The Authorize.net API provides robust features for processing payment transactions through the Authorize.net gateway. The API supports XML and JSON variants.
For detailed API reference information, see the API Reference.
If you are new to the Authorize.net API, start with the Credit Card Payment Tutorial. Many of the core concepts in the tutorial apply to other payment types, which makes it a good place to start. You should also sign up for a sandbox account and use the Testing Guide for your initial tests.
If you design solutions used by multiple merchants, consider registering as a partner and generating a solution ID. By using solution IDs, your solution identifies itself in your merchants' transactions when they review their reports.
When you develop your payment application and integrate it with the Authorize.net API, you must consider the Payment Card Industry Data Security Standards (PCI-DSS). For more information, see the Understanding PCI Compliance page.
While payment cards remain the primary method of payment, the Authorize.net API supports several alternate payment types, such as PayPal and Apple Pay. For more information on payment types and API features supported by Authorize.net, see the API Documentation landing page.
For information on specific payment processing platforms and the features they support through the Authorize.net payment gateway, see the Processor Support documentation.
The Address Verification Service (AVS) is a system provided by issuing banks and card associations to help identify suspicious payment card activity for e-commerce transactions. AVS matches portions of the customer's billing address, as provided by the merchant, against the billing address on file with the issuing bank. The issuing bank, through the merchant's processing network, sends AVS data indicating the results to Authorize.net, which stores and uses the single-letter AVS response code for display and optional filtering. The AVS response code can be found in the
createTransactionResponseAPI call. Based on the merchant's AVS rejection settings, the transaction is accepted or rejected.
Rejected transactions display a transaction status of "Declined (AVS Mismatch)" on the Transaction Detail page in the Merchant Interface, and receive a Response Reason Code of 27. The merchant cannot retrieve address information from the issuing bank; the bank provides only a response indicating whether the street address's house number and postal code match. Due to potential misspellings and alternate address format conventions, issuing banks typically ignore text portions of the billing address during AVS checks.
To implement AVS, the merchant must require the
This feature compares the card code submitted by the customer with the card code on file with the issuing bank. Filter settings in the Merchant Interface allow the merchant to reject transactions based on the CCV response received. To implement CCV, the merchant must require the "Card Code" field on their payment form.
To manage rejection settings, log in to the Merchant Interface and choose
Visa refers to the card code as a Card Verification Value 2 (CVV2); Mastercard uses Card Validation Code 2 (CVC2); and Discover and American Express use Card Identification Number (CID).
For security reasons, Authorize.net does not store the card code data. If you configure a fraud or velocity rule in the Advanced Fraud Detection Suite with the action, "Do not authorize, but hold for review," the card code of the transactions flagged by this rule cannot be validated when you approve the transaction later. Authorize.net recommends that merchants who wish to validate CCV use the action, "Authorize and hold for review," instead of "Do not authorize, but hold for review."
The Daily Velocity Filter enables merchants to specify a threshold for the number of transactions allowed per day. All transactions exceeding the threshold for that day are flagged and processed according to the selected filter action. This filter is helpful in preventing certain types of fraudulent activity on the merchant's account.
To configure the Daily Velocity Filter, log in to the Merchant Interface and choose
The Authorize.net Merchant Interface provides access to the Advanced Fraud Detection Suite (AFDS) for merchants who sign up. The Authorize.net API implements some AFDS functions for retrieving, approving, or declining suspicious transactions that are being held for review. To see the reference information for those requests, see the Fraud Management section of the API Reference.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit payment card information maintain a secure environment. By following PCI DSS, you assure your merchants that they have a solid foundation for accepting secure payments. For more information, see the PCI Security Standards page and the Authorize.net blog post on understanding PCI compliance.
The following video explains more about payment industry security standards.