Cybersource Developer Community Cybersource Developer Community

There should be a way to retrieve transaction details by their invoice number. If there is a network failure the only identifying information we have is the invoice number (not the Authorize.net generated transaction id).   Using the getUnsettledTransactionListRequest call is a bad choose since it only returns the last 1000 records. ... View more

When a webhook notification is recieved there is no way to trace it back to a customer/event/action.   In the case of hosted forms (i.e. Accept Hosted), none of the values (e.g. invoice number) submitted in the request for a form validation token appear in the webhook notification, so there is no way to immediately know what the webhook notification is in regards to.   This forces us to always query authorize.net for the transaction details to see what the transaction applies to (e.g. invoice number) and confirm the transaction is completed.   I imagine that a webhook notification alone is not especially useful unless it provides access to a correlation token and status. Because these values are small in size and almost definitely required by any merchant software, I feel the very small increase in payload could greatly reduce the need for subsequent queries - saving merchants as well as Authorize.net a lot of extra processing and network traffic. ... View more

The ability to set the soft descriptors for a transaction.    These are the fields that a customer sees on their statements, it allows for the customer to quickly ID the transactions reducing disputes and customer service.  For obvious reasons I hope.   Dynamic Descriptors include: Business Name Phone (Best Practices says this should be a Customer service number) City and/or State ... View more

Despite using best security practices to protect passwords, we consider the single form authentication to the Authorize.net portal to be a critical security concern.   The concern is especially high with regard to CIM. When CIM is enabled, anybody breaking into the Authorize.net account can do a lot of damage (like creating transactions).   We are in 2015 and two form factor authentication is widespread and easy to implement. It does not have to be a full blown 2-factor with MFA devices. A simple solution - for example using a mobile phone access code - would already be a huge improvement over the current system.     ... View more

Created from previous thread: https://community.developer.authorize.net/t5/Integration-and-Testing/How-to-set-billing-info-in-CIM-hostedForm/m-p/54627   Add ability to pre-load billing information into CIM hosted form.   Our customer's billing information is already stored in our system, and we do not want to force them to enter it a second time when adding a payment profile.  We would prefer instead to show the current billing information as the default values and allow them to modify the displayed information if the billing infomration is different for the credit card than what is already on file.   ================================   carlosdanielmou wrote:   In our system the user complete billing information, and when we show the form of the CIM hosted API, we need such data are loaded in the form, as we do that?   First we call to createCustomerProfileRequest,  with merchantCustomerId and email.   Then I call createCustomerShippingAddressRequest with customer billing address   and then, I call getHostedProfilePageRequest. ... View more

As we build out our integration we noticed it would nice to have some additonal search types added to the getCustomerPaymentProfileListRequest endpoint. The most useful for us would be to search by customerProfileID.  Also an expiration date range would be nice along with a paymentType (credit card or bank account)   A future request i could see is having the ability to have multiple searchTypes like customerProfileID and and an expiration month/year or range, or customerProfileID and paymentType.   Thanks, -Nick ... View more

I have just recently wrapped up an integration with Auth.net to our website and erp system using CIM and the Payment Transaction API.  Our system is passing the Level 3 data to Auth.net, but Auth.net doesn't pass this information to the processor.  I was curious about the decision for Auth to hold onto the data and not deliver it to the processors and if this feature is on the roadmap?  I would love to have the L3 data passed around, we could realize an incredible amount of savings from this (fees can be cut by up to half with this information, That's huge!).    If this isn't on the roadmap, please consider adding support for this.   ... View more

Created from previous thread: https://community.developer.authorize.net/t5/Integration-and-Testing/refundTransaction-requires-expiration-date-in-XML-but-never-did/m-p/53579#M28687   Currently, to refund a transaction, you must provide both the masked credit card number and expiration date.   Yet this information adds nothing to the request -- in fact, if you no longer have this information, you must issue a separate getTransactionDetail transaction to fetch this information.   Rather than requiring two separate transactions to perform a single task, only require the original transaction id.   ... View more

Idea: A read-only key that can be generated specifically for the Transaction Details API.   Background: We are developing an app that only uses the Transaction Details API. Which means we are only reading information.   From a liability standpoint, we want to avoid saving a write-capable transaction key.   Ideally a separate "read-only" transaction key could be created when a user turns on the Transaction Details API. ... View more

