WooCommerce Authorize.Net CIM

Authorize.Net allows your customers to save their credit card and bank account to their WooCommerce account for fast and easy checkout. Includes full support for WooCommerce Subscriptions and Pre-Orders. You’re just moments away from getting the gateway setup and accepting payments!

This plugin also supports Accept.js from Authorize.Net for improved security and decreased PCI compliance responsibility. When Accept.js is used, customer credit card information is no longer sent directly through your server and instead is handled directly by Authorize.Net, meeting the lower level PCI SAQ A-EP compliance level. You can learn more about Accept.js here.

This gateway requires an SSL certificate and the CIM feature must be enabled on your Authorize.Net account (additional monthly cost). Not sure which Authorize.Net gateway is right for you? Check out the Authorize.Net Extension Comparison Guide.

Installation ↑ Back to top

  1. Download the extension from your dashboard
  2. Go to Plugins > Add New > Upload and select the ZIP file you just downloaded
  3. Click Install Now, and then Activate
  4. Go to WooCommerce > Settings > Checkout > Authorize.Net CIM and read the next section to learn how to setup and configure the plugin.

Setup and Configuration ↑ Back to top

First, log into your Authorize.Net Account and click on Account:

WooCommerce Authorize.Net CIM Payment Gateway Setup 1
Go to “Account” in to your Authorize.Net Account

Go to the “Settings Menu” on the left if you’re not there already:

WooCommerce Authorize.Net CIM Payment Gateway Setup 2
Click “Settings”

Now click on API Login ID and Transaction Key:

WooCommerce Authorize.Net CIM Payment Gateway Setup 3
Get API Credentials

You will see this page. Create a new transaction key if you do not already have one saved. You’ll also need your API Login ID:

WooCommerce Authorize.Net Payment Gateway Setup 4
Get API Login and Transaction Key

Now log into your WooCommerce store and go to WooCommerce > Settings > Checkout > Authorize.Net CIM, then copy and paste these values into the API Login ID and Transaction Key text boxes on the settings page:

WooCommerce Authorize.Net CIM Payment Gateway API Credentials

That’s it! You are now ready to start accepting credit cards via Authorize.Net! If you want to tweak settings and customize the checkout process, keep reading.

If you would also like to enable Accept.js support, please see below for additional set up information.

Credit Card Settings ↑ Back to top

WooCommerce Authorize.Net CIM credit card settings
Credit Card Settings
  • Enable / Disable – This will enable the gateway to be used by customers to checkout.
  • Title – This is the text shown for the payment during checkout and on the Order Received page.
  • Description – This is the text shown under the title during checkout. Limited HTML is allowed. If you enable test mode, this section will also display a notice along with test credit card numbers.
  • Card Verification (CSC) – Enable this to require customers to enter their CVV / CV2 (Card Security Code) when checking out. This can be useful if you have requirements in your Authorize.Net account for CV2 verification.
  • Transaction Type – This controls how transactions are submitted to Authorize.Net. You may choose either “Charge” or “Authorization”. If you select “Authorization”, you must manually capture and settle payments in your Authorize.Net control panel or on the WooCommerce orders screen after the transaction has been submitted. This defaults to “Charge”.
  • Charge Virtual-Only Orders – (Shown if Transaction Type is set to “Authorization”) Enable this to force charges on order containing only virtual items so they’re captured immediately instead of authorized (for example, to grant download access right away)
    WooCommerce Authorize.Net CIM Virtual order charges
  • Accepted Cards – This controls the card logos that display during checkout. This is purely cosmetic and has no affect on the cards actually accepted by your merchant account.
  • Tokenization – Enable this to allow customers to save their payment methods for future use at checkout. This must be enabled if you use Subscriptions or Pre-Orders.
  • Detailed Decline Messages – Enable to display detailed messages to customers to provide reasoning for declines when possible instead of a generic error message.
  • Debug Mode – Enable this is you are having issues correctly processing transactions. You can either log API requests / responses directly to the checkout / thank you page, save them to the WooCommerce Error Log (found under WooCommerce > System Status > Logs) or both. All debugging messages are cleaned of sensitive information before display, but as a best practice, please do not enable this unless you are having issues with the plugin.
  • Environment – Switch between “Test” and “Production” credentials. Enable “Test” to send transactions to your Authorize.Net Test Account. Note: This is not the “test mode” that is listed under your account. This is an entirely separate sandbox environment that requires a separate login. You can sign up for a test account here. Once you have done this, you can enter a separate API Login ID and API Transaction Key for your test account. Do not place your Test Account (or regular account) into “Test Mode” within the Authorize.Net control panel as transactions will not process at all if that mode is set.

