Accept.js is a JavaScript library for sending secure payment data directly to Authorize.net. Accept.js captures the payment data and submits it directly to us, in exchange for a one-time-use token, or payment nonce. You can use this payment nonce in the place of payment data in a follow-on createTransactionRequest API call.
Our JavaScript library offers developers two workflow options for accepting payment:
For a fully hosted payment solution that you can redirect your customers to or embed as an iFrame within your page, see our documentation for Accept Hosted.
Before using Accept.js, you must generate a Public Client Key. There are two ways to generate the Public Client Key: using the API or the Merchant Interface.
Call the getMerchantDetailsRequest API request. The response contains the field publicClientKey, which contains the value of the key.
getMerchantDetailsRequest. If you are a partner submitting this request on a merchant's behalf, use your OAuth credentials.
To generate the Client Key, log in to the Merchant Interface as an Administrator and navigate to
Copy the Public Client Key into the client-side code, as shown in examples throughout this page. Because you cannot use the Public Client Key to initate a transaction, you may safely store the Public Client Key in a website or smartphone application, for example.
When using Accept.js in your payment form, follow the below workflow:
createTransactionRequest API call to us, using the payment nonce instead of the customer's payment information.
When using the Accept.js hosted payment information form, follow the below workflow:
form tag, create a submit button on the page with the Accept.js library. Set the action parameter of the form to point at your response handler script, and configure the button to interact with the AcceptUI portion of the Accept.js library. The customer will click the button to open the payment information form.
createTransactionRequest) to Authorize.net using the payment nonce in place of the account number and other payment information.
The appropriate Accept JavaScript library must be integrated into your page so that the sensitive data is intercepted and replaced with the payment nonce before the form contents are submitted to your server.
The Accept JavaScript libraries are hosted by Authorize.net and must be loaded by your site from the Authorize.net servers. The libaries are unique to both Authorize.net environments (production and sandbox), so it is important to load the sandbox library if you are testing transactions, and to use the production library for live transaction processing, as shown below.
When you build Accept.js into your own payment form you have complete control over the design and flow. You are only required to identify the elements in the payment form that you wish to process with Accept.js. This usually means that you only need to know the ID attributes of those input elements.
When you integrate the hosted payment information form into your payment form (using
createTransactionRequest API call, in which case the postal code included in the API call will be used in AVS checks instead. For AVS checks, the postal code used with createTransactionRequest takes precedence over the value in the nonce.
When building Accept.js into your own payment form, you are only required to identify the elements in the payment form that you will process with Accept.js. This usually means that you only need to know the ID attributes of those input elements.
Note that Accept.js handles card expiration dates as two distinct values for month and year. Additionally, the cardholder name is treated as a single field without breaking it up into first name and last name. If you are designing a new form, it will simplify your integration to keep these formats in mind.
By way of example, we'll start with this simple HTML form. The hidden fields will be used later to hold the payment nonce values returned by Authorize.net.
To prevent the secure data from reaching your server, the form submission must be intercepted so that the secure details can be transmitted to Authorize.net and replaced with a payment nonce (a single-use token). Many commonly used libraries include helper functions to perform an action before a form is posted and you can feel free to use those, but for basic HTML the easist way to do this is to capture a user clicking the submit button.
For our sample HTML payment form above, we would replace line number 10 with the following. The sendPaymentDataToAnet() method will be defined in the next section.
Accept.js includes a method to submit the secure data to Authorize.net, but before that can be done, use the secure data to populate the required objects. At a minimum, the method to submit the data requires an authentication object (authData) and either a card data object (cardData) or a bank data object (bankData).
The authentication data object includes only two values, your API Login ID and the Public Client Key that was referenced above. The content of this object is used to tie the payment nonce to your individual Authorize.net account. This data should be added to an object in your own script on the page.
The card data object includes all of the payment details that will be replaced by the payment nonce. At a minimum, this includes the card number and expiration date. In the case of our basic sample form, it would also include the card code. As with the authentication data, this should be added to an object.
