cancel
Showing results for 
Search instead for 
Did you mean: 

API response from secure.authorize.net takes 5 minutes

Starting on 2019/03/11, we have an issue where credit cards are going thru properly (confirmed by checking the account site afterward), Authorize.net replies with the email that the transaction went thru (the email arrives within seconds) but the response back takes a long time (5 mins or longer). I've timed it multiple times. Anyone else seeing this issue? I am using secure.authorize.net (I have also tried secure2.authorize.net/gateway/transact.dll and same issue). Thx.

thefallen21
Member
4 REPLIES 4

Hello @thefallen21 

 

I would start by examining changes we made on 3/11/2019: https://support.authorize.net/s/article/Authorize-Net-Domains-and-IP-Addresses

 

Richard

RichardH
Administrator Administrator
Administrator

Thanks Richard. I've been thru that document but I'll review the various points here.

 

I have never used an IP address, always the domain name I listed. But if I was using the IP address, would the transaction be successful? Mine are successful albeit delayed significantly.

 

Since I am not using IP addresses and never have, I do not need to whitelist them. I have also tried this from 2 different locations each using completely different networks. Same issue.

 

I am not using any webhooks. I have confirmed, from each location, that the FQDN that I am using resolves properly to the IP addresses listed.

 

Anything else you think I can try or look for? Thanks.

thefallen21
Member

@thefallen21 

 

Are you using silent post?  Another developer had one configured pointing to an invalid address which caused similar performance issues.  

 

Otherwise, I suggest contacting support and opening a case with them.

 

Richard

@thefallen21 

 

I thought I would share my experience working on a SIM integration. If you are using silent post urls and relay responses, it is possible that the new sha512 validation is slowing you down somewhat if you have implemented it.

 

This particular client had a not well known commercial CMS that had unfortunately been botched by the previous several developers who had worked on it. I noticed once we implemented sha512 that the relay back slowed down considerably. Had it been less database intensive and in particular if the application hadn't been botched the sha512 wouldn't have had any noticable effect. It was just that the backend was designed so that every single thing that had to be done took a long time. So when you switch from 5 parameters to 30 it slows it down that much more.

 

In your case however, 5 minutes is extreme. I would bet very, very high that your issue has nothing whatsoever to do with authorize.net. You are using either a button to redirect back to the page or you are using a relay reponse that does it automatically. That is what I presume. In either case, what usually happens is there is backend code that does actions on the order just placed.  Did you edit your code, or did your developer around this same time? It sounds like you have some nested loops or loops that take a long time to resolve.

 

I have been working with authorize for almost 2 years now doing integrations. I have used a lot of different methods, including straight calls to the API with no hosted form, Accept Hosted, and now SIM. Authorize.net responds very fast on all counts. With webhooks, they're on your endpoint in literally 3 seconds. With SIM, as soon as the transaction completes they are redirecting to your relay url, instantly.  So whatever is slowning you down has to do with your application. It is almost certainly the backend order processing that takes place after the customer completes payment.  This assumes that as you stated above you have eliminated the IP address issue as a possible cause.  The timing of the IP address change and your issue seems like a big coincidence, and I would be double triple checking there too. 

 

A good test to run would be to set your redirect or relay url to a page on your site that is not conneced to a db and runs no programming whatsoever. I would just make up a plain html page that says hello world.  At the same time make your silent post url a plain html page. Does this briefly for testing purposes. Run a test transaction and see if you are instantaneously taken back to your site. If so, you have eliminated any delay on the part of authorize or your firewall.