Authorize.Net CIM with Recurring Profiles for Magento

Authorize.Net CIM with Recurring Profiles for Magento

Store credit cards securely with Authorize.Net. Supports recurring profiles.

Magento Community 1.5, 1.6, 1.7, 1.8, 1.9
Magento Enterprise 1.9, 1.10, 1.11, 1.12, 1.13, 1.14
Latest Version
2.3.5 (Oct 09, 2017) - View Release Notes
We will install and configure the module for you, and make sure it works properly in its intended environment.
Request Demo Login

Questions? Give us a call: 717-431-3330

Looking for Magento 2? We have a Magento 2-compatible version already available: Authorize.Net CIM for Magento 2.x

We know what you're looking for. You want a proven solution that just works, with all of the features you would expect, from a reputable company that stands behind their product. Our payment extensions are used on thousands of Magento stores. We know what we're doing, and we've been doing it for a long time. We pride ourselves on quality support. If you need help, we'll make sure you're taken care of.

Payment processing is a fundamental part of your business, and it's a fundamental part of ours too. We'll help you make sure it never becomes a problem.

Authorize.Net is one of the world's largest premier payment gateways, serving over 400,000 merchants. Their services allow you to accept payment from your customers, by credit card or eCheck, straight from your website.

This extension brings Authorize.Net's Customer Information Manager (CIM) to Magento. Authorize.Net CIM takes payment processing to a whole new level, by allowing your customers to store payment information on Authorize.Net's secure servers. This gives you and your customers the convenience of stored credit cards, with all the safety and security of Authorize.Net. It also allows us to give you many advanced features that most payment methods simply aren't capable of.


This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.

  • Pay by credit card or ACH (eCheck)*
  • Enable Accept.js to send CC info straight to Authorize.Net, for enhanced security
  • Accept payment for Recurring Profile products
  • Authorize or Authorize & Capture (invoice immediately, or upon shipment)
  • Partially invoice orders (including reauthorization on partial invoice)
  • Refund (Online Credit Memo)
  • Partially refund orders
  • Void/cancel authorizations
  • Send shipping address to Authorize.Net
  • Send line items to Authorize.Net
  • Require CCV code (for new cards, or with every purchase)
  • Address Verification (AVS)
  • Advanced Fraud Detection Suite (AFDS) and hold-for-review
  • Support 3D Secure (Verified by Visa and MasterCard SecureCode) on checkout**
  • Save credit cards for reuse
  • Add, edit, and delete saved payment data for each customer
  • Edit orders and reorder without contacting the customer for their CC info (even for guests!)
  • Capture funds even after the authorization expires
  • Magento SOAP API support (V1 and V2)
  • Multi-store support: Use a different Authorize.Net account for each website
  • User-friendly setup and configuration

The first time a customer checks out, they'll get a standard form to enter credit card details. If they choose to save the card, the next time they checkout they can reuse that card with a single click. Your users can also view, add, edit, and delete their stored payment data through a 'Manage My Cards' interface in My Account. All frontend features are also available in the Magento Admin Panel.

* This extension has built-in support for ACH processing. ACH is configured as its own payment method, and can be enabled or disabled at will. To process ACH payments, you must apply and be accepted by Authorize.Net. For more info, see Authorize.Net's eCheck.Net FAQ.

** 3D Secure card validation allows select customers to log in with their credit card merchant for fraud protection. This requires separate enrollment and configuration of CardinalCommerce's 3D Secure services, not included with this extension. Due to the nature of stored credit cards, not all transactions are covered. 3D Secure is not compatible with Accept.js.

This version of the payment module fully supports Magento's Recurring Profiles feature, allowing you to make multi-payment products, recurring payments subscriptions, or services without relying on Paypal. Billing is performed on the schedule you define, and you're always in complete control.


Stored payment info is good for your business.

  • It simplifies checkout.
  • It encourages your customers to keep coming back.
  • It lets your customer service staff quickly process orders and billing changes, without needing to ask customers for credit card info once it's stored.
  • It streamlines order management and integration (for compatible systems).


This is an Authorize.Net Certified Solution since 2013, listed in Authorize.Net's official certified solutions directory. Our payment modules are used on thousands of Magento stores, and our reviews speak for themselves.

Authorize.Net Certified Solution


All communication with Authorize.Net is done using SSL encryption, and no confidential cardholder data is ever stored on your own server. A process called tokenization is used to run transactions with stored payment information. This lets your customers pay with a 'saved' card that's not on your server at all.

