#1 June 8, 2016 9:55am

randyhook
Member
Registered: February 25, 2015
Posts: 6

Authorize.net will block GET requests

We just received an email from Authorize.net informing us that our paid forms are making GET requests to their API, and they will begin blocking them after July 30, 2016.

After looking at the BigTreePaymentGateway class, which calls BigTree::cURL() to send to Authorize, I'm wondering if this is the only line that needs to be added:

curl_setopt ($ch, CURLOPT_POST, 1);

This would be inserted right before:

curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

Offline

#2 June 8, 2016 12:21pm

timbuckingham
Administrator
From: Baltimore, MD
Registered: April 2, 2012
Posts: 978

Re: Authorize.net will block GET requests

I'm going to have to spend some time in the Authorize.net environment and check this out. Right now the sendAuthorize method in the Payment Gateway constructs a GET string which it sends. To switch it to POST you'd really just need to skip the $fields generation on line 1626 and pass in $params directly instead of $fields on line 1633. That *should* send it as POST since it's an array.

I don't know if there's more to their API changes though -- you could give it a go in a test environment and see if your calls still work.

Offline

#3 June 9, 2016 10:32am

randyhook
Member
Registered: February 25, 2015
Posts: 6

Re: Authorize.net will block GET requests

The changes I made were as follows:

1. On line 1633 of /core/inc/bigtree/apis/payment-gateway.php, the code is now:
$response = BigTree::cURL($this->PostURL, $params);

2. In place of line 430 of /core/inc/bigtree/utils.php, (curl_setopt($ch, CURLOPT_POSTFIELDS, $post);) are the following lines:
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));

This appears to be how several examples are set up and this works. However, I believe this is just doing the same thing you are already doing. It's just using the http_build_query function to create the query string instead of manually creating it like you are to make the fields array which you then implode. If you do not use http_build_query on the $params array, you get an error from Authorize.

The next thing is that I have not figured out a way to determine if this is actually being sent as a POST request now or not. I'll keep working on it.

Offline

#4 June 22, 2016 7:07am

randyhook
Member
Registered: February 25, 2015
Posts: 6

Re: Authorize.net will block GET requests

OK, I think I've got it. It is pretty much what you suggested, Tim. Here's a link to the change on github: https://github.com/MindscapeSolutions/B … c22e15cf80

Offline

Board footer

Powered by FluxBB

The Discussion Forum is not available on displays of this size.