Showing results for 
Search instead for 
Did you mean: 

How to Extract Credit Last 4 Digits + Card Expiration Date from CIM

Looking at the getCustomerProfileResponse XML, cardNumber and expirationDate are completely masked. In order to 1.) help our customers with multiple credits cards on file identify which they want to use, and 2.) send email notifications regarding upcoming card expirations, I'd like to access last 4 digits and expiration dates from an API call.


Is this not possible?


When I log in to the CIM web interface, this information is available. If it's not available from the API, is it against the ToS to scrape it?


From what my CIM setup is doing,  AuthNet returns a variable called 'creditCard' which is the last four digits of the customer card with four X's in front of it.


Example:  creditCard=XXXX1234


You can parse that out of the results using

echo urlencode($parsedresponse->profile->paymentProfiles->payment->creditCard->cardNumber)


I have not seen any indication that they pass the expiration date at all.. at least I haven't seen it in the documentation or the raw data returned on the requests for payment information... but I could easily be wrong about that :)


Regular Contributor

You're right. So cardNumber last 4 digits are available, but expirationDate is completely obfuscated:


<?xml version="1.0" encoding="utf-8"?><getCustomerPaymentProfileResponse xmlns:xsi="" xmlns:xsd="" xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd"><messages><resultCode>Ok</resultCode><message><code>I00001</code><text>Successful.</text></message></messages><paymentProfile><billTo><address>123 Main St.</address><city>Bellevue</city><state>WA</state><zip>98004</zip></billTo><customerPaymentProfileId>16867489</customerPaymentProfileId><payment><creditCard><cardNumber>XXXX2007</cardNumber><expirationDate>XXXX</expirationDate></creditCard></payment></paymentProfile></getCustomerPaymentProfileResponse>


Half of my original question still stands: Is there way to get expiration date via the API, and if not, is it ok for me to scrape it from what I can see when I'm logged in to the CIM website?

There is no way to get the expiration date from any API (CIM or otherwise) back from AuthNet.


As far as the 'legality',   we'll have to wait to see what the legal-eagle's have to say about that.   Manually moving secure data into your own database probably has rules or regulations.. I don't know the answer to that one.


So now 1/4 of your original question still stands :)





Regular Contributor