A customer on my site just attempted to place an order with a valid Discover card number that is 19 digits long. Apparently, Discover and Visa have begun rolling out valid cards with 19 digits. The card passed my Luhn algorithm validation and was passed to Authorize.NET for authorization. The XML request was sent succefully; however, I received the following error response from Authorize.NET:   The 'AnetApi/xml/v1/schema/AnetApiSchema.xsd:cardNumber' element is invalid - The value XXXXXXXXXXXXXXXXXXXXX is invalid according to its datatype 'String' - The actual length is greater than the MaxLength value. I checked on the Authorize.NET documentation, and it appears that only card numbers between 13 and 16 characters long are supported. When will this be changed to accommodate 19 digit card numbers? ... View more

The current minimum 7 day interval for ARB makes testing impossible. Developers need a shorter interval, for example 1 minute, to be able to test their applications. ... View more

There needs to be a feature that allows you to get subscription information like when was the last valid payment, all attempt of card processing and whether it failed or went through, etc etc etc. ARB really is tiny with no usefull functions other than create and cancel subscriptions. Even the update is useless with the amount of things u can update about a transaction. So please add some features that gives users some idea of what is going on with their subscription. Is there a better payment processor than authorize.net that does this? ... View more

Hi,   We would like to update the status of an ARB to 'suspended' via the API, but I don't see an obvious way to do this. I'm using the php sdk.   I see that there is the ARBUpdateSubscriptionRequest method, but status isn't a member of AuthorizeNet_Subscription, so it gives me a E00003 (unexpected element) error when I try sending 'status' or 'ARBSubscriptionStatusEnum'. Is there anyone who knows how to do this?   Thanks! ... View more

We are using the AuthorizeNet Nuget package in our code base to communicate with Authorize.Net. After the TLS1.2 upgrade at Authorize.Net in the sandbox environment, we have been using    System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;  So that the communication does not fail. It would be great if the fix was applied on the Nuget Package.   Thanks, Reji ... View more

I'm currently working on a solution where our customers have requested a migration-tool, to tie existing CIM entries to their business partners in their ERP system.   In this case a method to retrieve all CIM profiles along with their corresponding payment profiles would be helpful.   Currently the only option is to query the API for all CIM profile IDs and then iterate them and call the API for each one. In the sandbox environment this takes roughly 20 minutes for 4000 entries, using multi-threaded requesting. This performance is obviously pretty poor, and I imagine the method I described above would allviate this problem. ... View more

It seems so stupid that this is not already available.   If you have an ARB subscriber for a service you are offering on a monthly basis, you would of course want to know, often and simply, if that subscriber has paid his last bill before you continue to service him.   But instead of a simple API function, I have to parse through mountains of data and, if I dont want to have to do this everytime someone logs in ( to check if they should be able to), i also now have to create a database table to track this status and when it was last checked.   CRAZY!   Please Authorize.net, create a simple API to do this simple check!!!     ... View more

Right now, connection details logged from HttpUtility at the debug level include a great deal of useful information along with   - the api login and transaction key - full dump of the xml request including unmasked credit card number, expiration date, etc.   Can we move the logging of these two items to a separately-configurable logger like "HttpUtility-sensitive"?   I'd like to see the api login and transaction key logging go away completely from the HttpUtility output.   ideally, I'd like to see the xml request filtered to not show any <payment> information beyond a generic  <creditCard> output.  (I suppose masked credit card number would be acceptable).   I think it would also be wise to not output <billTo> information nor <customer> information with the non-sensitive-data logger other than  <customer><id> even though this is not strictly required by PCI DSS.   We want to log when transactions occur with enough context to know what those transactions are without making our logs a security risk.   ... View more

There needs to be a way to verify if a transaction has already been posted or not in order to help eliminate possible payment duplication.  This could work by searching for an invoice number, date, and possibly even a payment amount; and get a list of all transactions where there is a match.  This way I can make sure my application isnt trying to charge a second time when it should not. ... View more

The CIM "Add New Payment Method" hosted form does not show an asterix before billing zip and street even though they are required fields.  Card Number expiration date, and Card code are clearly indicated as required via an asterix.   This will be confusing to our customers as the credit card number and expiration date fields are clearly marked with an asterix while street and zip appear optional, yet when customers hit save, they are told that zip and street are required.   Ideally whether or not zip and street are required fields and trigger an error message should be determined from the merchant account AVS settings, or be determined by a setting indicated when requesting the hosted form token.     ... View more