Showing results for 
Search instead for 
Did you mean: 

ARB usage questions and security



I've been handed the task of updating a site that uses some authorize.php code It's about 5 years old so i'm just re-writing it.


What i have here is an annual subscription based service where the customer has the option to just subscribe or just take one year of service.  I'd say that most people are going to just subscribe.  Given that, it looks like it will be easier to just set up ARB (according to this thread )


So, i'm reading the ARB XML documentation and i'm a bit confused as to how it all works. Looking at the readme.html in the api package i see:

<?phprequire_once'anet_php_sdk/AuthorizeNet.php'; define("AUTHORIZENET_API_LOGIN_ID","YOURLOGIN"); define("AUTHORIZENET_TRANSACTION_KEY","YOURKEY");$subscription=new AuthorizeNet_Subscription;$subscription->name ="PHP Monthly Magazine";$subscription->intervalLength ="1";$subscription->intervalUnit ="months";$subscription->startDate ="2011-03-12";$subscription->totalOccurrences ="12";$subscription->amount ="12.99");$subscription->creditCardCardNumber ="6011000000000012";$subscription->creditCardExpirationDate="2018-10";$subscription->creditCardCardCode ="123";$subscription->billToFirstName ="Rasmus";$subscription->billToLastName ="Doe";// Create the subscription.$request=new AuthorizeNetARB;$response=$request->createSubscription($subscription);$subscription_id=$response->getSubscriptionId();?>


That looks like PHP code, not XML which the docs focus on.  What am i missing?


The ARB can be used by itself with out CIM, SIM ect, right?


The does not list ARB.

Does my client still need SSL certificates?

The data is still stored on the server, right?


Thanks! I have a few more questions, but this will do it for now.


Thanks for the help.




The easiest way to implement any of the API's, inccluding AIM and ARB, is going to be with one of the SDK's built on top of the XML interface. In this case, PHP. If you want to figure things out, my advice is to download a fresh version of the PHP SDK (put it in a new location so as not to mess up the old one) and look in the docs folder for a file called AIM.markdown. This will give you fairly simple code for doing one-time charges. Now look for the file ARB.markdown. This will work for subscriptions. Note that ARB does not allow an initial charge - it starts on the first payment date, which has to be after the current date - so if you want to charge the first payment immediately and verify the credit card in the process, you need to use AIM to process that charge.


An alternative, and probably a simpler API to understand, would be CIM. Instead of setting up a subscription that just runs automaticallly, which means some amount of trouble if the credit card declines or the subscription fee changes mid-subscription, you set up a customer profile and billing profile, then have an automated process run every morning on your server that checks for charges coming due and generates them using the profile ID's. It gives you more control over the process and allows you to do both the initial charge and the subsequent charges with a single API, rather than having to combine AIM and ARB (plus a silent post page to pick up the ARB charges as they come through). Again, the best sample code is probably in the CIM.markdown file in the docs folder of the PHP SDK.


EDIT: Since AIM, ARB, and CIM (regular, not hosted CIM, anyway) all involve collecting credit card info on your site and connecting to internally to process charges, you do need SSL. That shouldn't be costing you much if you're buying from Network Solutions or Godaddy, however. And yes, the credit card info may be -transferred- through your site, but it's stored on


Thanks for the reply. I apologise for taking so long to get back to this.  Looking to keep thing simple, would SIM work just as well as AIM?



Not in combination with ARB, no. If you're doing subscriptions, your only effective choices are (a) AIM + ARB, (b) CIM, or (c) just doing a one-time charge using any applicable API and then manually creating a subscription from that payment from your control panel.