The complete list of fields that can be inserted into the card data object are:
| Property | Data Type | Description | Required |
|---|---|---|---|
cardNumber | String | Must be a valid 13-16 digit card number. | Yes |
month | String | 2-digit month. | Yes |
year | String | 2-digit year. | Yes |
cardCode | String | 3 or 4-digit Card Code | No |
zip | String | Alphanumeric postal code. 20-character maximum. | No |
fullName | String | Alphanumeric cardholder name. 64-character maximum. | No |
Accept.js contains built-in data type validation for these fields. While Accept.js validates the data, it doesn’t do any authorization of the card number or any check to see if the expiration date, postal code, or card code are correct for that card. Those steps will happen later in the process when you submit the payment nonce as part of a transaction request.
As an alternative to using card data as shown above, you can also generate a payment nonce using bank account information for eCheck transactions. Use the bankData element to create an object for bank account information as shown below.
The complete list of fields that can be inserted into bankData are:
| Property | Data Type | Description |
|---|---|---|
accountNumber | Numeric string. Up to 17 digits. | The bank account number. |
routingNumber | Numeric string. 9 digits. | The ABA routing number. |
nameOnAccount | String. Up to 22 characters. | The name of the person who holds the bank account. |
accountType | String. Either checking, savings, or businessChecking. | The type of bank account used for the eCheck.Net transaction. |
bankData all fields are required.
The dispatchData() method takes two inputs. One is an object which collects both the authentication and payment data. The other is the JavaScript method that you will create to handle the Accept.js response. This method can either be defined inline, or can be referenced by name from elsewhere in your script. The response handler function will be created in the next section, but you can see it here referred to simply as responseHandler.
The code above represents the complete sendPaymentDataToAnet() function which was previously set to be executed upon clicking the submit button.
When you use the hosted payment information form, your own payment form can be simpler, collecting only the non-payment information that you need. The only required element is a button to launch the payment information form. You could choose to have that button also act as the submit button for your form by coding your response handler function to submit the rest of the information in your form once you've received the payment nonce. Alternatively, you could set up your response handler to return control to your form allowing the customer to fill or edit more information before clicking a different submit button to pass all of the information to your server.
In the following example, we use a simple HTML form. We will use the hidden fields later to hold the payment nonce values returned by Authorize.net.
The result will be a lightbox containing the payment information form, similar to the one below.
createTransactionRequest API call, in which case the postal code included in the API call will be used in AVS checks instead. For AVS checks, the postal code used with createTransactionRequest takes precedence over the value in the nonce.
You can style the button in any way you like, however, the button must be a member of the AcceptUI class. In addition to the class attribute, a set of required data attributes are used to configure the card entry form.
| Parameter | Type | Description |
|---|---|---|
data-billingAddressOptions | JSON-formatted string | Elements of this parameter include:show - Boolean indicating whether the name and postal code fields should be shown on the form. The default is true.required - Boolean indicating whether the name and postal code fields are required to be filled in. The default is true.
|
data-apiLoginID | String | API Login ID of the merchant. It can be found in the Authorize.net Merchant Interface at |
data-clientKey | String | Public Client Key for the merchant. It can be generated in the Authorize.net Merchant Interface at |
data-acceptUIFormBtnTxt | String | This is the text that is displayed on the button. The default is Pay. |
data-acceptUIFormHeaderTxt | String | This is the text that is displayed on the header of the payment form. The default is to not display any text. |
data-paymentOptions | JSON-formatted string | This attribute contains:showCreditCard - Boolean indicating whether the Card Data fields should be shown on the form. The default is true.showBankAccount - Boolean indicating whether the Bank Account Data fields should be shown on the form. The default is false.
|
data-responseHandler | responseHandler | Specifies the responseHandler JavaScript function. |
You don't need to specify an onClick handler or anything else to allow the button to activate the payment form. The button’s membership in the AcceptUI class allows the script to listen for the button’s onClick event.
