developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Accept Hosted localhost testing E00013 Invalid Setting Value. hostedPaymentIFrameCommunicatorUrlurl:

When calling https://apitest.authorize.net/xml/v1/request.api with a getHostedPaymentPageRequest body with hostedPaymentIFrameCommunicatorUrl of https://localhost:3010/IFrameCommunicator.html I'm receiving an error code 

E00013 with text "Invalid Setting Value. hostedPaymentIFrameCommunicatorUrlurl: must begin with https://."
 
The setting very much starts with https. If the url is changed to https://127.0.0.1:3010/IframeCommunicator.html the call is successful. However we unable to use the loopback IP due to other considerations within our app. This was working and seems to have started to return this error within the last few days. 
2 people had this problem.
starbuckbt
Member

‎12-09-2022 06:39 AM

5 REPLIES 5

We are also having the same problem in our project. Code that was working a few weeks ago is now failing without any significant/related changes on our end. Any traction on this would be greatly appreciated.

luislecaro
Member

‎12-14-2022 11:01 AM

0 Kudos

Actually in our case the problem was a little different. We were using the same domain in the iframe communicator URL as the app uses, but the iframe communicator URL has a query string on it that included the caret (^) character. That had been used as a delimiter between two values (because they don't allow the ampersand, so we only included one named value in the query string). The caret character was being URL encoded, but it still triggered an error using the new checks (it had been working for six years prior to this). We ended up changing the encoding used by the value in the query string to get around this.

rcourtois
Member

‎12-15-2022 04:22 AM

0 Kudos

We are additionally having a similar issue in our venture. Code that was working half a month prior is presently coming up short with next to no huge/related changes on our end. Any footing on this sounds incredibly valuable, really.

honey010
Member

‎02-02-2023 06:29 AM

0 Kudos

The caret character was being URL encoded, but it still triggered an error using the new checks (it had been working for six years prior to this). We ended up changing the encoding used by the value in the query string to get around this.

zeastom
Member

‎02-15-2023 11:58 PM

0 Kudos

I can't pass any query parameters at all to hostedPaymentReturnOptions url - they are all being blocked. The url with token won't get created. If I omit them all it works, but that doesn't help me when I need to tell my load balancer what server to direct the response to so the same session can be resumed. Anybody else with this problem? I've tried various ways but it gets me nowhere.

<settingName>hostedPaymentReturnOptions</settingName>
<settingValue>{ "showReceipt": false, "url": "https://yourhostname.com/servlet/HostedPaymentServlet%3Bjsessionid%3DF5C1024FC49B71BFB3DFE00D23B56E7..." }</settingValue>
</setting>

kschaller1979
Contributor

‎02-24-2026 07:44 PM

0 Kudos
Copyright © 2026 Khoros, LLC