Showing results for 
Search instead for 
Did you mean: 

ABARoutingNumber returning obfuscated in getCustomerPaymentProfile response?

I'm working on a billing integration that requires us to pass along credit/bank information to a third party in a PCI compliant manner and everything works fine for the credit card side of things but we run into trouble when using bank accounts. 


The issue is the ABA routing number(routingNumber) being returned in the getCustomerPaymentProfile response is obfuscated (ex: "XXXX0210") and the third party we are intergrating with requires the full routing number.


My question is, why is this obfuscated? The API docs do not mention that it is, unlike credit card number which explicitly states the number will be obfuscated. The routing number is publically available to all of a bank's customers and can often be found right on the bank's site. Is this intended? Why? I would have sworn I tested this integration a few months ago and it wasn't, but I could be wrong.


Any insight as to how to get around this would be great.


You are correct, the reference guide does not note that the routing number (or account number) is masked. This gap should be addressed by the documentation team.


The routing number is always masked via API, UI, or download because per NACHA Operating Rules Authorize.Net may not disclose the account number or routing number directly or indirectly in transmissions.

Administrator Administrator

Thanks for your reply. Is there no other way to fecth this routing number?


If not, is there a way to turn off the bank section of the hosted form? From a quick search, it would appear not, but I could be wrong.



There is not a way to retrieve the routing number from Authorize.Net, it will always be masked.


The bank account information is viewable in the hosted form if the account has eCheck.Net® processing enabled (and the same applies to credit cards). Unfortunately there is not a programmatic way to disable it on the form.