Connection Settings

  • Share connection settings – Enabling this will allow you to use connection/authentication settings between the credit card and eCheck gateways. If this is disabled, you’ll have to enter a new Authorize.Net API Login ID and API Transaction Key for eCheck transactions.
  • API Login ID – This is the API Login ID for your Authorize.Net account (Test or Production). Follow the steps above to get this.
  • API Transaction Key – This is the API Transaction Key for your Authorize.Net account (Test or Production). Follow the steps above to get this.
  • Accept.js – Enable this to use Accept.js to send card information directly to Authorize.Net and minimize PCI compliance scope.
  • Client Key – If Accept.js is enabled, enter the Client Key generated for your account. Follow the instructions below to generate a client key.

eCheck Settings ↑ Back to top

WooCommerce Authorize.Net CIM eCheck settings
eCheck Settings
  • Enabled – This will enable the eCheck gateway to be used by customers to checkout. IMPORTANT – You must have eChecks enabled on your Authorize.Net account for this to function correctly. Follow the process below under eCheck Issues to get eChecks setup and enabled.
  • Title – This is the text shown for the eCheck gateway during checkout and on the Order Received page. This defaults to “eCheck”.
  • Description – This is the text shown under the title during checkout. Limited HTML is allowed. If you enable test mode, this section will also display a notice along with a test bank account number.
  • Tokenization – Enable this to allow customers to save their payment method for future use at checkout. This must be enabled if you use Subscriptions or Pre-Orders.
  • Authorization – Enable to display an authorization method during the checkout process:
    WooCommerce Authorize.Net CIM authorization message for echecks
    Authorization Message
  • Authorization Message – (if authorization enabled) Enter the authorization message to show to customers. You can optionally use the merge tags {merchant_name} (your store name), {order_date} (the date of purchase), and {order_total} (the total order value).
  • Detailed Decline Messages – Enable to display detailed messages to customers to provide reasoning for declines when possible instead of a generic error message.
  • Debug Mode – Enable this is you are having issues correctly processing transactions. You can either log API requests / responses directly to the checkout / thank you page, save them to the WooCommerce Error Log, or both. All debugging messages are cleaned of sensitive information before display, but as a best practice, please do not enable this unless you are having issues with the plugin..
  • Environment – Switch between “Test” and “Production” credentials. Enable “Test” to send transactions to your Authorize.Net Test Account. Note: This is not the “test mode” that is listed under your account. This is an entirely separate sandbox environment that requires a separate login. You can sign up for a test account here. Once you have done this, you can enter a separate API Login ID and API Transaction Key for your test account. Do not place your Test Account (or regular account) into “Test Mode” within the Authorize.Net control panel as transactions will not process at all if that mode is set.
  • Share connection settings – Enabling this will allow you to use connection/authentication settings between the credit card and eCheck gateways. If this is disabled, you’ll have to enter a new Authorize.Net API Login ID and API Transaction Key for eCheck transactions.

Merchant Usage ↑ Back to top

It’s possible to use Authorize.Net CIM to capture charges from within the WooCommerce admin if they’ve been authorized.