You must create a JavaScript function to handle the response from Authorize.net. This function will receive an object containing the request status as well as the payment nonce (in the case of a successful request).
| Property | Type | Description |
|---|---|---|
opaqueData.dataDescriptor | String | This value must be passed to the Authorize.net API, along with dataValue, to represent the card details. |
opaqueData.dataValue | String | This value is the payment nonce that you received from Authorize.net. This value must be passed to the Authorize.net API, along with dataDescriptor, to represent the card details. The nonce is valid for 15 minutes. |
encryptedCardData.cardNumber | String | This is only returned when using the hosted form. Last four digits of the card. |
encryptedCardData.expDate | String | This is only returned when using the hosted form. Expiration date submitted with the card. |
encryptedCardData.bin | String | This is only returned when using the hosted form. Issuer Identification Number (first six digits of the card number). |
customerInformation.firstName | String | This is only returned when using the hosted form. Customer first name submitted with the card. |
customerInformation.lastName | String | This is only returned when using the hosted form. Customer last name submitted with the card. |
A complete response from the Authorize.net servers will look something like the code samples below. These particular examples represents a successful request.
The messages block of the response identifies the result of your request for tokenization through the Accept.js library. The resultCode element will have a status of either Ok or Error, while the message's code and text will provide more meaningful details in the case of a failure. A full list of error codes is provided in the Appendix. For your responseHandler function, you will want to start by checking if the result was an error.
When you use the hosted form, the encryptedCardData block of the response will contain non-sensitive information about the card which you may want to use to display before completing the transaction. The customerInformation object contains the cardholder name and postal code if captured in the form. Other information, such as opaqueData is just the same as when not using the hosted form version of the library.
When a request is successful, your script will receive the payment nonce in the dataValue element of the opaqueData object. In the case of a successful response, you must capture the value of dataValue. The nonce is valid for 15 minutes.
Your server can call the Authorize.net API to actually process the transaction just like you would if you were using actual card information.The dataDescriptor and dataValue will be entered into the payment section instead of the card data for any API request.
In this example, we will add lines to the script that will send the opaqueData object on to another function that will insert it into the form for submission to your server.
Once you have successfully integrated the Accept.js library and processed the request to tokenize the payment data, you will have received payment nonce in the form of the dataDescriptor and dataValue, which you will later need for your request to the Authorize.net API. The nonce is valid for 15 minutes.
The next step is to insert this data into your payment form so that it can be submitted to your server.
In the original sample HTML, there were two hidden input fields created specifically for the purpose of storing this data. It is now time to insert the data into these fields.
This process was kicked off when the user clicked the button to submit the payment form. Now that the process of tokenizing the card data is complete, it is time to allow the form to submit its information to your server. This can be done by adding a single simple JavaScript command, as shown below.
Following are examples of a complete sample HTML page, constructed from all of the sample code snippets above:
A complete example implementation is available in our Sample Application on GitHub.
After using Accept.js, you will have a payment nonce on your server in the form of the dataValue element, which is contained in the opaqueData object. The nonce is valid for 15 minutes. Because this data represents a payment card, opaqueData payment object can be used anywhere in the Authorize.net API that accepts a creditCard or bankAccount payment type
opaqueData is a generic payment data type which is used to process tokenized or encrypted payment information. The payment type uses a data descriptor to identify the type of payment information and a data value which is the tokenized or encrypted data itself.
| Field Name | Description | Format | Required |
|---|---|---|---|
dataDescriptor | Identifies the type or source of opaque payment data. For Accept transactions, the value must be COMMON.ACCEPT.INAPP.PAYMENT | Text String | Yes |
dataValue | The unmodified token or encrypted data BLOB that represents the payment data. | Text String | Yes |
Although the opaqueData can be used in numerous API methods, the most common request is to process a one-time payment. Here is a sample one-time payment request using our API, with an opaque data object replacing the usual payment card object.
