this code should make it into the production environment within the next couple of days.


Specifically for Accept.js, there's no longer any "Access-Control-Allow-Origin" related error in the console, the accept.js script can now be loaded at any point in the workflow, and the response handler function can be passed directly in the function call instead of having to pass the name.


Of course, please let us know if anything's not working as expected!

by vgmedia321
on ‎11-29-2017 04:38 PM

Thank you for the info. 3 quick questions/clarification requests:

1) If done as a subscription/recurring payment form, are monthly payment intervals the same as other default "whose payments begin on the 31st of a month, payments for months with fewer than 31 days occur on the last day of the month." ?


2)  If possible, could you please provide a working code sample of the subscriptions integration, similar to the very useful samples on


3) How can the subscription amount be set in the form (and form input) so that the customer can enter own amount? 


Please let me know if you need further info from my end.


Thank you