We are often asked about PCI compliance. PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, passwords, business processes, regular security scans, other payment methods, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't log confidential cardholder data, or do anything else that would bring you under scrutiny.

The exact PCI scope of this extension depends on your configuration.

  • If you enable Accept.js, and do not accept ACH payments, we will not send any confidential payment data through your server. Since Accept.js sends the credit card number directly to Authorize.Net, using this extension for all credit card transactions may make you eligible for PCI Self-Assessment Questionnaire (SAQ) A-EP.
  • If you do not enable Accept.js, this payment method falls under the scope of PCI SAQ D.

For details on the SAQ types and why, see "Understanding the SAQs for PCI DSS version 3" (PDF, by PCI Security Standard Council).


We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows Magento standards and best practices. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify the source any way you need to (within the terms of the license).

This module supports many third-party extensions, including one-page and other custom checkout modules, and XTENTO's Magento Order Export Module.


We pride ourselves on quality support, which includes free bug fixes and updates for the lifetime of this extension.

Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at

If you are not satisfied, we have a no-questions refund policy for thirty days after purchase.

Great customer service

Great support as always. Keep up the good work!

Reviewed by Bryant on April 8, 2016
Easy to use, Amazing support, Over all an Excellent Extension

This extension is worth every penny and more! The extension was very simple to install and worked as described. I had a few additional questions and ParadoxLabs went above and beyond not only answering my question but did so in a timely manner.

I would HIGHLY recommend this extension and anything that is created by the ParadoxLabs team. Bravo and thank you!

Reviewed by christinarule on October 31, 2013
Perfect extension for Authorize CIM Feature

I have been researching these extensions and companies for a month or so before speaking with the people at Paradox and purchasing the extension. When I called paradox I was able to speak with the actual developer that created this extension to ask him the important functional spec questions.

I reached out to the other extension companies offering Authorize CIM and received no response and there was not much information available about them online. The company behind an extension is very important since some of these companies have no plan on maintaining their extension.

I installed the extension and had a conflict with a theme I installed. The helpful people at PardoxLabs went in and fixed the problem within 15 mins. The extension works perfect for using our customers saved CC in both admin and front end. We are also using the recurring profiles feature for some products. I highly recommend this extension over any of the other cheaper ones. You get what you pay for!!

Reviewed by elitesports on May 19, 2013
Excellent Module - Great Customer Service

I bought this module over 6 months ago and the developers have given me excellent support and free updates!

Module works really well. Developers were able to help me track down an issue with deleted profiles that was causing the cron not to run and didn't charge me for it :)

Reviewed by SalesIgniter on May 13, 2013
Highly recommend

WOW! Worked right out of the box! Very easy install, configuration is likewise straightforward. This module works for recurring payments, has a 15 day guarantee, and even has an installation service, which is good for owners who don't want to engage a developer to get this service. Highly recommend!

Reviewed by mzee20 on December 20, 2012
Great extension and great customer service

Great extension and great customer service.

Paradox Labs went above and beyond to make sure the extension fit our business needs.

Highly recommended, and if you want Recurring Profiles without PayPal this is what you need.

Reviewed by chazv on October 18, 2012

Only registered users can write reviews. Please, log in or register.

I entered my Authorize.Net API Login ID and Transaction Key. Why is it telling me they are invalid?

You most likely are trying to use a live Authorize.Net account with the CIM payment module set to test mode, or vice versa.

In order to test CIM payment processing, you need to sign up for a free developer account at Authorize.Net. (The account type must be 'card not present.') After registering, you will be given an API Login ID and Transaction Key. Save these, then copy them into the Magento configuration at Admin Panel > System > Configuration > Payment Methods > Authorize.Net CIM. Also set 'Authorize.Net Test Mode' to 'Yes', then save.

To handle to live payment processing with CIM, enter your real Authorize.Net account details (API Login ID and Transaction Key) and set 'Authorize.Net Test Mode' to 'No'.

Make sure that test mode is not enabled in your account settings at Authorize.Net, and that CIM is enabled.


How do I do an online refund?

You most likely clicked the 'Credit Memo' button from the order page. In order to process an 'online' refund through Authorize.Net, you have to open the related invoice and click the 'Credit Memo' button from there. At the bottom of the page, you should now see a button that just says 'Refund'.


