I just started getting this error today from my authorize.net API implementation and it is preventing customers from making to the payment page.
I'm using the authorize.net API SDK.
My return option URLs are formatted as such:
$success_url = "https://" . $_SERVER['HTTP_HOST'] . "/payment/cc_authorizenet_accept_hosted.php?r=$soidhash";
$cancel_url = "https://" . $_SERVER['HTTP_HOST'] . "/payment/cc_authorizenet_accept_hosted.php?r=$coidhash";
Then put into an array of options:
$payment_options = array(
'hostedPaymentSecurityOptions' => "{\"captcha\": false}",
'hostedPaymentStyleOptions' => "{\"bgColor\": \"#C00\"}",
'hostedPaymentShippingAddressOptions' => "{\"show\": false, \"required\": true}",
'hostedPaymentBillingAddressOptions' => "{\"show\": false, \"required\": true}",
'hostedPaymentButtonOptions' => "{\"text\": \"Submit Secure Payment\"}",
'hostedPaymentOrderOptions' => "{\"show\": true, \"merchantName\": \"Lee Precision, Inc.\"}",
'hostedPaymentPaymentOptions' => "{\"cardCodeRequired\": true, \"showCreditCard\": true,\"showBankAccount\": false}",
'hostedPaymentReturnOptions' => "{\"showReceipt\": true,\"url\": \"{$success_url}\", \"urlText\": \"Get Receipt\", \"cancelUrl\": \"{$cancel_url}\", \"cancelUrlText\": \"Cancel/Continue Shopping\"}"
);
Then options added using API SDK:
foreach ($payment_options as $k => $v) {
$aSetting = new AnetAPI\SettingType();
$aSetting->setSettingName($k);
$aSetting->setSettingValue($v);
$request->addToHostedPaymentSettings($aSetting);
}
This implementation has been working for about two years, and I have not changed any of the code since then, so I'm not sure if their API is having an issue? Status page says everything is working.
Is there a way on authorize.net to review API requests to see what they are receiving from my server?
Confirmed they changed their API without notice.
I've posted already to https://community.developer.cybersource.com/t5/Integration-and-Testing/Recent-changes-to-url-validation-for-Accept/td-p/85207, but since Authorize appears to try to limit Google from indexing that site I'm posting here as well so that other people running into this have a fighting chance of finding an answer.
After spending several hours in priority 1 response mode confirming that nothing had changed in our code, configuration or hosting, we started to suspect the problem was on Authorize's end. We've been on the phone with them several times yesterday and today.
Authorize has confirmed they deployed an update on 12/7 that "improved URL validation". They cannot explain why nothing was posted to https://developer.authorize.net/api/changes.html... or why they would deploy an undocumented update to their API in December... but here we are.
We have an open support case with them now, but it would be helpful for everyone experiencing this to call as well.
No ETA on when (if ever) they will roll back the changes.
We are scrambling here since this is impacting a legacy giving solution for the university I work for that often sees as much as $1 million donated at the end of the year.