- Get an Authorize.Net Account
- Ok, so you've got an Authorize.Net account. What now?
- Address Verification Service (AVS)
- Required Fields
- Customer Information Manager (CIM)
- Email Receipts
- Transaction Details API
- API Login ID and Transaction Key
- Setup Your Cheddar Account
Cheddar is fully integrated with the Authorize.Net gateway and utilizes the Customer Information Manager (CIM) for cardholder data storage. Cheddar does not use the Automated Recurring Billing (ARB) service.
If you don't have an Authorize.Net account, you can get one here. The application is pretty straight-forward and you can be up and running within hours.
- Make sure your AuthorizeNet account is configured properly
- Setup your Cheddar account to talk to AuthorizeNet
If your AuthorizeNet account is brand new, you're almost ready to go. Cheddar works perfectly with the default AuthorizeNet account setup with a few changes.
The default settings will work just fine. We'll show you what those are and provide some assistance in understanding AVS. You'll find the AVS settings under:
Account->Settings->Address Verification Service
If you'd like to accept international customers (credit cards issued by non-US banks), you must at least uncheck "G" (also optionally uncheck "U" and "S").
Occasionally, a credit card either doesn't have a billing address associated with it or the US-based card issuing bank doesn't support AVS. These cards are usually "gift cards". To accept such cards and other non-standard cards, uncheck "U" and "S".
If you think you've setup AVS the way you want and you're still getting a declined payment for AVS mismatch, you may need to make some further changes. Start by determining the AVS response code for the payment in question. The AVS response code will correspond to one of the checkboxes in your AVS settings, as shown in the screenshot above.
Find the transaction by going to
Reports->Transaction Detail, then search for the transaction. Click on the transaction detail and you'll see the Address Verification Status under the Authorization Information section:
According to the AVS status, you may choose to uncheck additional checkboxes in your AVS settings in order to accept the payment and others like it.
In a recurring billing context, AVS isn't all that useful after the first transaction. If you've verified the address once, then you've already benefited by the primary value of address checking. Subsequent transactions run on the same card shouldn't need the same AVS check. If, for example, a cardholder's billing address has changed at the issuer after a previous verification passed, that's ok, we don't need to decline it. Unfortunately Authorize.Net doesn't allow for the capability of optionally disabling AVS checks after the first transaction.
The default settings in Authorize.Net will work if you are not an EU or UK merchant and/or any merchant accepting GBP or EUR. If you are a merchant operating in the EU or UK, or are accepting EUR or GBP, then the following fields will be required for processing:
- First Name
- Last Name
If your account has some required fields set, you might need to make some changes, especially if you're getting this error from the Cheddar API:
401 2001 The configuration at the gateway is incompatible
The error report in Cheddar should give you some more information about why the gateway configuration is incompatible. Maybe something like this:
The configuration at the gateway is incompatible * 33:Phone is required. * message:Phone is required.
The configuration at the gateway is incompatible * 33:Card Code is required * message:Card Code is required
In this case, the merchant configuration is set up to require these fields. To see what you have required, go to:
Account->Settings->Payment Form->Form Fields
The settings shown here on the left are the defaults at the time of this writing. On the right are the minimal settings compatible with Cheddar. Again, that is unless you are an EU or UK merchant and/or any merchant accepting GBP or EUR, as described above in Required Fields.
Under no circumstance may the Card Code be required. The Card Code is never stored and so cannot be used for recurring billing.
The CIM is how Cheddar stores your customers' credit card data so you'll need to turn that on. You'll find the CIM settings here
The only change that CheddarGetter requires here is to enable the Customer Information Manager.
Authorize.net has the option to send email receipts to customers selected by default. We strongly suggest that you remove that option, since Cheddar already handles email notification for you with robust customer communication templates.
Account->Settings->Email Receipts and uncheck the box next to "Enable Email Confirmation".
