Knowledge Article Detail Page - Anet | Authorize.net Support Center

What can we help you with?

Article Number

KA-07157

Article Total View Count

768

Last Modified Date

10/03/2024 16:36 PM

Version

2.1

Why are we making this change to the API endpoint?

We are implementing a security measure to safeguard transactions and protect customer information.

Which service is affected?

Production API endpoints:

Sandbox API endpoint:

https://test.authorize.net/gateway/transact.dll

What is the change?

Any query strings appended to the API endpoint while utilizing the POST method will no longer be supported. These API calls with query strings will be completely rejected upon request. Payment transactions submitted using a POST method by your software must include data in the method BODY only, rather than parameterized in an API endpoint query string.

What is a Query String?

The query string is the part of the API endpoint or URL immediately after the question mark (?), as displayed below, with data often defined by acceptable name-value-pairs and an ampersand as the delimiter. For example:

https://secure.authorize.net/gateway/transact.dll/?x_login=userid&x_tran_key=abc123&x_type=auth_capture&x_amount=10.00&x_card_num=12345678912345&x_exp_date=0628

Going forward, only a clean endpoint stripped of query strings will be accepted in POST method requests: https://secure.authorize.net/gateway/transact.dll

What are the implications of the change?

Any parameterized query strings appended to the API endpoint in a POST method will result in a rejection of the entire request with a Response Code 66, "This transaction cannot be accepted for processing".

Timeline

This go into effect on October 30th, 2024.

Required Action

Read through this message to understand this breaking change and how it will critically impact your payment processing if no action is taken, and take action to ensure your systems are compatible with this upcoming breaking change.

Immediately contact and provide this knowledge article to your Developer and/or payments Software Vendor to ensure your integration is updated to avoid any downtime to your payment processing.

To avoid any transaction failures we require your solution to remove query strings from the API endpoint for the deprecated integrations of AIM or SIM (see guides, below), either by moving parameterized values from the query string to the BODY of the POST method, or by upgrading to the ANET API XML/JSON method (see Upgrade Guide, below).

Additional Resources

For further information on implementing supported API calls, please refer to our Developer Center and documentation.
If needed, we have certified partners listed at https://www.authorize.net/resources/find-a-partner.html who can assist you with determining next steps
Upgrade from the deprecated Advance Integration Method (AIM) & Server Integration Method (SIM) format to the XML/JSON format, more information can be found in our API Upgrade Guide.
Authorize.net's deprecated API formats of AIM and SIM, which your solutions have integrated with POST query strings:
- AIM Developer Guide
- SIM Developer Guide

Was this article helpful?

Articles Recommended for You

API Endpoint Breaking Change | POST Method Query String End-of-Life | Security Update Details