Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 1

Test Environment Account Activation Guide

Authorize.Net Developer Support

http://developer.authorize.net

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 2

Authorize.Net LLC (“Authorize.Net”) has made efforts to ensure the accuracy and completeness of the information in this document. However, Authorize.Net disclaims all representations, warranties and conditions, whether express or implied, arising by statute, operation of law, usage of trade, course of dealing or otherwise, with respect to the information contained herein. Authorize.Net assumes no liability to any party for any loss or damage, whether direct, indirect, incidental, consequential, special or exemplary, with respect to (a) the information; and/or (b) the evaluation, application or use of any product or service described herein.

Authorize.Net disclaims any and all representation that its products or services do not infringe upon any existing or future intellectual property rights. Authorize.Net owns and retains all right, title and interest in and to the Authorize.Net intellectual property, including without limitation, its patents, marks, copyrights and technology associated with the Authorize.Net services. No title or ownership of any of the foregoing is granted or otherwise transferred hereunder. Authorize.Net reserves the right to make changes to any information herein without further notice.

Authorize.Net Trademarks:

Advanced Fraud Detection Suite™ Authorize.Net® Authorize.Net Your Gateway to IP Transactions™ Authorize.Net Verified Merchant Seal™ Authorize.Net Where the World Transacts® Automated Recurring Billing™ eCheck.Net® FraudScreen.Net®

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 3

Table of Contents Introduction .................................................................................................................................................. 4

Activation Step 1: Identity Verification ................................................................................................. 5

Activation Step 2: User Information ..................................................................................................... 5

Activation Step 3: Account Information ............................................................................................... 6

Activation Step 4: Terms and Conditions ........................................................................................... 8

Activation Step 5: Billing Information ................................................................................................. 10

Activation Step 6: Disabling Test Mode ............................................................................................ 12

Activation Step 7: Generating your test account API Login ID and Transaction Key ................ 14

Step 8: Configuring your account to send transaction receipts ..................................................... 15

Testing eCheck.Net transactions ................................................................................................... 20

API Services .............................................................................................................................................. 22

AIM ......................................................................................................................................................... 22

SIM ......................................................................................................................................................... 22

CIM ......................................................................................................................................................... 23

ARB ........................................................................................................................................................ 25

Simple Checkout .................................................................................................................................. 26

Card Present (AIM) .............................................................................................................................. 27

Frequently Asked Questions: ................................................................................................................. 28

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 4

Introduction

Please note that you can find sample code, integration guides, troubleshooting tools, and more in our online Integration Center at http://developer.authorize.net.

Once you have completed the New Test Account Application form using the URL you are sent upon request from developer@authorize.net, an activation email will be sent to the email address you included in your application. Please use the activation link, found within the activation email, to set up your new Authorize.Net test account.

If you have trouble with the activation link you receive, or if you do not receive one within 48 hours, please email developer@authorize.net for assistance.

A few items of interest before getting started:

FAQs Developer Security Best Practices Authorize.Net Password Policy When using your Authorize.Net test environment account:

• Please do not perform any load testing through your test account. The test environment is independent from our live environment and is not indicative of live environment performance. We do not condone any performance testing within our test or live environments.

• Settlement does not occur automatically within a test account. If you need to test refund transactions, please submit your test account login ID to developer@authorize.net along with a request to initiate settlement within the account.

• ARB subscriptions do not start in our test environment, meaning that ARB subscription transactions never process. If you are planning on testing your implementation of the ARB API, you will only be able to test the creation, update and/or cancellation of any ARB subscriptions that you may create within your test account.

• Our test environment is not intended for the purposes of testing Merchant Interface functionality, so you may find some features of the Merchant Interface are unavailable to you, such as Upload Transaction, and the ability to preview the Authorize.Net hosted payment form.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 5

Activation Step 1: Identity Verification You will be asked to provide your SSN or Tax ID here. You must enter 555555555.

Figure 1: Identity Verification

Activation Step 2: User Information Enter your first and last name, title, and email address where prompted. You can enter any personal information you wish to use for this purpose. You are not required to use valid information, but using valid information will make it easier to locate your test account should you lose it or need assistance with your testing.

