Cybersource Developer Community Cybersource Developer Community

As mentioned in the following post:   http://community.developer.authorize.net/t5/Integration-and-Testing/Masked-Expiration-Date-in-Hosted-CIM-s-getCustomerProfileRequest/m-p/32333/highlight/true#M16895   The card expiry date is masked when returned in the getCustomerProfileRequest.  As the card number is masked, there is no PCI requirement that the expiry date of the card also be masked.  Without the expiry date, it makes it impossible for us to automate the process of notifying our customer's clients that their card will be soon expiring.  The reason for us going this route is to offer an ARB solution managed completely from within our application.  It is imparative for us to have access to this date.   The idea is a simple one.  Return the expiry date in the CIM getCustomerProfileRequest unmasked.   Thanks. ... View more

Currently, there is no easy way to get a list of transactions for a given subscription id.  To get a list of transactions for a subscription id. I load the subscription to get the customerProfileId and payentProfileId, call getTransactionListForCustomerRequest(customerProfileId, paymentProfileId), loop over the transactions returned in the response, and evaluate if transaction.subscription.id is equal to the subsciptionId I am looking for.  Furthermore, getTransactionListForCustomerRequest() uses paging, so I may need to call that API multiple times to get the collection of transactions for a subscription.   I am requesting there be a new API to get a list of transactions for a subscription id.  The new method would implement the standard paging and sorting.   See this Community Forum Discussion   Thank you for your consideration.   ... View more

Hello all,   We operate as a service provider, rather than a single merchant. A lot of our merchants are not too tech savvy so asking them to generate a public key (we're switching almost all merchants to Accept.JS from AIM) is like pulling teeth most of the time. Maybe when a merchant signs up a public client key is automatically generated for them or there could be an API request that generates a key for them so we can obtain the key from a 'getMerchantDetailsRequest'.   Also once again: love your service, your API is much better documented than a lot of your competitors, it's much more robust and the Accept.js library is easy to handle.   Myles ... View more

Accept.Js works great!  It allows my website to capture Credit Card information without that data ever posting back to my servers.  I don't any PCI Compliance headaches.   My suggestion would be to enhance Accept.JS to also allow for ACH payments.  That is, have accept.JS allow for the capture of a Routing and Account Number.  It could look like this:   var secureData = {}, authData = {}, bankData = {}; bankData.routingNumber = document.getElementById('ROUTINGNUMBER_ID').value; bankData.accountNumber = document.getElementById('ACCOUNTNUMBER_ID').value; secureData.bankData = bankData; authData.clientKey = '6WrfHGS76gHW3v7btBCE3HuuBukej96Ztfn5R32G5ep42vne7MCWZtAucY'; authData.apiLoginID = 'my_api_login_id'; secureData.authData = authData; Accept.dispatchData(secureData, 'responseHandler'); Here's a related communit post.   https://community.developer.authorize.net/t5/Integration-and-Testing/Accept-JS-and-ACH/m-p/55887#M30714   Thank you for your consideration! ... View more

Since when you call the getCustomerProfileRequest and it will list all the payment profiles can you please add a field as to which one is the default one?   This would be extremely useful when showing a user a list of all their profiles and which one they have set as default. Otherwise it takes a lot more unecessary coding to show all the payment profiles and then have to determine which one is the default by making additional API calls. ... View more

Accepted Hosted BillTo and ShipTo Fields that are submitted through the getHostedPaymentPageRequest are discarded if the BillingAddress or ShippingAddress is not shown on the form.   In my opinion, these form fields are redundant for implementations where the customer has already entered this information and do not need to be shown again. It also jumbles and overwhelms the page. What is the benefit or purpose in discarding this information when the fields are not shown?   The address details are critical for avs matching among other things. Also, if the customer makes changes to the shipping fields, it is important that those changes sync up on my server, which is no easy task.    Please allow the BillTo and ShipTo information to pass to your system for avs processing, even if the BIlling and Shipping Fields are not shown on the Hosted Form. Thank you     ... View more

Looking for apply pay and andriod pay support. Do we have any? ... View more

Originally suggested on http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/CIM-vs-ARB/bc-p/41138#M332 ... View more

Currently, transactions flagged as suspicious and held for review by the Fraud Detection Suite can only be approved via the Merchant Interface.   It would be much more convenient if we were able to approve these held transactions via the API without requiring our admins to log into the Merchant Interface. ... View more

