Update 9/22/2015: The security certificate upgrade to api.authorize.net is now complete.
Over the next few months, there are several updates and enhancements we are making to our systems that you and your merchants need to be aware of.
Security Certificate Upgrades to api.authorize.net
As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.
These upgrades were already completed on secure.authorize.net in May. If your websites or payment solutions connect to api.authorize.net and any updates are necessary to use the new certificates, please refer to this blog post in our Developer Community, which has all of the certificate information you will need for this update. Our sandbox environment has already been updated so that you can validate that your solution will continue to work using SHA-2 signed certificates, prior to September 21st.
After the update is complete on September 21st, any website or payment solution that connects via api.authorize.net that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net's servers.
Transaction ID, Customer and Payment Profile Changes
Though it has never been explicitly stated, it has always been expected behavior that any IDs you receive from Authorize.Net (Transaction ID, Batch ID, etc.) would be in sequential order. In October of this year, due to system updates, this will change so that it will be possible to receive IDs from Authorize.Net that are not in sequential order.
For example, currently, if you receive a Transaction ID of “1000,” you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one previously received.
If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions to your solution.
Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. This applies to customer and payment profiles. If you are required to define a character limit when storing any of our IDs, the limit should be an unsigned integer (up to 20 digits).
TLS Remediation for PCI DSS Compliance
As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible.
For more information, including updates to the dates we anticipate disabling TLS in each environment, please refer to our previous blog post. We will also send another email about TLS once we have a final date in place.
New Solution ID Capability
We’re excited to announce that you can now create your own Solution ID to uniquely identify your payment solution in every transaction request. Submitting your solution ID in your requests will provide better reporting as the Solution ID and Product Name will appear in the transaction details in the Merchant Interface or through the Transaction Details API.
Solution ID is only available to Authorize.Net Affiliate Resellers, so become an affiliate today to take advantage of Solution ID as well as the many other benefits of the affiliate program.
Once your affiliate account is set up, to get your solution ID:
Enter your solution’s Name, Vendor (company name or brand) and Description in the fields provided.
Click Create to generate your ID on screen.
You can check out our API Reference Guide for help on adding your solution ID to your particular solution.
Note: Solution ID is not currently available for solutions using the Authorize.Net SDKs.
Last, but not least, we previously announced our Akamai implementation plan and timelines. Using Akamai’s technology will provide Authorize.Net a superior level of reliability, as it helps safeguard against interruptions caused by issues beyond our direct control, such as Internet congestion, fiber cable cuts and other similar issues.
If you have not already, please review the announcement and the Akamai FAQs to determine what action you should take for your particular solution.