Next, create a login ID and password for your test account so that you can login to the Merchant Interface at https://test.authorize.net.

Finally, create a secret question and answer for your test account.

The email address you enter on this page will be the email address where merchant transaction receipts are sent, as long as you configure your User Profile to send them.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 6

Figure 2: Entering User Information

Activation Step 3: Account Information This page is pre-populated with information submitted with your Test Account Application form. Feel free to adjust it as needed, or simply confirm that it is valid by checking the box that states that the information is correct.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 7

Figure 3: Account Activation Form

You need to have the Owner/Principal/Corporate Office Name (as listed above) and Tax ID (which is 555555555) on hand to complete the next step.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 8

Activation Step 4: Terms and Conditions

You can ignore any reference to fees, we do not charge you for the use of a test account, although you MUST agree to the Terms and Conditions in order to continue.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 9

Figure 4: Terms and Conditions

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 10

Activation Step 5: Billing Information

Although we do not bill you for the use of a test account, you must complete the Billing Information page in order to activate your test account.

Please use the following information for this purpose:

• Name on Bank Account: Bank Account

• Bank Account Type: Checking

• Bank Account Owner Type: Business

• Routing Number: 307075259

• Account Number: 123456789

• Bank Name: Mutual

• Bank City: American Fork

• Bank State: UT

• Bank Zip Code: 84003

Then, again, enter the Owner Name and Title (as previously confirmed during Step 3), check the box that states that you authorize the debit on behalf of your company and click the “Submit” button.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 11

Figure 5: Billing Information

You have now completed the activation of your test account and will see a confirmation page as follows:

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 12

Figure 6: Confirmation Page

Activation Step 6: Disabling Test Mode

Test Mode is a production environment setting used to allow transactions to be submitted into the account without sending them to the payment processor for authorization at the issuing bank and thus without charge to either the customer or the merchant. Test Mode transactions submitted to any account, production or test, will be purged from our system immediately and will not be viewable. Test Mode transaction responses will return with a 0 Transaction ID value and a 000000 Authorization Code value. CIM and ARB API will NOT function in Test Mode and will return errors if you attempt to submit CIM or ARB API into an account with Test Mode enabled.

Test Mode needs to be disabled within a test environment account because it is enabled by default upon activation. Because Test Mode does not serve any purpose in a test environment account, please use the following steps to disable Test Mode within your test account:

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 13

1. Click on the Test Mode link found within the red bar across the top of the page.

Figure 7: Test Mode

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 14

2. Next, click the Turn Test OFF button

Figure 8: Turn Test Off

Successfully disabling Test Mode following these steps will cause a message to display stating that your Test Mode setting has been successfully updated

Activation Step 7: Generating your test account API Login ID and Transaction Key

Once you see the account activation confirmation page, you must generate the API Login ID and Transaction Key that you will use to test your integration(s). To generate these values:

1. Click the “Account” link found in the blue bar across the top of the page 2. Click on “API Login ID and Transaction Key” in the Security Settings section 3. Enter the answer to your Secret Question (the question/answer set you created for yourself during

Step 2 of your test account) 4. Click the “Submit” button

Your API Login ID and Transaction Key will then be displayed to you.

Going forward, you will be able to obtain your API Login ID from the API Login ID and Transaction Key page within your test Account settings whenever you’d like, but your Transaction Key will not be displayed to you once you leave this page. Please be sure to save your generated values before navigating away from this page. If you ever lose your Transaction Key, you will need to generate a new Transaction Key within your account.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 15

Step 8: Configuring your account to send transaction receipts From the Merchant Interface Home Page, click on User Profile

Figure 9: Merchant Interface Home Page

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 16

Next, click the Edit Profile Information button.

Figure 10: Edit Profile Information

Make sure that the Transaction Receipt and Use this email as sender boxes are checked and click Submit:

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 17

Figure 11: Submit Profile

This is also where you will go if you ever need to change the email address on file in your test account, because your email address is used to reset your password should you ever forget it or should your password expire, as they will every 120 days.

