We have 3 Javascript/HTML UIs that are hitting our Java services. We are currently calling Auth.net's authorize and capture endpoints from the Java services.
Unfortunately we have not had our Azure servers PCI approved... yet. As a stop gap measure our security team suggested we encrypt the payload at the Javascript layer (with our Auth.net client key) and pass the request to our services encrypted and then relay to auth.net.
Is there an endpoint that supports this? The closest thing I could find was your AcceptJS flow -- from what I understand the Javascript library communicates directly to auth.net, sends back a one time nonce that the services could use to verify the transaction. Is this the only flow available?
โ03-01-2018 07:29 AM
Hi @spatterson
Yes you can use Accept.js for SAQ A-EP compliance .
For SAQ eligibility for Authorize.Net Accept solutions when completing self-assessment questionnaires (SAQ), please refer to the Coalfire Authorize.Net Accept SAQ Eligibility Overview or the more detailed SAQ Eligibility White Paper
Please check the below link for more details
https://developer.authorize.net/api/reference/features/accept.html
Thanks
โ03-02-2018 04:47 PM