Cheddar requires access to the Transaction Details API for various advanced features including transaction refunds and voids. To enable this API, log into your Authorize.Net virtual terminal and navigate to:
Account->Settings->Transaction Details API
You'll need to answer a secret question to enable the Transaction Details feature.
If you see this error in Cheddar and you are trying to refund an invoice, you probably need to enable the Transaction Details API:
401: (2003) The gateway has denied access
In your error log it will also say:
E00011:Access denied. You do not have permission to call the Transaction Details API.
Cheddar requires your API Login ID and Transaction Key in order to validate and store credit card details and bill your customers. You can find your API Login ID and Transaction Key by logging into your Authorize.Net account and navigating here:
Account->Settings->API Login ID and Transaction Key
You'll need to answer your secret question to enable this API access. Also be sure to enable the Transaction Details API.
Login to Cheddar, navigate to Configuration->Gateway and enter your API Login ID and Transaction Key, choose a Validation Mode and optionally choose to force Test Mode. The API Login ID and Transaction Key settings are easy (see above section). Test Mode is pretty straightforward. If you choose the Test Mode checkbox, Cheddar will use test mode when running transactions against the gateway. Test Mode is generally pointless, however, since transactions which are run on a live account in test mode end up just like declined transactions.
The Validation Mode setting is a pass-through setting that indicates to Authorize.Net whether or not an account verification will be performed when a customer's credit card information is added or updated in the CIM. Validation is especially useful when the initial invoice for a subscription is delayed until some date in the future. In this scenario, when using validation, you will have some assurance that the credit card information entered is valid and it is likely that a future transaction on the account will be successful. A verification can come in one of two flavors:
- A $0.01 transaction that is subsequently voided. This method runs the $0.01 through normal transaction channels just like a standard transaction. The cardholder account must have an available balance of at least $0.01, the CVV must pass (if required) and AVS must pass (if required).
- A $0.00 transaction which is specific to Visa cards (as of this writing). This method is brand new.
The verification method used depends on the card type and your merchant account provider and the corresponding processor.
The four options for Validation Mode configuration are:
- none: No validation is performed. Validation of the credit card information will not occur until customers are actually billed for service. Use this mode if your pricing plans are configured to transact the initial invoice immediately upon signup.
- testMode: This is option apparently simply performs field format validation on the credit card data.
- liveMode: This option uses the new $0.00 transaction when applicable, depending on your merchant account provider and the corresponding processor.
- oldLiveMode: This is like liveMode except a transaction in the amount of $0.01 is always used. This method is deprecated. UPDATE: It appears that Authorize.Net has disabled this option. It now behaves exactly like "liveMode"
The following has been pulled directly from the Authorize.Net CIM documentation:
Validation mode allows you to generate a test transaction at the time you create a customer payment profile. In Test Mode, only field validation is performed. In Live Mode, a transaction is generated and submitted to the processor with the amount of $0.01. If successful, the transaction is immediately voided.
Visa transactions are being switched from $0.01 to $0.00 for all processors. All other credit card types use $0.01. We recommend you consult your Merchant Account Provider before switching to Zero Dollar Authorizations for Visa, because you may be subject to fees.
For Visa transactions using $0.00, the billTo address and billTo zip fields are required.
We recommend that you do NOT use oldLiveMode. In oldLiveMode, $0.01 is used for all credit card types, including Visa. The oldLiveMode option will be removed at a later date.
When a value of "none" is submitted, no additional validation is performed.
If you use liveMode and you do not include the ccAddress (billTo address in AuthorizeNet world) or ccZip (billTo zip), you will receive the following error from Cheddar:
422 5000 There was an error processing the transaction
In your error log in Cheddar, you will see that the response from AuthorizeNet is:
290:There is one or more missing or invalid required fields.
This option indicates whether or not the customer email address is sent to Authorize.Net. If you are an EU or UK merchant and/or any merchant accepting GBP or EUR you must check this box in order to process through Authorize.Net
Any other merchant may select it at her or his discretion.