Forget your password? Locked out of your test account Merchant Interface? You can use the Forgot Password feature found on the login page at https://test.authorize.net.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 18

Figure 12: Forgot Password

Clicking on the Forgot Your Password? link will take you to the Forgotten Password page, where you can enter your Login ID and the Email Address on file within the User Profile of your test account.

Figure 13: Forgotten Password Page

This will generate an email to the email address on file in your account. The email will contain a link to reset your password:

Dear Authorize.NET User You have requested a reset for your payment gateway user account password.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 19

To continue with the password reset, go to https://test.authorize.net/ui/themes/anet/Welcome/ForgottenPasswordChangeaspx?ActivationCode=ADAE5CD72BD0709E If you did not make or authorize this request, please contact Customer Support at 877-447-3938 immediately. Thank you for your business, Authorize.NET

Please note that, at this time, the link is broken and needs to be repaired before it will successfully allow you to reset your test account password. We are currently working on correcting this, but if your link is received as shown above, please correct it by adding a ‘.’ Before aspx?, for example:

https://test.authorize.net/ui/themes/anet/Welcome/ForgottenPasswordChange.aspx?ActivationCode=ADAE5CD72BD0709E

A corrected link will take you to the Change Password page, where you will answer your secret question (the one you created during activation) along with your Login ID and your new password. You cannot re-use one of the 5 previous passwords used within your account:

Figure 14: Change Password Page

Answers to most questions can be found in our online knowledgebase. A link to our online knowledgebase can be found in your test account Merchant Interface Home Page, or you can use the direct URL http://authorize.net/support/knowledgebase/.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 20

Figure 15: Link to Knowledge Base

You may also wish to activate Value Added Services within the test account, such as CIM (Customer Information Manager), ARB (Recurring Billing) and FDS (Fraud Detection Suite). Feel free to activate them or deactivate them as needed.

Please note that cancelling ARB in your account will result in the loss of all ARB subscription data, but not transaction history, immediately. Cancelling CIM within your account will result in the loss of all stored profile information, but not transaction history, 30 days from the date of cancellation.

Testing eCheck.Net transactions Submitting eCheck.Net transactions uses the same code that credit card transactions use. The only adjustment you need to make is to add the eCheck.Net variables to your code. These variables are documented in the eCheck.Net Developer Guide, located at http://developer.authorize.net/guides/echeck.pdf.

You can use any valid routing number along with any invalid, or valid, account number while testing eCheck.Net transactions. If you do not wish to use your own routing number for this purpose, or do not have one, the Federal Reserve provides a list of valid routing numbers on their Web site at http://www.fedwiredirectory.frb.org/reserve.cfm.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 21

Please note that eCheck.Net transactions do not settle within our test environment. This means that it is not possible to submit refund (x_type=credit) eCheck.Net transactions to a test account. If you specifically need to test eCheck.Net refund transactions, please contact Integration Services at developer@authorize.net.

Additional information regarding the functionality and requirements of processing eCheck.Net transactions can be found in the eCheck.Net® Operating Procedures and User Guide, located at http://www.authorize.net/files/echecknetuserguide.pdf.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 22

API Services

We offer the following API services:

• AIM

• SIM

• CIM

• ARB

• Simple Checkout

• Card Present (AIM)

AIM

AIM (Advanced Integration Method) is a server-to-server connection from your web server to ours. It uses an HTTPS post method and would be used to submit real-time single transactions. This method of connection is used by those who want the transaction process to occur entirely on their SSL-certified web server.

SIM

SIM (Server Integration Method) similarly uses an HTTPS post method to submit real-time single transactions, but it differs from AIM in that the end user must be transferred from your server to ours, in order to securely submit their payment information using our SSL-certified secure payment form. This method of connection is generally used by those who are unable or unwilling to obtain an SSL certificate for their web server.

NOTE: When testing AIM or SIM integrations using a test environment account, you must send your POST data to https://test.authorize.net/gateway/transact.dll. If you attempt to send transactions to our production server URL, https://secure.authorize.net/gateway/transact.dll, you should expect an error 13 to occur (The merchant Login ID is invalid or the account is inactive).