I use the OneStepCheckout module, and trying to check out gives an error: 'AuthNetCIM: Payment Failed.' What's wrong?

This error can occur if you have multiple inline credit card payment methods enabled simultaneously. The simplest solution is to disable all but one. Alternatively, you can contact the developer about resolving the issue, or see their knowledgebase article here: OneStepCheckout: Credit card payments are failing to validate


I got an email from Authorize.Net about a new Akamai API endpoint. Does that affect me?

Authorize.Net offers an alternate API endpoint that using Akamai for better stability. Our extension already uses that alternate endpoint, so you have nothing to worry about. The same announcement also mentions transaction ID changes and an RC4 cipher change; neither of those should affect you.

Download the complete user manual here: Authorize.Net CIM with Recurring Profiles for Magento - User Manual (pdf)


  • Purchasing this product grants you a license for use on one installation of Magento, plus any associated non-production environments.
  • Our products are 100% unencoded. You are free to modify it as you see fit, within the terms of the complete license below.

Software License

This a legal agreement between you (either an individual or a single entity) and ParadoxLabs inc. for the ParadoxLabs inc software product(s) which may include associated software components, media, printed materials, and "online" or electronic documentation ("software product"). By installing, copying, or otherwise using the software product, you agree to be bound by the terms of this Agreement. This license agreement represents the entire agreement concerning the program between you and ParadoxLabs inc, (referred to as "licenser"), and it supersedes any prior proposal, representation, or understanding between the parties. If you do not agree to the terms of this agreement, do not install or use the software product.

The software product is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The software product is licensed, not sold.

    The software product is licensed as follows:
    1. Installation and Use.
      ParadoxLabs inc grants you the right to install and use the software product on one website.
    2. Backup Copies.
      You may also make copies of the software product as may be necessary for backup and archival purposes.

    1. Maintenance of Copyright Notices.
      You must not remove or alter any copyright notices on any and all copies of the software product.
    2. Distribution.
      You may not distribute copies of the software product to third parties.
    3. Prohibition on Reverse Engineering, Decompilation, and Disassembly.
      You may not reverse engineer, decompile, or disassemble the software product, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
    4. Rental.
      You may not rent, lease, or lend the software product.
    5. Support Services.
      ParadoxLabs inc may provide you with support services related to the software product ("Support Services"). Any supplemental software code provided to you as part of the Support Services shall be considered part of the software product and subject to the terms and conditions of this Agreement.
    6. Compliance with Applicable Laws.
      You must comply with all applicable laws regarding use of the software product.

    Without prejudice to any other rights, ParadoxLabs inc may terminate this Agreement if you fail to comply with the terms and conditions of this Agreement. In such event, you must destroy all copies of the software product in your possession.

    All title, including but not limited to copyrights, in and to the software product and any copies thereof are owned by ParadoxLabs inc. All title and intellectual property rights in and to the content which may be accessed through use of the software product is the property of the respective content owner and may be protected by applicable copyright or other intellectual property laws and treaties. This Agreement grants you no rights to use such content. All rights not expressly granted are reserved by ParadoxLabs inc.

    ParadoxLabs inc expressly disclaims any warranty for the software product. The software product is provided 'As Is' without any express or implied warranty of any kind, including but not limited to any warranties of merchantability, noninfringement, or fitness of a particular purpose. ParadoxLabs inc does not warrant or assume responsibility for the accuracy or completeness of any information, text, graphics, links or other items contained within the software product. ParadoxLabs inc makes no warranties respecting any harm that may be caused by the transmission of a computer virus, worm, time bomb, logic bomb, or other such computer program. ParadoxLabs inc further expressly disclaims any warranty or representation to Authorized Users or to any third party.

    In no event shall ParadoxLabs inc be liable for any damages (including, without limitation, lost profits, business interruption, or lost information) rising out of 'Authorized Users' use of or inability to use the software product, even if ParadoxLabs inc has been advised of the possibility of such damages. In no event will ParadoxLabs inc be liable for loss of data or for indirect, special, incidental, consequential (including lost profit), or other damages based in contract, tort or otherwise. ParadoxLabs inc shall have no liability with respect to the content of the software product or any part thereof, including but not limited to errors or omissions contained therein, libel, infringements of rights of publicity, privacy, trademark rights, business interruption, personal injury, loss of privacy, moral rights or the disclosure of confidential information.