topic HTTP GET vs HTTP POST in Integration and Testing

HTTP GET vs HTTP POST

chrisdrzal — Thu, 09 Jun 2016 12:40:16 GMT

Greetings-

We have received an email that Authorize.net will no longer allow HTTP GET methods for transaction requests. Does this mean that we simply need to update the transact.dll URL in our code or does it mean I need to do a complete payment system revamp?

Re: HTTP GET vs HTTP POST

RaynorC1emen7 — Thu, 09 Jun 2016 14:10:10 GMT

The URL would be the same, it how you passing the param.

Re: HTTP GET vs HTTP POST

chrisdrzal — Thu, 09 Jun 2016 14:24:47 GMT

I'm sorry, but this will be my first time working with the Authorize.net API. Could you provide an example of what is and is not correct?

Thanks.

Re: HTTP GET vs HTTP POST

Lilith — Thu, 09 Jun 2016 15:19:19 GMT

@chrisdrzal It's hard to get into specifics without knowing much more about your development environment, scripting languages, etc.

But, I hope this link helps explain the difference:

http://www.w3schools.com/tags/ref_httpmethods.asp

In brief: You shouldn't use parameterized URLs to submit API information to Transact. Instead, you should use the HTTP body of the request to submit that information.

If you do have some details to share about your integration, the community may be able to assist you with the specific changes you need to make.

Re: HTTP GET vs HTTP POST

chrisdrzal — Thu, 09 Jun 2016 18:47:23 GMT

@Lilith thanks for your response. A little background; this is a legacy asp.net web application. I say legacy, but in truth its just old - very old. After a little investigating today, it looks like Authorize.net wants me to use WebClient.OpenWrite as opposed to WebClient.OpenRead. Below is the code in question:

StringBuilder uri = new StringBuilder("?x_delim_data=True");
string gatewayUrl = "https://secure.authorize.net/gateway/transact.dll";
string versionNumber = "3.1";

BankResponse br = new BankResponse( _payment );

/*
  Some code to build the uri string
*/

WebClient wc = new WebClient();  

// Build the uRI
string Uri = gatewayUrl  + uri.ToString();			

try
    {
        // Perform the web GET operation
        StreamReader sr  = new StreamReader(wc.OpenRead(Uri));
		
	br.GenericResponseCode = GenericResponseTypes.MAPError;

	br.BankData = sr.ReadToEnd();
/*
  Code to interpret the response
*/
    } catch (Exception e) {....}
    
return br;

My question now is, how can I implement OpenWrite and still get the response code this method requires?

Re: HTTP GET vs HTTP POST

RaynorC1emen7 — Thu, 09 Jun 2016 19:07:58 GMT

did so web search, it look like what you need

http://stackoverflow.com/questions/8222092/sending-http-post-with-system-net-webclient

Re: HTTP GET vs HTTP POST

rhook — Thu, 09 Jun 2016 20:00:33 GMT

I've been struggling with this as well.

When I pass the parameters as an array via cURL to https://test.authorize.net/gateway/transact.dll, I get a "merchant login id or password invalid" error. However, if I switch it back to sending a url encoded string, it works.

I can't seem to piece any of the documentation together to get the right combination of sandbox urls and correct cURL settings. Any ideas?

Re: HTTP GET vs HTTP POST

RaynorC1emen7 — Thu, 09 Jun 2016 20:43:38 GMT

you mean like

https://davidwalsh.name/curl-post

Re: HTTP GET vs HTTP POST

rhook — Thu, 09 Jun 2016 20:49:04 GMT

Yes, I remember going through that article as well. However, if this is the model you use, I will try it again and follow it exactly.

Re: HTTP GET vs HTTP POST

RaynorC1emen7 — Thu, 09 Jun 2016 20:58:16 GMT

there are sample on php curl site to

http://php.net/manual/en/curl.examples.php

Re: HTTP GET vs HTTP POST

Lilith — Thu, 09 Jun 2016 23:10:28 GMT

@chrisdrzal Bearing in mind my experience is more with UNIX web servers, and not .NET web development -- my guess is that you might be better off using WebRequest to post the data: https://msdn.microsoft.com/en-us/library/debx8sh9(v=vs.110).aspx

I note that WebRequest is brought up in the Stack Overflow thread that @RaynorC1emen7 mentioned -- although the solution given does cover WebClient, so that might well work for you, too.

Re: HTTP GET vs HTTP POST

rhook — Wed, 22 Jun 2016 12:22:26 GMT

OK, it looks like I've got it. Here is the gist of the solution, which pretty much follows the Walsh article and this article: http://upshots.org/php/transacting-with-authorize-net-via-php-and-curl. Thanks for the help.

$params = array(); //filled with key-value pairs

curl_setopt($ch,CURLOPT_HEADER,0);

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch,CURLOPT_POST, TRUE);
curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($params));

$output = curl_exec($ch);

Pretty simple, just like the articles show. I must have missed something earlier, like maybe the http_build_query call.

Re: HTTP GET vs HTTP POST

Alix — Mon, 18 Jul 2016 21:15:43 GMT

How does one test if Authorize is receiving a HTTP GET or POST I've received the notice.

Dear Authorize.Net Merchant:

We previously contacted you to alert you that we will soon no longer allow HTTP GET methods for transaction requests, because HTTP GET methods do not adhere to current TLS protection requirements. The date for that change has been extended to July 30, 2016.