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 23

CIM

CIM (Customer Information Manager) is a payment information storage service that allows users to create customer profiles that contain customer payment information, such as credit card number(s) or bank account number(s), and saves the merchant from having to store secure payment data on their server(s). The CIM API is used to initially submit a createCustomerProfileRequest and createCustomerPaymentProfileRequest that submits the customer payment data to our servers. This results in a profile ID and payment profile ID being returned to the merchant’s server. Each customer can have up to 10 payment profiles stored with their profile ID to hold different types of payment methods they may wish to use. CIM profile data can be created, updated and deleted from our system. CIM is a solely API-based solution at this time.

In all of the CIM functions that can generate transactions, we offer a method of indicating that the transaction should be processed in test mode. This purges the transaction from our system upon submission and does not leave a record of the transaction in your account. If you wish to be able to view the transaction in your account, please set validationMode to liveMode (<validationMode>liveMode</validationMode>).

The following is an example for createCustomerProfileRequest:

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 24

The following is an example for createCustomerPaymentProfileRequest:

The following is an example for updateCustomerPaymentProfileRequest:

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 25

The following is an example for createCustomerProfileTransactionRequest:

ARB

ARB (Automated Recurring Billing) is a recurring payments service that allows merchants to schedule and manage recurring payments (subscriptions) without needing to store secure payment data on their server, and without having to run a recurring billing software application on their server. ARB subscriptions can be created and managed through an API or using the Merchant Interface. An SSL-certified server is required to submit ARB API.

Please note that ARB does not process transactions through a test environment account. An ARB subscription created within a test environment account will never start processing transactions. If you wish to process ARB subscription transactions, please use the live production account for which you are testing your integration.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 26

IMPORTANT: A direct API response is only available for ARB API creation, update and/or cancellation requests, not for authorization responses. Within a production account you can also set up a Silent Post URL to receive ARB subscription transaction response data in real-time (at the time the transaction is processed on its start date), to be used in conjunction with the ARB email notifications that you can configure in your Authorize.Net account. For a complete list of the ARB email notifications available to you, please visit our online knowledge base, located at http://authorize.net/support/knowledgebase/.

ARB API cannot be submitted to an account with test mode enabled, since test mode does not record the data that is submitted, thus preventing you from creating ARB subscriptions. You must submit ARB API in live mode.

A note about using a Silent Post URL (all references to ARB refer to its use in a live production environment account):

A Silent Post request must be accepted within two seconds, otherwise it will be aborted on our end. If you decide to use Silent Post, it is important that your Silent Post URL be simply used as a method of collecting and dumping response data into a database or file for your use separately at a later time.

ARB subscriptions only generate Silent Post responses if or when a transaction processes. If a transaction does not process, for example if the credit card has expired, a Silent Post does not occur. You should configure the ARB-specific email notifications in your account, and use Silent Post for the purposes of identifying ARB subscription activity.

Silent Post responses are returned in real-time, meaning as soon as the transaction processes we send out the Silent Post to your specified URL. We do not necessarily update the subscription in real-time, however. This means that you should not use the Silent Post response to immediately update or cancel an ARB subscription. If you update or cancel a subscription before we have updated the subscription in our system, our update will overwrite any changes you may have made. You should instead simply collect the response data and submit any changes necessary within your subscription(s) later that day.

Simple Checkout

Simple Checkout is a new feature that gives merchants the ability to link to our secure payment page without having to write code to link their Web site to our system. They can create a profile for each product they sell, designate different pricing points for their shipping costs, and then copy the code from the Merchant Interface and paste it into their site's HTML. This code adds a button that says "Buy Now" or "Donate" on the merchant's Web site, which will take the customer to Authorize.Net®’s secure checkout page, with all product information pre-filled.

To start using the Simple Checkout tool:

1. Log on to your Merchant Interface at https://test.authorize.net

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 27

2. Click on Tools 3. On the left, select Simple Checkout 4. Sign up for Multi User Account Management (if not already enabled on the account) 5. Agree to Terms of Service 6. Generate an API Login ID and Transaction Key when prompted.

