Skip to end of metadata
Go to start of metadata

Documentation Search

CiviCRM 4.2 Documentation

Developer Resources

CiviCRM books!

Make sure to check out our Online User/Administrator and Developer Guides! You can also support this project by ordering a hard copy.

Or support us by buying an eBook or hard copy of Using CiviCRM from Packt Publishing.

You can select AIM (Advanced Integration Method) as the Payment Processor for your CiviCRM online contributions, membership sign-up and event registration as of version 1.7. This page describes the configuration requirements and steps.

PHP Configuration Requirements

The following PHP extensions must be enabled in order for CiviCRM to interface with Authorize.Net's payment services:

  • PHP Perl Compatible Regular Expressions extension for PHP 4.3.0+ and higher
  • PHP cURL extension for PHP 4.3.0+ and higher with SSL support

Use phpInfo() to check for these extensions. You should see the following lines:

The MHash extension is also recommended, although not required.

Live vs Test

Authorize.Net has a test server and you can set your Merchant Account to run in Test Mode. In this case, all transactions are considered to be tests. However, you can also use the live server and login for testing. The addition of a single field (x_test_request) to the information being sent to Authorize.Net indicates that the transaction is a test.

Advanced Integration Method vs Simple Integration Method

For Authorize.Net Advanced Integration Method (AIM), card information is submitted to the server. The server then takes all submitted information, and submits it to Authorize.Net as an HTTP Post form. A reply is then received, which consists of a single CSV line. This reply is parsed to determine success or failure, and if failure, the reason for failure.

For Simple Integration Method (SIM), the client submits the form to Authorize.Net. Authorize.Net can optionally be configured to contact the server with the results, and display a response page generated by the server. If this option is not used, though, there will be no way to track contributions, registrations, etc.

At this time, CiviCRM only supports the Advanced Integration Method.

Configure API Access

NOTE: The following assumes that you already have an Authorize.Net merchant account. If you don't, you can go to to sign up.

If you do not already have an API login and Transaction Key, generate these now from the Authorize.Net account page, under Settings, General Security Settings.

After this is done, create the Payment Processor configuration in CiviCRM::

  • Log into CiviCRM as an administrator
  • Select Administer » System Settings » Payment Processors
  • Select Add Payment Processor
  • For Payment Processor Type, choose Authorize.Net
  • Enter the API Login ID and Transaction Key values (Live and/or Test as needed)
  • The MD5 Hash is best left empty.
Site URL for Test Mode

If your Merchant Account is set to run in Test Mode, then you must use the following test server in your Payment Processor Settings for Site URL:

Once your Merchant Account is Live - you may need to modify the CiviCRM Payment Processor settings to use the live server Site URL for both test-drive and live payments:

Remember that credit card information is being transmitted to the server. Unless the site is specifically being used for testing, and no live transactions will take place, it is highly recommended that Force Secure URLs be set

 Automated Recurring Billing offers a recurring payment system called Automated Recurring Billing (ARB) for an additional fee.  Your Settings - Payment Processor page will automatically populate with the standard Recurring Payments URL, but you will need to enable the ARB service in order for recurring contributions to work.

CiviCRM will need to be notified of the success of recurring contributions via a Silent Post URL.  Within, go to Account > Settings > Silent Post URL (within the Transaction Format Settings section).  On that page, enter the URL:




If you fail to do this, one-time contributions will succeed normally, and recurring contributions will be processed successfully by, but the contribution status will be stuck at Pending.

Other Authorize.Net settings

  • Card Code Verification (CCV) and Address Verification Service are free and part of your account. They do need to be configured to be used. If used, they will help prevent credit card fraud.
  • Email Receipt: The emailCustomer AuthorizeNet parameter is hard-coded in CRM/Core/Payment/AuthorizeNet.php to TRUE, so anyone who pays will get an email notification.

Accepted Credit Cards

  • To see the list of credit cards that Authorize.Net will process, select Merchant Profile in the Authorize.Net Account Settings screen.
  • In the Administer CiviCRM screen, select Accepted Credit Cards
  • Disable any cards which are not accepted. If there are any cards accepted which are not listed, add them.


The following card numbers can be used for testing:

  • American Express: 370000000000002
  • Discover: 6011000000000012
  • MasterCard: 5424000000000015
  • Visa: 4007000000000027 (NOTE: This test card number doesn't validate on CiviCRM's contribution page)

These numbers will always succeed in test mode as long as the expiration date is in the future. You can enter any value for the Security Code (CSC) when testing.

Additional Documentation

For more information on the Authorize.Net Advanced Integration Method, see the AIM guide: