We got a notice from Authorize.net about rejecting GET requests

  • jdt3901
    Asked on April 27, 2016 at 9:37 AM

    I got an email from authorize.net saying that as of June 30 this year, they will reject payment submissions using HTTP GET. As a new client, we intend to set up a lot of systems using Jotform, and I would appreciate someone from Jotform's tech support letting me know that Jotform will be prepared for this change.

    I've attached a screenshot of the email I received. I appreciate you helping me out in this way.

     

    Jotform Thread 827507 Screenshot
  • Ben
    Replied on April 27, 2016 at 10:11 AM

    As far as I am aware we never used GET requests, but I can assure you that our developers react to first emails and notifications from payment processors. Since they have developer accounts on the same this means that the notice on some payment processors comes in before it does for non developer accounts.

    As such you should have no issues with Authorize.net tool, but I will raise this up so that we can get a confirmation of the same from one of the developers as well.

    They will reply back over this thread.

  • Bill
    Replied on April 27, 2016 at 8:25 PM

    One of my clients also received this notice. This is not related to jotform, but this thread is the only relevant hit on a google search. Far as I know, none of our software (nor our client's software) uses GET requests for Authorize.net.

    It sure would be nice if Authorize.net provided more information about this issue. IP addresses of the offending hosts, transaction ID's of the problem requests, something... anything other than the completely uninformative warning message they are currently sending out.

  • Ashwin JotForm Support
    Replied on April 28, 2016 at 2:20 AM

    Hello Bill,

    My colleague have already forwarded this query to our backend team. Unfortunately we have not received any update form them yet but we will get back to you as soon as we have any information on this.

    Thank you!

  • jdt3901
    Replied on April 28, 2016 at 4:16 PM

    Sorry to be a pest, but I need to know asap. This is a deal breaker for us.

  • Ben
    Replied on April 28, 2016 at 4:39 PM

    As mentioned by Bill above, I never heard of someone using GET requests for payment processing. As such I can assure you that we are not using the same.As mentioned I have forwarded this up to our developers and it is assigned to one developer to investigate the same and see what exactly Authorize.net is looking for. I presume that our developer did not update you here since we got few threads on similar subject, but mentioning different cases so he is probably checking it all at once.Once our developer makes sure that everything is up to par he will confirm the same here.Again, the fact that it is GET, makes little sense for payments so you should not worry - this is only raised to confirm the same.

  • typeadesign
    Replied on April 29, 2016 at 3:25 PM

    Hi, all. My client just received the same email from authorize.net. One question I'd like to add to this thread. I know it shouldn't make a difference, but does it matter that the website that the form is embedded in does not have an SSL certificate?

  • Huberson
    Replied on April 29, 2016 at 4:53 PM

    If your client's forms are used for payment, it is always better to have the form embedded and the data accessed over a secure connection.

    To answer your question 'If that matters ', yes it does matter since Mixed Content can present security risk for your users if sensitive data are transmitted over insecure connection.

    But I'm not sure if this has anything to do with that message from Authorize.net.

  • typeadesign
    Replied on April 29, 2016 at 5:05 PM

    @Huberson,

    Thank you for your reply. I'll let them know. =M=

  • NeilVicente
    Replied on May 1, 2016 at 4:58 AM

    Hi all,

    The incoming update from Authorize.Net should not affect your forms. We send POST type requests for all transactions made via JotForm, so this should not pose any problems whatsoever

    Best,