- jdt3901Asked on April 27, 2016 at 09:37 AM
I got an email from authorize.net saying that as of June 30 this year, they will reject payment submissions using HTTP GET. As a new client, we intend to set up a lot of systems using Jotform, and I would appreciate someone from Jotform's tech support letting me know that Jotform will be prepared for this change.
I've attached a screenshot of the email I received. I appreciate you helping me out in this way.
- BenAnswered on April 27, 2016 at 10:11 AM
As far as I am aware we never used GET requests, but I can assure you that our developers react to first emails and notifications from payment processors. Since they have developer accounts on the same this means that the notice on some payment processors comes in before it does for non developer accounts.
As such you should have no issues with Authorize.net tool, but I will raise this up so that we can get a confirmation of the same from one of the developers as well.
They will reply back over this thread.
- BillAnswered on April 27, 2016 at 08:25 PM
One of my clients also received this notice. This is not related to jotform, but this thread is the only relevant hit on a google search. Far as I know, none of our software (nor our client's software) uses GET requests for Authorize.net.
It sure would be nice if Authorize.net provided more information about this issue. IP addresses of the offending hosts, transaction ID's of the problem requests, something... anything other than the completely uninformative warning message they are currently sending out.
- JotForm Supportashwin_dAnswered on April 28, 2016 at 02:20 AM
My colleague have already forwarded this query to our backend team. Unfortunately we have not received any update form them yet but we will get back to you as soon as we have any information on this.
- jdt3901Answered on April 28, 2016 at 04:16 PM
Sorry to be a pest, but I need to know asap. This is a deal breaker for us.
- BenAnswered on April 28, 2016 at 04:39 PM
As mentioned by Bill above, I never heard of someone using GET requests for payment processing. As such I can assure you that we are not using the same.As mentioned I have forwarded this up to our developers and it is assigned to one developer to investigate the same and see what exactly Authorize.net is looking for. I presume that our developer did not update you here since we got few threads on similar subject, but mentioning different cases so he is probably checking it all at once.Once our developer makes sure that everything is up to par he will confirm the same here.Again, the fact that it is GET, makes little sense for payments so you should not worry - this is only raised to confirm the same.
- typeadesignAnswered on April 29, 2016 at 03:25 PM
Hi, all. My client just received the same email from authorize.net. One question I'd like to add to this thread. I know it shouldn't make a difference, but does it matter that the website that the form is embedded in does not have an SSL certificate?
- HubersonAnswered on April 29, 2016 at 04:53 PM
If your client's forms are used for payment, it is always better to have the form embedded and the data accessed over a secure connection.
To answer your question 'If that matters ', yes it does matter since Mixed Content can present security risk for your users if sensitive data are transmitted over insecure connection.
But I'm not sure if this has anything to do with that message from Authorize.net.
- typeadesignAnswered on April 29, 2016 at 05:05 PM
Thank you for your reply. I'll let them know. =M=
- JotForm SupportNeilVicenteAnswered on May 01, 2016 at 04:58 AM
The incoming update from Authorize.Net should not affect your forms. We send POST type requests for all transactions made via JotForm, so this should not pose any problems whatsoever