Capture Charges from WooCommerce Order Admin ↑ Back to top

Using version 2.0+ of the extension allows you to authorize charges during checkout, then manually capture them later. You can do this via your Authorize.Net control panel, or can easily do so from the WooCommerce Edit Order page.

You can read more about capturing charges with Authorize.Net here.

Automatic Refund Support ↑ Back to top

Version 2.0.0 of Authorize.Net CIM adds automatic refund support for shops running WooCommerce 2.2+. This means that refunds can be processed directly in WooCommerce without the merchant logging into his or her Authorize.Net account.

You can read more about performing refunds with Authorize.Net CIM here.

Void Transaction Support ↑ Back to top

Transactions can be voided by using the same workflow as refunds. A void will occur if the transaction has been authorized, but not captured. In the case of Authorize.Net, voids will also occur for authorized & captured transactions that have not yet been settled. As funds haven’t been transferred, a refund can’t truly be processed.

Voided transactions must be voided in full; partial voids are not accepted by Authorize.Net. You can read more about voiding transactions here.

Saved Payment Methods ↑ Back to top

Customers can save payment methods during your checkout process or from the account section to use them in future checkouts, with Subscriptions, or for Pre-Orders. Note that customers cannot save payment methods if they checkout as a guest since there’s no account to assign cards to.

Customers can manage their saved payment methods by going to their My Account page and scrolling to the “My Payment Methods” section. From here they can set any available saved payment method as active, or click the “Delete” action to delete the payment method.

WooCommerce Authorize.Net CIM: my payments
Customer Saved Payments

Customers can also add cards by clicking “Add Payment Method”. This will give them a form to securely save a payment method for future use without going through checkout. Both credit cards and eChecks are supported. You can read more about adding saved payment methods from the account here.

WooCommerce Authorize.Net CIM: Add payment
Customer Add Saved Payment

Other Information ↑ Back to top

eCheck Support ↑ Back to top

If you have enabled eChecks on your Authorize.Net account and within the plugin settings, customers will have the option to pay via Credit Card or eCheck. eCheck requires the customer to enter their bank routing number and bank account number. The billing first and last name entered during checkout is used as the Name on Account. eCheck information is automatically saved on the customer’s account just like a credit card.

Accept.js Support ↑ Back to top

Version 2.4.0+ adds support for Accept.js from Authorize.Net. Accept.js improves security and decreases PCI compliance responsibility for merchants. To test or use Accept.js, you must have an SSL certificate installed on your site.

When Accept.js is enabled, customer credit card information is no longer sent directly through your server and instead is handled directly by Authorize.Net, meeting the lower level PCI SAQ A-EP compliance level.

You can learn more about Accept.js here. If you choose to enable Accept.js, you must generate a Client Key in your Authorize.Net account and enter this in the plugin settings.

To generate a client key, follow these steps:

  1. Log into your Authorize.Net Account and go to Account > Settings.
  2. Click on “Manage Public Key” in the “Security Settings” section.
    WooCommerce Authorize.Net CIM get client key
  3. If you already have generated a Client Key, you can copy it. If not, generate a new key by answering your security question and clicking “Submit” to generate the new key.
    WooCommerce Authorize.Net CIM generate client key
  4. Copy your new Client Key and paste it into the plugin settings.

Once Accept.js is enabled, your credit card processing is now secured. The checkout process will appear unchanged for customers, but is secured behind the scenes.

WooCommerce Subscriptions/Pre-Orders Support

This gateway fully-supports all features of WooCommerce Subscriptions and WooCommerce Pre-Orders, with both credit cards and eChecks (if you have enabled eChecks).

When Subscriptions is enabled, a new setting for recurring eCheck authorization messages will be available:

WooCommerce Authorize.Net CIM Recurring authorization message setting
Subscriptions Authorization

This will display your recurring authorization message if a subscription is being purchased, or if the subscription payment method is being switched:

WooCommerce Authorize.Net CIM Recurring eCheck authorization message
Subscription Message

The enhanced “My Payment Methods” table is also active when Subscriptions is used to prevent deleting cards associated with a subscription. You can read about subscription saved methods here.

