You can use customer profiles to enable merchants to tokenize and store sensitive customer payment information on our secure servers, which simplifies PCI DSS compliance as well as the payments process for returning customers and recurring transactions. For Customer Profile API reference information, see the API Reference Guide.
By providing quick access to stored customer information, Authorize.net Customer Profiles are ideal for businesses that:
The Profiles API supports integration with a website payment form or a proprietary business application. The profiles, which include payment and shipping information, can then be referenced in future transactions, eliminating steps in the transaction process for repeat customers and potentially increasing customer loyalty.
A customer profile contains minimal information about the customer such as ID, description, and email address, but its main purpose is to link multiple payment and shipping profiles with a single customer entity.
The following API methods are used to manage customer profiles:
Payment profiles enable merchants to securely store sensitive payment information with Authorize.net in a secure and PCI-compliant manner.
The following API methods are used to manage customer payment profiles:
Shipping profiles enable merchants to expedite the checkout process for repeat customers by securely storing multiple shipping addresses with Authorize.net.
The following API methods are used to manage customer shipping profiles:
The duplicate profile verification prevents accidental duplicate submissions. When you submit the createCustomerProfileRequest, createCustomerPaymentProfileRequest, and createCustomerShippingAddressRequest API calls, the payment gateway checks certain fields in each request to ensure that a profile with the same information does not already exist. If the payment gateway finds a matching profile, it returns an error message. If the duplicate profile is a customer profile, the error message contains the ID of the existing profile.
The following table lists the fields for each API call that cannot match an existing profile. An error occurs only when all of the values for each API element match all of the values for each element in the existing profile.
createCustomerProfileRequest
|
|
createCustomerPaymentProfileRequest
|
|
createCustomerShippingAddressRequest
|
|
Use the profileType element to create a guest profile. Guest profiles are useful when you need to store a customer's payment information temporarily for one-time charges.
| Parameter | Description |
|---|---|
profileType
|
Indicates whether a profile is a guest profile. Either Submitting |
Authorize.net Accept Customer is a fully hosted solution for payment information capture which allows developers to leverage our Customer Profiles API while still maintaining SAQ-A level PCI compliance. Our forms are mobile-optimized and designed to provide a seamless consumer experience.
Before you can present the hosted form, you need a way of identifying returning customers. You can have the customer log in to your site. Several content management systems and shopping carts automatically support that functionality. It is important that the login process is reliable so that one customer does not have access to another's stored payment information.
For first-time customers, you must create a new profile using the createCustomerProfileRequest method.
A customer profile contains any unique combination:
Once the profile is created, you will receive a unique profile ID that you can use to identify this customer in the future.
Before you can send the HTML form post, you must retrieve a token using the getHostedProfilePageRequest method.
You must include the customer's profile ID in your request.
See the section Guidelines for Parameter Settings for more information on configuring parameter settings for the hosted form.
The token is passed in a basic HTML form with the input name token. The input name token is the only input value that must be included for a request to add a new payment or shipping profile, or to manage all of your profiles in one window. To prompt the customer to edit only a single existing profile, you must include the associated profile ID in an additional paymentProfileId or shippingAddressId form POST field.
The type of form that you display is determined by the URL to which the form is submitted, also known as the form action, shown below:
paymentProfileId containing the ID of the payment profile that you want the customer to edit.shippingAddressId containing the ID of the shipping address profile that you want the customer to edit.For reference, here is a sample HTML form:
<form method="post" action="https://accept.authorize.net/customer/editPayment"> <input type="hidden" name="token" value="HOSTED_PAGE_TOKEN"/> <input type="hidden" name="paymentProfileId" value="PROFILE_ID_TO_EDIT"/> ... </form>
To test in Sandbox replace test.authorize.net with accept.authorize.net in the form URL. For example:
The hosted form is designed so that you can integrate it into your site in almost any way. You can configure it as a separate pop-up window or embed it into your existing site. You can use a lightbox layout, in which the box pops up in front of the rest of your site, but not in a new window. Or, you can use the full window by directing the customer to Authorize.net and letting them direct themselves back again, which avoids the use of JavaScript.
Our sample application on GitHub shows examples of how to present the form in different modes, including examples of how to open the hosted form in a lightbox. The lightbox layout can also be accomplished with third-party JavaScript toolkits such as jQuery.
To use a redirect to Authorize.net, follow these steps:
GetHostedProfilePageResponse function call, put a hidden form somewhere on your page (the value for the token will be the value returned by the function call).
If you are using the test environment, replace https://accept.authorize.net/customer/manage with https://test.authorize.net/customer/manage.