However, to avoid any disruptions to your transaction processing, we still recommend that you immediately update your code to use the HTTP POST method instead. Any transaction request submitted using HTTP GET afterJuly 30th will be rejected.

I've implemented the curl post method and I've been able to run a few sandbox transactions. How can I be certain that my payments are configured correctly before the change occurs? I'd hate to find that it's incorrect on July 31st.

Re: HTTP GET vs HTTP POST

RichardH — Mon, 18 Jul 2016 22:39:12 GMT

Hello @Alix

If you are testing in the sandbox, you can send us your API Login via the contact us form and we can check our logs if we are receiving transactions via GET.

Your merchant can also do the same by contacting customer support.

Richard

Re: HTTP GET vs HTTP POST

dywrest — Fri, 29 Jul 2016 22:13:33 GMT

After making changes to fix the issue we are still receiving these emails.

They're still submitting GET requests. They appear to be for SIM, and so there is no origin IP address, and no transaction IDs. (SIM originates in the customer's web browser, so we have the customer's IP address rather than a server IP address. And there are no transaction IDs because the request opened the Hosted Payment Form. There'd be a follow-on request, submitted via POST, with the actual transaction ID.)

It appears the SIM GET requests originate at https://mysite.com/cgi-bin/xxxx/sim.asp

here is the code we are running, you can see on the <form> tag we are using the method="post" we as before the method was not defined.

So here is the problem??

Snippet

<!--#INCLUDE FILE="simlib.asp"-->
<!--#INCLUDE FILE="simdata.asp" -->
 
<!--
 
  DISCLAIMER:
     This code is distributed in the hope that it will be useful, but without any warranty; 
     without even the implied warranty of merchantability or fitness for a particular purpose.
 
   Main ASP that demonstrates how to use the SIM library. 
   Input (Form or QueryString):
      x_Amount
      x_Description
-->
 
<HTML>
<HEAD>
<TITLE>Order Form</TITLE>
</HEAD>
<BODY>
<H3>Final Order</H3>
 
<p>Below is the final amount that you calculated for payment to your account for your courses.</p>
 
 
<BR />
<p>If the above amount is correct, click the button below and it will take you to our secured server.</p>
<FORM action="https://secure.authorize.net/gateway/transact.dll" method="post">
<%
Dim sequence
Dim amount
Dim ret
 
' *** IF YOU WANT TO PASS CURRENCY CODE uncomment the next 2 lines **
' Dim currencycode
' Assign the transaction currency (from your shopping cart) to currencycode variable
 
' Trim $ dollar sign if it exists
amount = Request("x_amount")
 
If Mid(amount, 1,1) = "$" Then
	amount = Mid(amount,2)
End If
 
' Seed random number for more security and more randomness
Randomize
sequence = Int(1000 * Rnd)
' Now we need to add the SIM related data like fingerprint to the HTML form.
 
ret = InsertFP (loginid, txnkey, amount, sequence)
 
' *** IF YOU ARE PASSING CURRENCY CODE uncomment and use the following instead of the InsertFP invocation above  ***
' ret = InsertFP (loginid, txnkey, amount, sequence, currencycode)
 
' Insert other form elements similiar to legacy weblink integration
Response.Write ("<input type=""hidden"" name=""x_description"" value=""" & Request("x_description") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_login"" value=""" & loginid & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_amount"" value=""" & amount & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_cust_id"" value=""" & Request("x_cust_id") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_invoice_num"" value=""" & Request("x_invoice_num") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_company"" value=""" & Request("x_company") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_address"" value=""" & Request("x_address") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_city"" value=""" & Request("x_city") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_state"" value=""" & Request("x_state") & """>" & vbCrLf)
Response.Write ("<input type=""hidden"" name=""x_zip"" value=""" & Request("x_zip") & """>" & vbCrLf)
 
' *** IF YOU ARE PASSING CURRENCY CODE uncomment the line below *****
' Response.Write ("<input type=""hidden"" name=""x_currency_code"" value=""" & currencycode & """>" & vbCrLf)
 
%>
<INPUT type="hidden" name="x_show_form" value="PAYMENT_FORM">
<INPUT type="hidden" name="x_test_request" value="FALSE">
<INPUT type="hidden" name="x_Special_Instructions" value="<%Response.Write Request("x_Special_Instructions")%>">
<INPUT type="submit" value="Accept Order">
</FORM>
</BODY>
</HTML>

Re: HTTP GET vs HTTP POST

RichardH — Fri, 29 Jul 2016 23:48:32 GMT

Hello @dywrest

If you're unsure, we can check our logs for recent transactions. Use the contact us form or you may also contact customer support who are available 24x7 to assist you.

Be sure to provide your API Login.

Richard

Re: HTTP GET vs HTTP POST

Lilith — Mon, 01 Aug 2016 15:07:18 GMT

@dywrest Is this the only place in your code where you generate transactions?

@RichardH From dywrest's post I believe they've already been in contact with CS, and we've already checked the logs and see they're posting GET requests.

Re: HTTP GET vs HTTP POST

techgeekbuzz — Sun, 24 May 2020 13:17:34 GMT

The given and suggested example is too good to understand, but still I would suggest you to go through with our tutorials(http://www.techgeekbuzz.com/post-vs-get/) as well, Because we have provided much better information as well:

Re: HTTP GET vs HTTP POST

techgeekbuzz — Sun, 24 May 2020 13:19:36 GMT

I would recommend you to go with our tutorial (http://www.techgeekbuzz.com/post-vs-get/) as well because we have also created a post on it which will give you brief information on it.