Note that in order to process subscription renewals automatically, you cannot require the card security code for transactions in your Authorize.Net account. Authorize.Net does not (and cannot) store CSCs for subscription renewals for PCI compliance and security reasons, so these are unavailable for renewal orders and they will fail. You will see an error that says, “Authorize.Net CIM Payment Failed (3 E00027): Cart Code is Required…”

Enhanced Checkout Form ↑ Back to top

Authorize.Net CIM supports an enhanced checkout form, which improves both mobile and desktop checkout. You can read about the enhanced payment form here.

WooCommerce Authorize.Net CIM Enhanced Checkout Form
Credit Card Checkout (Twenty Sixteen theme)

Detailed Decline Messages ↑ Back to top

When detailed decline messages are enabled, they will provide informative error messages to the customer at checkout when Authorize.Net returns a useful response.

You can read more about detailed decline messages here.

Storing Credit Cards ↑ Back to top

Credit card information is not stored on your server, rather it is tokenized and stored on Authorize.Net’s secure servers, which reduces your PCI compliance burden. Learn more about CIM tokenization.

You can read more about managing saved card tokens within your website here.

Authorize.Net Test Credentials ↑ Back to top

Authorize.Net production credentials cannot be used in test mode. To test the plugin, merchants sometimes put their production accounts into the “Test modes” from their Authorize.Net accounts, which returns dummy data for live transactions. However, this will not work with the plugin’s test mode either, as these are still production credentials.

To use the plugin in test mode, you should get a set of dedicated test credentials from Authorize.Net. These work with the test mode in the plugin. Your production Authorize.Net credentials should always be live, and never set to test mode.

Troubleshooting ↑ Back to top

If you’re using Accept.js, please note you may see a console error using Chrome developer tools at checkout:

XMLHttpRequest cannot load https://jstest.authorize.net/v1/AcceptCore.js. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://youstore.com' is therefore not allowed access.

This is expected by Authorize.Net and does not indicate a problem (transactions will process perfectly fine and are secure), annoying as it may be, which you can see here:

Right now I can tell you that the CORS warning “cannot load” is actually correct behaviour in that it’s alerting the fact that the page cannot call our core js library only the Accept.js library. So that will not impact functionality (we are nonetheless looking at ways to stop the browser doing this).

Authorize.Net Error Codes ↑ Back to top

Having a different trouble? First, please refer to the Authorize.Net Response Code Reference — enter the error code you see into this tool to view the source of the error. In some cases, such as a transaction being held for review or being declined, the plugin cannot change the issue and it must be resolved in your Authorize.Net account.

Notes
Orders with Response Code = 4 will be approved, but can be cancelled manually in the WooCommerce admin and Authorize.Net Merchant Area area later if they fail review.

Be sure to have “Partial Authorization” turned off in your Authorize.Net Merchant Area. This will restrict orders with with Response Code = 4 and Response Code = 295 from being approved. “Allow Partial Payments” is off by default, but to verify it is off, follow these steps:

  • Login to your Authorize.Net Merchant Area
  • Press “Account” in the top toolbar
  • Under the “Transaction Format Settings” area click on “Partial Authorization”
  • Verify “Allow Partial Payments” is not checked

eCheck Issues ↑ Back to top

Make sure the ‘WEB’ eCheck type is enabled on your Authorize.Net account, or you might see errors like [Code 246] - This eCheck.Net type is not allowed. To get this setup, follow these steps:

  1. Set up an eTicket and ask for the ‘WEB’ eCheck type to be enabled (be sure you are an account owner and know your gateway ID).
  2. WEB transactions are usually enabled within 2 business days, but there is a funding hold automatically placed on your account — you can take funds in, but not get them out, until you pass another security check with the underwriting department.
  3. To expedite the process, call them on the phone and they will check out your website while on the line with you. They will look to make sure you have a valid SSL on cart/checkout, and prominently placed terms of use and privacy policy pages.
  4. Once you meet those requirements, the funding hold should be removed.