For reference, here is a sample HTML form:
<form method="post" action="https://accept.authorize.net/customer/manage"> <input type="hidden" name="token" value="pfGaUNntEKMGfyWPmI4p+Bb4TJf2F0NCoCBp3cOXB7"/> <input type="submit" value="Manage my payment and shipping information"/> </form>
<input type="button" onclick="document.getElementById('formAuthorizeNetPage').submit();">
Manage my payment and shipping information</input>
In this example, the "Manage my payment and shipping information" button directs users to the Authorize.net Accept Customer hosted page, where they can:
For security reasons, web browsers do not allow JavaScript communication from a page inside an iFrame to the page that contains the iframe if those pages are hosted on different domains. Therefore, our hosted form cannot directly provide information to the page that is encapsulating it.
However, it is beneficial to provide some small amount of information indirectly through a third page. When making the token request, you can pass us the URL for an iFrameCommunicator page. This iFrameCommunicator page is a small HTML page, hosted on your domain, that contains a JavaScript that listens for events. When you embed our hosted form in an iframe on your page, our hosted form can in turn embed your iFrameCommunicator page within it inside an invisible iframe. This enables a channel of communication that allows us to send messages to your iFrameCommunicator page. Then, as long as your iFrameCommunicator page is hosted on the same domain as your main page, it can communicate back to your main page.
This channel of communication is used to pass a few basic messages back to a listener script running on your main page (the page that calls the form):
hostedPaymentIFrameCommunicatorUrl parameter in the getHostedProfilePageRequest call.
For an example of an iFrameCommunicator page and more information about the messages passed, see our sample IFrameCommunicator.html in our sample application on GitHub.
The following parameter settings are used with the getHostedProfilePageRequest call.
To integrate to the hosted page as a redirect, pass the hostedProfileReturnUrl parameter and the hostedProfileReturnUrlText parameter. The parameter hostedProfilePageBorderVisible=true is optional.
To integrate to the hosted page as a popup, pass the hostedProfilePageBorderVisible=false parameter and the hostedProfileIFrameCommunicatorUrl parameter.
To require fields on the hosted form:
The following table shows possible settings:
| Parameter | Description |
|---|---|
hostedProfileSaveButtonText
|
The text for the button that the customer clicks to confirm changes and save the profile. Up to 20 characters. The field defaults to Applies to the |
hostedProfileReturnUrl
|
The URL for the page that the customer returns to when the hosted session ends. Used when redirecting to the form. Do not pass this setting for iframes or popups. The URL must begin with |
hostedProfileReturnUrlText
|
The text for the button that returns the customer to your website when finished. Up to 200 characters. Used when redirecting to the form. The field defaults to |
hostedProfilePageBorderVisible
|
Boolean (true OR false). Removes the border and associated logo from the payment form. Must be set to |
hostedProfileHeadingBgColor
|
An RGB hex color code, such as |
hostedProfileIFrameCommunicatorUrl
|
The URL to a communicator page that sends details to the merchant's site through JavaScript. Required only for iFrame or lightbox applications. |
hostedProfilePaymentOptions
|
Specifies which payment options to show. The field defaults to To display only payment card fields, use Applies to Accept Customer pages where the customer may add payment information. |
hostedProfileValidationMode
|
Specifies how the payment gateway will validate the customer's card prior to creating the profile. Either
Standard gateway and merchant account fees may apply to the authorization transactions. For Visa transactions using 0.00, the
If you set this parameter to If a validation transaction is unsuccessful, the profile creation attempt fails, and the merchant receives an error.
|
hostedProfileBillingAddressRequired
|
Boolean (true OR false). The field defaults to When this parameter is set to |
hostedProfileCardCodeRequired
|
Boolean (true OR false). The field defaults to When this parameter is set to |
hostedProfileBillingAddressOptions
|
Either Applies to Add/Edit Payment Pages. When this paramter is set to
|
hostedProfileManageOptions
|
Either Applies to Manage pages. When set to |
You can use profile information in the profile element of a createTransactionRequest API call.
recurringBilling field. For merchant-initiated unscheduled or industry practice tokenized payment transactions on the FDC Nashville and NAB-EPX processors, set processingOptions.isSubsequentAuth. For customer-initiated tokenized payment transactions on the FDC Nashville and NAB EPX processors, set processingOptions.isStoredCredentials.
If you submit a refund against a previous customer profile transaction, we recommend that you:
customerProfileId, customerPaymentProfileId, and transId.
customerShippingAddressId is optional.
creditCardNumberMasked, bankRoutingNumberMasked, and bankAccountNumberMasked do not need to be included, but they are validated if they are included.
You may also issue a refund for a transaction, whether generated by a customer profile or as a standalone transaction. For such refunds please bear in mind the following:
transId and either the creditCardNumberMasked, or bankRoutingNumberMasked and bankAccountNumberMasked.
customerProfileId, customerPaymentProfileId, or customerShippingAddressId.
The Authorize.net Account Updater service automatically verifies and updates payment card information in customer profiles. This feature increases authorization approvals, helping drive more sales and retain customers by reducing risk of service cancellation.
You can run reports on Account Updater using the following API calls: