Announcement:Materials and articles for ProductCart 5 can be found at our brand new support center.

Create an account to edit articles | See Formatting Syntax for Wiki syntax | We look forward to your contribution!


A Certified Authorize.Net Shopping Cart

ProductCart meets all requirements for the Authorize.Net Shopping Cart Certification, demonstrating that the shopping cart complies with the high performance and security standards of the Authorize.Net Payment Gateway. ProductCart has been a certified shopping cart for many years, and has undergone the process of re-certification as well, further confirming the high quality of the integration with this popular payment gateway.

ProductCart is a certified shopping cart

Advanced Integration Method (AIM)

ProductCart integrates with Authorize.Net using the Advanced Integration Method (AIM). The Simple Integration Method (SIM) is no longer supported. Transactions are handled on your Web site. Information is passed directly to, without having to go through an additional form. The user never leaves your Web site. However, you are required to have an SSL certificate installed on the server (dedicated or shared), and you have to turn the SSL feature on in the Store Settings area of the Control Panel before you can use AIM.

Authorize.Net Account Settings

To connect your Authorize.Net account with ProductCart you need two pieces of information: API Login ID and Transaction Key.

API Login ID and Transaction Key

To obtain your Login ID and Transaction Key, follow these steps:

  • Log into your Authorize.Net account at
  • Select Account > Settings > Security Settings > API Login ID and Transaction Key
  • Your API Login ID is immediately shown to you
  • To create a new Transaction Key, use the Create New Transaction Key form. You will need to type in the answer to your secret question. The secret question and corresponding answer is setup during account activation. It is required to authenticate the merchant before the Transaction Key is generated.
  • Click “Submit” to receive your Transaction Key. You can disable any previously generated Transaction Keys when you submit the form.

Account Settings

Other settings to review in your Authorize.Net account management area:

  • Log into your Authorize.Net account at
  • Select Account > Settings
  • ProductCart uses version 3.1 of Authorize.Net's payment gateway. To ensure that the “Transaction Version” is set to 3.1, select Transaction Format Settings > Transaction Version. If needed, change the Transaction Version by using the drop-down box. Click “Submit” to save the change.
  • You do not need to enter any Relay or Response URLs.
  • You do not need to enter a Silent Post URL
  • You do not need to set the Card Code Validation setting as this is set dynamically by ProductCart.
  • You can configure Address Validation, if you want to use this service. We recommend that you don't set it up too strict or it could lead to a high number of denied transactions.

Configuring Authorize.Net in the ProductCart Control Panel

You can now go back to the ProductCart Control panel and configure the settings as described below:

  • Login ID: enter your API Login ID
  • Transaction Key: Enter your API Transaction Key.
  • Transaction Type. Select a transaction type from the drop-down menu. You can use Authoirze.Net to either authorize or authorize & capture funds during a transaction. If you select AUTH_CAPTURE, the credit card is authorized and debited (this does not apply to electronic checks, where the order amount is always captured). If you select AUTH_ONLY, the credit card is authorized, but not debited. In the second scenario, the transaction is not settled (and therefore funds are not deposited into your back account), until you either manually capture funds using the Authorize.Net administration console, or automatically capture funds using ProductCart’s batch processing feature.

When Authorize.Net is set to AUTH_ONLY, credit card information is encrypted and stored in the store database and should be regularly removed using the Purge Credit Card Numbers feature (this is done automatically in version 3.5 and above when using the Batch Processing feature). When it’s set to capture funds (AUTH_CAPTURE), credit card information is not stored in the store database. Storing credit card information is required to successfully process the order(s) using the batch processing feature. The card security code is never saved to the database in compliance with PCI standards.

Other Credit Card Settings

  • Currency Code. Enter the currency code for the currency used on your store. To locate the correct currency code, click on the corresponding text link. A list of all currency codes accepted by Authorize.Net will be displayed. The default currency code is USD.
  • Require CVV. When you check this option, the security code field is shown on the credit card page. Otherwise, it remains hidden.
  • Accepted Cards. The select the credit card types you accept on your store.

Electronic Checks

ProductCart supports electronic checks via Authorize.Net (eCheck.Net). Electronic checks allow customers to pay for products or services with a “virtual” check by entering the requested bank account information during the checkout process.

At settlement time, the Authorize.Net system initiates a debit to the customer's checking account via the Automated Clearing House (ACH) and then transfers collected funds to the merchant's account. The eCheck.Net system notifies merchants of failed debit attempts, including those due to “Not Sufficient Funds”. Benefits of the eCheck.Net service (from the Authorize.Net Web site):

  • Acceptance of electronic check transactions can reduce payment processing costs to merchants.
  • Merchants can easily expand the payment options available to their customers at the point of sale which could potentially increase overall sales.
  • All eCheck.Net transactions are automatically settled each day.

In order to accept electronic checks on your store, you will have to separately apply for an account with Authorize.Net. Additional fees apply. Contact Authorize.Net for more information.

Keep in mind that eChecks work differently than a credit card transaction especially with respect to charge back rights and procedures. For more information and for apply for eCheck, Authorize.Net has a separate application.