Refund Issues ↑ Back to top

You may see an error message that looks something like this when trying to process an automatic refund:

Oops, you cannot partially void this order. Please use the full order amount.

This means that you’re trying to perform a partial refund, but the charge has not been settled (typically when you try to refund within a day of the purchase). The plugin tries to void this order since the funds have not been transferred (to cancel the order instead of refunding it), but Authorize.Net does not permit partial voids.

Please wait until the charge has settled (about one day after the charge was made) to refund this transaction.

Other Issues ↑ Back to top

Having a different trouble? Follow these steps to make sure everything is setup correctly before posting a support request:

  1. Check that your API Login ID and API Transaction Key are correct.
  2. Double-check that your API Login ID and API Transaction Key are correct 😉
  3. If you see issues with renewals, please ensure that your Authorize.Net account is configured correctly for renewal payments.
  4. Enable debug mode to the checkout page and review the errors messages that Authorize.Net is providing. Please check these error codes with the Authorize.Net Response Code Reference — enter the error code you see into this tool to view the source of the error. In some cases, such as a transaction being held for review or declined, the plugin cannot change the issue and it must be resolved in your Authorize.Net account.
  5. If the error code indicates an issue with the plugin, enable debug to the logs and submit a support ticket, with the log found under WooCommerce > System Status > Logs as an attachment.

Frequently Asked Questions ↑ Back to top

Q: Why do Subscriptions not display inside the Authorize.Net control panel?
A: Subscriptions do not display in Authorize.Net because the CIM gateway does not use ARB (automated recurring billing). It tokenizes the customer’s payment method and then the Subscriptions plugin handles charging the payment method. This is far more flexible than ARB and thus supports a lot of features that couldn’t be done with ARB (changing payment dates, amounts, etc).


Q: Why do I receive a “test transaction successful” email?
A: During checkout, the extension validates the payment info entered by the customer (e.g. that the card number and CVV is correct, etc). This “test transaction” does not charge the customer, but generates an email to the merchant. You can email support@authorize.net to have them disable this email notification to you.


Q: Can I process automatic refunds with eChecks?
A: Unfortunately this is not possible with eChecks. Refunds can automatically be processed from WooCommerce with a credit card purchase, but not for an eCheck purchase.


Q: My customers get email receipts from WooCommerce and Authorize.Net. How do I get rid of Authorize.Net receipts?
A: The plugin cannot disable these for you, but you can disable these emails in your Authorize.Net account — click here for instructions.


Q: How do I capture a higher amount than what is authorized (like a restaurant)?
A: Authorize.Net (along with most any eCommerce payment processor) cannot do this with card-not-present transactions (which is what online payments are). Captures can only be up to the value of what’s authorized: “As soon as the product is shipped, the merchant can capture an amount up to the amount of the authorization.”

When gas stations and restaurants do this, they’re using a particular POS system that gives them a certification to capture a certain percentage over the authorized amount. This isn’t available with eCommerce systems to be able to capture amounts higher than what’s authorized, so this is not possible on your WooCommerce site.

For Developers ↑ Back to top

Here are a couple example snippets for some of the Authorize.Net CIM filters in place.

• Default the “Securely Save to Account?” checkbox on the payment form to checked

• Adjust authorize-only transaction order status from “On hold” to something else

Questions & Support ↑ Back to top

Have a question before you buy? Please fill out this pre-sales form.

Already purchased and need some assistance? Please have a look at our troubleshooting steps to see if the issue can be resolved independently, or get in touch with a ninja via the help desk for further assistance.

WooCommerce - the most customizable eCommerce platform for building your online business.

Back to the top