Card Present (AIM)

Card Present (AIM) is essentially the same API as Card Not Present AIM described above. The main difference is that Card Present AIM uses a different set of variables to pass Card Present-specific transaction data. We do not provide any Card Present AIM sample code; however, any of the AIM sample code, found at http://developer.authorize.net/samplecode/, can be easily modified to include Card Present value pair data. You can review the Card Present Implementation Guide to identify the Card Present variables at http://www.authorize.net/support/CP_guide.pdf.

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 28

Frequently Asked Questions:

Q: I’m an existing Authorize.Net merchant and want to integrate my Web site/application to my account. Do I need a test account?

A: No, you do not need a test account. You can use your existing Authorize.Net payment gateway account for this purpose.

Q: Why am I receiving error E00009 “The payment gateway account is in Test Mode. The request cannot be processed.” while requesting the ARB or CIM API?

A: The API does not function in Test Mode. You need to disable Test Mode in your Authorize.net account settings. To disable Test Mode, please log on to your account, click on Settings. Click on the link for Test Mode and disable it by clicking the button labeled Turn Test Off.

Q: I am attempting to connect to the CIM or ARB API and am receiving error E00007 “User authentication failed due to invalid authentication values.” Why?

A: This error generally occurs when you attempt to connect to the test environment with a production account. If you are using a production account and testing, you should use the following URL: https://api.authorize.net/xml/v1/request.api

Q: When attempting to connect to the AIM API I am receiving error 13 “The merchant API login ID is invalid or the account is inactive.” Why?

A: Error 13 can occur for two reasons.

One cause of this error is using an incorrect value for your API Login ID in your script. Please make sure to not include spaces before or after the value stored on your server.

The second cause of this error is sending your request to the wrong environment URL.

• When you are submitting AIM and SIM POST data:

If you are using a live production account, you should be posting to https://secure.authorize.net/gateway/transact.dll. If you are using a test environment account, you should be posting to https://test.authorize.net/gateway/transact.dll .

• When using CIM or ARB API, please refer to the appropriate Implementation Guide to locate the production URL to use. They can be found at http://developer.authorize.net/guides. You cannot send

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 29

CIM or ARB data to https://test.authorize.net/gateway/transact.dll or https://secure.authorize.net/gateway/transact.dll.

If you have verified that all of the above is correct, but you are still receiving this error, please use our Data Validation URL to review the data you are submitting to our server. The Data Validation URL can be used to validate the syntax of name/value pairs. For example, you could change the Transaction Post URL in your script from https://test.authorize.net/gateway/transact.dll to https://developer.authorize.net/param_dump.asp and submit a sample transaction. The transaction results will be posted to the screen and will list all name/value pairs your script is submitting. You can then verify that all field names and values in your transaction request are correct.

Because you are not posting to a processing environment, the Data Validation URL will not provide error codes; these would be returned in a transaction response from the payment gateway. This tool only provides a list of fields that are being submitted to the payment gateway to help you verify that name/value pairs in your transaction request are submitted correctly.

Q: I am submitting transactions and they are not appearing in my unsettled transactions or reports. Why?

A: Transactions are not recorded unless Test Mode is disabled. To disable Test Mode:

1. Log on to your Merchant Interface at https://account.authorize.net. 2. Click Settings in the main left-side menu. 3. Click Test Mode. 4. Click the Turn Test OFF button. The interface will confirm that the Test Mode settings have been

successfully applied and you are now in live mode.

If you are using the SIM or AIM API and are passing x_test_request="true", this value needs to be changed to "false".

Q: I need sample code in a different programming language than what is available on http://developer.authorize.net/samplecode. Do you have the sample code I need?

A: No. We try to offer the most requested programming languages for sample code, and unfortunately we cannot offer all programming languages requested.

Q: I am not familiar with programming; can you help me connect my Web site to Authorize.net?

A: We support developers when they are encountering specific issues connecting to the Authorize.net payment gateway; however, we do not have the resources to support novice developers. If you need help connecting a Web site or application to Authorize.net and are not familiar with programming, please visit our Certified Solutions directory or our Certified Developer directory: http://www.authorize.net/solutions/merchantsolutions/

Last revised: 10/9/2009 Copyright © 1998 - 2009 Authorize.Net, a CyberSource solution 30