A complete sample request and link to sample code for several programming languages can be found in our API Reference Guide.
You can use opaqueData to create subscriptions using Automated Recurring Billing. Here is a sample subscription request using our API, with an opaque data object replacing the usual payment card object.
A complete sample request and link to sample code for several programming languages can be found in our API Reference Guide
You can use opaqueData to create customer profiles. Here is a sample subscription request using our API, with an opaque data object replacing the usual payment card object.
A complete sample request and link to sample code for several programming languages can be found in our API Reference Guide.
| Code | Text | Notes |
|---|---|---|
I_WC_01 | Successful. | The request was processed successfully. |
E_WC_01 | Please include Accept.js library from CDN. | To maintain security and take advantage of updates, load the Accept.js script from the Authorize.net servers. |
E_WC_02 | A HTTPS connection is required. | The page that embeds Accept.js must be served over an HTTPS connection. |
E_WC_03 | Accept.js is not loaded correctly. | Ensure that the Accept.js library is loaded from the Authorize.net servers and that the Accept.js script executed in the browser matches the version stored on the server. This error typically occurs when the script is loaded from a local source, or when the browser or proxy has improperly cached an older version of the script. |
E_WC_04 | Please provide mandatory field to library. | When sending card information, you must include cardNumber and the expiration date (month and year). When sending bank information, you must include accountNumber, routingNumber, nameOnAccount, and accountType. |
E_WC_05 | Please provide valid credit card number. | If card information is provided, cardNumber) must pass a Luhn mod 10 check. |
E_WC_06 | Please provide valid expiration month. | If card information is provided, the expiration month (month) must be a maximum of two digits. |
E_WC_07 | Please provide valid expiration year. | If card information is provided, the expiration year (year) must be in either YY or YYYY format. |
E_WC_08 | If card information is provided, the expiration date (month and year) must be in the future. | |
E_WC_10 | Please provide valid apiLoginID. | The value of apiLoginID must be same as the ID that you use to authenticate API requests. |
E_WC_13 | Invalid Fingerprint. | The Accept.js script executed in the browser doesn't match the version stored on the server. This error typically occurs when the browser or proxy has improperly cached an older version of the script. |
E_WC_14 | Accept.js encryption failed. | A general error. Encrypting and transmitting the card data failed, either within the browser or at the Authorize.net servers. |
E_WC_15 | Please provide valid CVV. | The value of cardCode must be three or four digits. |
E_WC_16 | Please provide valid ZIP code. | The postal code (zip) is optional but should be no more than 20 characters if included. |
E_WC_17 | Please provide valid card holder name. | The cardholder name (fullName) is optional but should be no more than 64 characters if included. |
E_WC_18 | Client Key is required. | The value for clientKey can be obtained through the Authorize.net Merchant Interface, by navigating to |
E_WC_19 | An error occurred during processing. Please try again. | Check the value of the API Login ID. The value of apiLoginID must be same as the ID that you use to authenticate API requests. Additionally, an API Login ID generated for the Sandbox environment can only be used with the Sandbox version of the script. An API Login ID generated for the Production environment can only be used with the Production version of the script. |
E_WC_21 | User authentication failed due to invalid authentication values. | Either the API Login ID or Public Client Key, or both values, are incorrect. The value of apiLoginID must be same as the ID that you use to authenticate API requests. The value for clientKey can be obtained through the Authorize.net Merchant Interface, by navigating to |
E_WC_23 | Please provide either card information or bank information. | Either cardData or bankData must be provided, but not both. |
E_WC_24 | Please provide valid account number. | If bank information is provided, accountNumber must be no more than 17 digits. |
E_WC_25 | Please provide valid routing number. | If bank information is provided, routingNumber must be nine digits. |
E_WC_26 | Please provide valid account holder name. | If bank information is provided, nameOnAccount must be no more than 22 characters. |
E_WC_27 | Please provide valid account type. | If bank information is provided, accountType must be one of the following: checking, savings, or businessChecking. |