Currently, to avoid most PCI compliance, the hosted CIM is the suggested solution.  The problem with this solution is that it is very clunky and does not integrate well with any custom interface.  It uses an Iframe solution in which you have no control over the appearance of the form fields.   Stripe offers a javascript solution which basically does the same thing as the hosted CIM but allows for the developer to seamlessly integrate the form folds into an existing system.  I was curious of Authorize.net is planning on any sort of similar solution down the road.   Thanks! ... View more

A way to email a simple checkout link would be great.  I give custom quotes and it is very difficult to create a simple checkout button, then create a new page on my website then email the link to my customer, have the customer browse to my website, click the checkout  button and enter their information.    It would be much easier if I could email them the simple checkout link, then have them click the link from directly in their email and checkout. ... View more

Would like to be able to customize the pop up for managing payment profiles. It would be great if the Payment Form Fields configuration checkboxes applied to this, so that for example we could turn off the shipping address. A seperate place to configure this would also be fine. ... View more

The CIM iframe works great but lacks some display options.  For example, I use it at a newspaper where the billing and shipping info are both useful to have.  Unfortunately we cannot change the name of "Shipping" to delivery.  In the case of a newspaper, this might imply we will mail the subscription which is not the case.  It would also be nice to be able show or hide the shipping field if it wasn't needed.   The iframe should also support a responsively designed site.  It will position further down on the page by default when viewed on a mobile device. ... View more

As noted in the FAQ, Authorize.net waits 10 seconds to receive a response from DPM POST requests: http://developer.authorize.net/faqs/#rrcauses   It also notes that "On occasion, timeouts will occur that are outside of the control of your script or our servers. Typical reasons for these timeouts are Internet traffic, merchant server overload or malfunctions, or Internet routing issues. Depending upon your server location and what route is used to send data, it is possible that you may occasionally receive a time out message."   It appears that Authorize.net does not retry a failed POST, even if the 10 second timeout has not been reached. This was confirmed by an admin in the forums ("We currently do not retry failed posts").   I propose that this behavior be changed. If an Authorize.net POST request fails, prior to the 10 second cut-off, the POST should be retried, possibly with a short backoff (e.g., wait a second or two to reinitiate, to prevent a flood of requests).   As background, we have been using DPM successfully for a couple of years now, but we do occassionally see "timeout" errors. Crucially, it does not appear that these are actually caused by timeouts. The first thing we do in handling the response is log receipt of the request. But we see no evidence of having received the requests in our logs. Which suggests that the problem is happening outside of our network.   As it currently stands, Authorize.net's POST request could fail immediately due to some extremely transitory issue (perhaps even within their network). They would immediately receive a "connection reset by peer" error or whatever. And even though virtually none of the 10 second timeout period has been consumed, the customer receives a timeout error.   The DPM process should make more of an effort to communicate the transaction status and prevent this failure scenario.   Possibly related to this request would be additional logging facilities, so that both Authorize.net and its customers could have more insight into what exactly is occuring. IOW, it would be very helpful to have some visibility into *why* Authorize.net's POST request failed, and how long it took. It could provide much needed stats to discover how often the "timeout" problem is happening and whether these suggested changes are actually making a difference.             ... View more

how i create ARB subscription using single payment in php I want to integrate ARB with AIM in core php website.please give me proper intructions with example. ... View more

The ID of a duplicate customer profile is returned, but not when it is a payment profile: "A duplicate customer payment profile already exists." These requests date back to 2009, it forces us to loop through the payments and try to guess at which one is the duplicate and doesn't always work since customers can still generate duplicates anyway by updating existing profiles. It would be nice if there was a way to get the ID of the duplicate payment profile, or if there was a way to disable the duplicate verification check completely, since what some merchants really need is just a "I give you a PAN, you give me a token" level of tokenization instead of futzing with profiles. Thanks. ... View more

We are a software developer with an interface to Authorize.net's API for storing card data using Customer Information Manager and issuing transactions based on the saved payment profiles. A number of our clients separate credit card transactions by card type. To do this we need to know the card type for a payment profile saved in CIM. This information does not appear to be in your CIM documentation. Are there any plans for returning this data? ... View more

I don't think it's fair to put the status to delivered, (as @cggamer alluded to) as the request was specifically for getCustomerProfileRequest. It's nice that it was delivered for getCustomerPaymentProfileRequest but this means that you have to do multiple requests to show a customer's full profile, which I'm guessing most systems (including mine) would rather not. ... View more