All eCheck orders are automatically considered Processed by ProductCart, as the order amount is always debited from the customer's bank account. This is true regardless of which Transaction Type setting you choose for your store, as mentioned above.

If for any reasons you would like eCheck orders to be considered Pending, check the corresponding option. You will then need to process these orders from the Process Order page. Note that Pending eCheck orders will not be listed in on the Batch Processing page.

  • Accept Checks. Select “Yes” to allow for this payment method
  • SecureSource. Select “Yes” only if you are a Wells Fargo SecureSource Merchant. All other Authorize.Net customers should leave the setting set to No.

Other Settings

  • Enable Test Mode (Credit cards will not be charged): When this option is checked, transactions are submitted as test transactions. This is true even if Authorize.Net is set to be in Live Mode in the Authorize.Net administration area. All transactions appear to be processed as real transactions, with the exception that a payment processor is never contacted, and so all transactions are approved. This allows you to run tests on your store without having to log into the Authorize.Net administration area and change the gateway’s status from Live to Test Mode, and vice versa.
  • Processing Fee. You can choose whether to charge an additional transaction fee using the Processing Fee field,. The transaction fee can either be a set amount or a percentage of the total order amount (e.g. 2.3% of the total).
  • Payment Name. You can change the description for both the credit card and electronic check payment options. This refers to the description that is shown to your customers during checkout. For example, you could change “Credit Card” to “Visa and MasterCard”.

Authorize.Net and Batch Processing Orders

When orders are batch processed, two scenarios can occur.

  • If the order amount has not changed, funds are immediately captured.
  • If the order amount has changed, then Authorize.Net resubmits the transaction to the payment processor, receives a new authorization for the order amount, and then captures those funds.
  • More information on batch processing orders

Authorize.Net and Order Statuses

  • Processing Status. If you want orders to be processed at the time they are placed, check the corresponding checkbox. It is recommended that you leave the check box unchecked so that you can review orders for accuracy and legitimacy before processing them. When this option is unchecked, orders are Pending when they are placed. Learn more about the order status.
  • Payment Status. Specify which payment status you would like to assign to orders when they are placed. Learn more about the payment status.

If you are using electronic checks, the order amount is captured regardless of how you have configured the Transaction Type: i.e. the customer’s bank account is debited even if the Transaction Type is set to AUTH_ONLY.

About Voided Transactions

When a transaction is voided, you are only indicating that the original transaction is not to be settled. When you submit a transaction for authorization, the card issuing bank will place the requested funds on a hold if they approve the transaction. This is done so that, when merchants later settle the transaction, the held funds would be available to claim. Even if the transaction is not settled, the hold on the funds will remain until it is expired by the card issuer. How long these funds are held are entirely up to the card issuer, although the industry average is seven days for credit cards and three days for debit cards.

Since funds are being held, this may impact the available balance on the card, and future transactions may be declined until the card issuing bank removes the hold on any authorized funds.

Authorize.Net cannot remove existing authorizations from a customer's credit card. However, since the card issuing bank provided the authorization code, they will be able to remove the authorization. Card issuing banks may require the merchant to call or fax documentation, or may be able to assist the customer directly. Regardless of the card issuing bank's internal process for removing the authorization, they would need the authorization code in order to identify which authorization to remove. You can retrieve the authorization code by viewing the details associated with the transaction.

To locate the authorization code, please follow these steps:

  1. Login to your Merchant Interface at
  2. Click Transactions in the main left side menu.
  3. Enter one or more search criteria here. For example, you may search by the last four digits of the card number, customer last name, invoice number, or transaction ID. Note: It is generally better to search using only one criterion at first and only add more if you see too many search results the first time.
  4. Click Search.
  5. Click on the Transaction ID of the transaction in question.
  6. A page titled Transaction Details will appear. The authorization code can be found under the heading, Authorization Information.

The card issuing bank may also require either the customer's credit card number, which the customer may provide, or else your merchant account number, available from your Merchant Service Provider, in order to confirm which cardholder or merchant was involved in the transaction. Do note that Authorize.Net cannot provide either the full card number or the merchant account number.

For additional information please visit the Authorize.Net knowledge base located at In addition a video tutorial on voids, refunds and credits can be viewed at

Authorize.Net Error Codes

One of the more common Error Codes returned by is: Error 3: E.G.:

Error 3: This transaction cannot be accepted.

Keep in mind that this error is coming directly from, and not from ProductCart. One of the most common reasons is that your Transaction Key has changed or does not match the one originally entered in your Settings in the ProductCart Control Panel. You should then login to your Merchant Console and request a new Transaction Key, which is under:

Settings & Profile > Security > Obtain New Transaction Key

…. then login to the ProductCart Control Panel and paste the new Transaction Key into the proper field below the login ID under the settings, and update your settings.

Another reason for Error 3, is if you have enabled the Fraud Detection Suite in, they require a specific IP Address of your ProductCart Server to verify that each request is legitimate… however if your Server IP Address ever changes for any reason, then your ProductCart Store will no be able to communicate with - so you will need to update the Server IP Address in the Fraud Detection Suite settings.

QR Code
QR Code Authorize.Net (generated for current page)