We are implementing a security measure to safeguard transactions and protect customer information.

Production API endpoints:

• https://secure.authorize.net/gateway/transact.dll
• https://secure2.authorize.net/gateway/transact.dll
• https://transact.authorize.net/gateway/transact.dll
• https://cardpresent.authorize.net/gateway/transact.dll

Sandbox API endpoint:

• https://test.authorize.net/gateway/transact.dll

Any query strings appended to the API endpoint while utilizing the POST method will no longer be supported. These API calls with query strings will be completely rejected upon request. Payment transactions submitted using a POST method by your software must include data in the method BODY only, rather than parameterized in an API endpoint query string.

The query string is the part of the API endpoint or URL immediately after the question mark (?), as displayed below, with data often defined by acceptable name-value-pairs and an ampersand as the delimiter. For example:

https://secure.authorize.net/gateway/transact.dll/?x_login=userid&x_tran_key=abc123&x_type=auth_capture&x_amount=10.00&x_card_num=12345678912345&x_exp_date=0628

Going forward, only a clean endpoint stripped of query strings will be accepted in POST method requests: https://secure.authorize.net/gateway/transact.dll

Any parameterized query strings appended to the API endpoint in a POST method will result in a rejection of the entire request with a Response Code 66, "This transaction cannot be accepted for processing".

Below is the timeline and key dates and to avoid impact please follow the required actions below.

• Initial Planned Disablement: October 30th, 2024
• Temporary Disablement 1: November 4th, 2024 (1:30pm - 4:30pm PT)
  • After a test of temporary disablement access we restored and will be removed at a later date after further communication.
• Temporary Disablement 2: January 13th, 2025 (24 hours)
• Complete Disablement: February 27th, 2025

Read through this message to understand this breaking change and how it will critically impact your payment processing if no action is taken, and take action to ensure your systems are compatible with this upcoming breaking change.

Immediately contact and provide this knowledge article to your Developer and/or payments Software Vendor to ensure your integration is updated to avoid any downtime to your payment processing.

To avoid any transaction failures we require your solution to remove query strings from the API endpoint for the deprecated integrations of AIM or SIM (see guides, below), either by moving parameterized values from the query string to the BODY of the POST method, or by upgrading to the ANET API XML/JSON method (see Upgrade Guide, below).

• For further information on implementing supported API calls, please refer to our Developer Center and documentation.
• If needed, we have certified partners listed at https://www.authorize.net/resources/find-a-partner.html who can assist you with determining next steps
• Upgrade from the deprecated Advance Integration Method (AIM) & Server Integration Method (SIM) format to the XML/JSON format, more information can be found in our API Upgrade Guide.
• Authorize.net's deprecated API formats of AIM and SIM, which your solutions have integrated with POST query strings:
  • AIM Developer Guide
  • SIM Developer Guide