On Wednesday at ~6:30PM MST we started getting E00013 errors about `Invalid Setting Value. hostedPaymentReturnOptionsurl must begin with http:// or https://`.
We haven't made any code or configuration changes to this application or its stack, so this is confusing.
We are JSON encoding the URLs. What were passing looks like https:\/\/[URL]\/cart\/authnet_accept\/complete\/125280\/authnet_accept%7Ccommerce_payment_authnet_accept\/639345e3731cb4.71919701\/tYB_Ivn7GSu-BkenNc5KmCv4rCQ8H_GUhQVVlNUkg5M
This application has been running for years and there is nothing in the Authorize.net change logs about changes to the URL validation.
12-09-2022 09:00 AM
Having the exact same issue. All started Wednesday night or Thursday morning.
No transactions have processed for the client due to the token not generating.
12-09-2022 10:00 AM
We've confirmed that Authorize did deploy an update on 12/7 that "improved URL validation". No explanation about why https://developer.authorize.net/api/changes.html wasn't updated?
No explanation about how to POST a URL as JSON that isn't encoded.
I should have spent more time looking at the other posts before creating my own. https://community.developer.cybersource.com/t5/Integration-and-Testing/Authorize-net-Accept-js-Hoste... and https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-Payment-form-to... are both describing the same issue we are seeing.
12-09-2022 10:13 AM
I've confirmed that while the Angular URL param style ";" is not passing validation, the basic query params style does pass ("?" + "&").
However.... the rendered page is basically empty other than the page title "Order Summary".
12-09-2022 12:06 PM
Same issue for us. Working fine for years, then on 12/7 when we go from our site to the a.net hosted order page, get a white page with "Missing or invalid token". Our JSON matches up with what is required in their documentation. Last successful order placed 12/7 at 4:50 PM PST. We did once get the same error, but it cleared up on it's own in an hour. Filled out their integration template, and added to our support ticket to escalate. Level 1 support mentioned "recent changes" but couldn't detail what or when, only to check for invalid characters being passed.
12-09-2022 01:21 PM - edited 12-09-2022 01:24 PM
Does not work
Passes validation but shows an empty page
Passes validation and shows a valid page
https://epermits.venteksys.com/clearing?procname=AuthorizeNet
12-09-2022 02:41 PM
We were able to push a fix for our issue today. The way Authorize.net handled this is beyond unprofessional and we're actively evaluating new payment processors as a result, but I wanted to close the loop for anyone who finds this thread. As I already indicated, we had been JSON encoding in PHP of our URLs in the POST for years without issue. Adding the
12-12-2022 04:26 PM
Upon further investigation, I was able to confirm that while the Angular URL param style , ";" is not passing validation, the basic query params style ("?" + "&") does pass validation.
Despite this, however, other than the page title "Or" on the rendered page, the rendered page is basically empty.
12-14-2022 09:55 PM
Thanks for posting your findings. I also use Drupal Commerce. I found I was already outputting the pipe as %7C but still getting the same error. I finally found it would work correctly when I encoded it again so the final url included %257C. The encoding for a percent sign is %25 so the working solution is double-encoded.
12-19-2022 01:48 PM
Same issue for us. Working fine for years, then on 12/7 when we go from our site to the a.net hosted order page, get a white page with "Missing or invalid token".
01-05-2023 02:00 AM