Authorize.Net CIM Payment Module for Magento

Authorize.Net CIM Payment Module for Magento

The convenience of stored credit cards, with the security of Authorize.Net.

Magento Community 1.5, 1.6, 1.7, 1.8, 1.9
Magento Enterprise 1.9, 1.10, 1.11, 1.12, 1.13, 1.14
Latest Version
2.3.5 (Oct 09, 2017) - View Release Notes
We will install and configure the module for you, and make sure it works properly in its intended environment.
Request Demo Login

Questions? Give us a call: 717-431-3330

Looking for Magento 2? We have a Magento 2-compatible version already available: Authorize.Net CIM for Magento 2.x

We know what you're looking for. You want a proven solution that just works, with all of the features you would expect, from a reputable company that stands behind their product. Our payment extensions are used on thousands of Magento stores. We know what we're doing, and we've been doing it for a long time. We pride ourselves on quality support. If you need help, we'll make sure you're taken care of.

Payment processing is a fundamental part of your business, and it's a fundamental part of ours too. We'll help you make sure it never becomes a problem.

Authorize.Net is one of the world's largest premier payment gateways, serving over 400,000 merchants. Their services allow you to accept payment from your customers, by credit card or eCheck, straight from your website.

This extension brings Authorize.Net's Customer Information Manager (CIM) to Magento. Authorize.Net CIM takes payment processing to a whole new level, by allowing your customers to store payment information on Authorize.Net's secure servers. This gives you and your customers the convenience of stored credit cards, with all the safety and security of Authorize.Net. It also allows us to give you many advanced features that most payment methods simply aren't capable of.


This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.

  • Pay by credit card or ACH (eCheck)*
  • Enable Accept.js to send CC info straight to Authorize.Net, for enhanced security
  • Authorize or Authorize & Capture (invoice immediately, or upon shipment)
  • Partially invoice orders (including reauthorization on partial invoice)
  • Refund (Online Credit Memo)
  • Partially refund orders
  • Void/cancel authorizations
  • Send shipping address to Authorize.Net
  • Send line items to Authorize.Net
  • Require CCV code (for new cards, or with every purchase)
  • Address Verification (AVS)
  • Advanced Fraud Detection Suite (AFDS) and hold-for-review
  • Support 3D Secure (Verified by Visa and MasterCard SecureCode) on checkout**
  • Save credit cards for reuse
  • Add, edit, and delete saved payment data for each customer
  • Edit orders without contacting the customer for their CC info (even for guests!)
  • Reorder without contacting the customer for registered accounts
  • Capture funds even after the authorization expires
  • Magento SOAP API support (V1 and V2)
  • Multi-store support: Use a different Authorize.Net account for each website
  • User-friendly setup and configuration

The first time a customer checks out, they'll get a standard form to enter credit card details. If they choose to save the card, the next time they checkout they can reuse that card with a single click. Your customers can also view, add, edit, and delete their stored payment data through a 'Manage My Cards' interface in My Account. All frontend features are also available in the Magento Admin Panel.

* This extension has built-in support for ACH processing. ACH is configured as its own payment method, and can be enabled or disabled at will. To process ACH payments, you must apply and be accepted by Authorize.Net. For more info, see Authorize.Net's eCheck.Net FAQ.

** 3D Secure card validation allows select customers to log in with their credit card merchant for fraud protection. This requires separate enrollment and configuration of CardinalCommerce's 3D Secure services, not included with this extension. Due to the nature of stored credit cards, not all transactions are covered. 3D Secure is not compatible with Accept.js.

This version of the payment module does not support Magento's Recurring Profiles. If you would like to use recurring profiles with Authorize.Net, consider purchasing Authorize.Net CIM with Recurring Profiles.


Stored payment info is good for your business.

  • It simplifies checkout.
  • It encourages your customers to keep coming back.
  • It lets your customer service staff quickly process orders and billing changes, without needing to ask customers for credit card info once it's stored.
  • It streamlines order management and integration (for compatible systems).


This is an Authorize.Net Certified Solution since 2013, listed in Authorize.Net's official certified solutions directory. Our payment modules are used on thousands of Magento stores, and our reviews speak for themselves.

Authorize.Net Certified Solution


All communication with Authorize.Net is done using SSL encryption, and no confidential cardholder data is ever stored on your own server. A process called tokenization is used to run transactions with stored payment information. This lets your customers pay with a 'saved' card that's not on your server at all.

We are often asked about PCI compliance. PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, passwords, business processes, regular security scans, other payment methods, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't log confidential cardholder data, or do anything else that would bring you under scrutiny.

The exact PCI scope of this extension depends on your configuration.

  • If you enable Accept.js, and do not accept ACH payments, we will not send any confidential payment data through your server. Since Accept.js sends the credit card number directly to Authorize.Net, using this extension for all credit card transactions may make you eligible for PCI Self-Assessment Questionnaire (SAQ) A-EP.
  • If you do not enable Accept.js, this payment method falls under the scope of PCI SAQ D.

For details on the SAQ types and why, see "Understanding the SAQs for PCI DSS version 3" (PDF, by PCI Security Standard Council).


We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows Magento standards and best practices. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify the source any way you need to (within the terms of the license).

This module supports many third-party extensions, including one-page and other custom checkout modules, and XTENTO's Magento Order Export Module.


We pride ourselves on quality support, which includes free bug fixes and updates for the lifetime of this extension.

Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at

If you are not satisfied, we have a no-questions refund policy for thirty days after purchase.

Functional and stable

We needed the "save my card" feature for our new B2B dealer portal. The idea is that the business owners populate the saved credit card info once, after which their buyers can use it for purchases without being able to see the info. Very stable, a great extension. Since purchasing the extension, we receive Paradox newsletters, which I find useful to understand what's happening in the Magento world.

Reviewed by Graham Wilkins on August 4, 2017
Awesome support

ParadoxLabs was awesome. In no time they figured out what was happening and how to fix it! I spent days myself and was still lost to what happened.

Reviewed by Matthew Ulbrich on April 1, 2016
Fast and helpful

Great communication and speedy work. Will definitely be back to you when we need something else done.

Reviewed by Damon V on March 30, 2016
Fantastic service

Thanks for helping me get our issue with payment method figured out. Our accounting department is very appreciative.

Reviewed by Jeff McRitchie on March 3, 2016
Great support

Very professional service. Quick, accurate, efficient. Thanks!

Reviewed by Brian DeSpain on January 25, 2016
So helpful!

Great customer service. Took the time to further explain details of how the extension worked and why it worked that way.

Reviewed by Trevor Melvin on January 12, 2016
Fantastic module

I've reviewed all of the CIM modules on the market (Gorilla's, IDP, etc) and this module seemed like the best option. I've used it on a couple of sites and it works great.

Reviewed by erikpallha on May 19, 2015
Good CIM -

- Had an issue where our developer didn't do according to paradoxlab so some browsing user weren't able to type informaiton
- Ryan instantly looked, interpreted, and even fixed minor error for us
- it works every nice.
- able to edit, add, delete saved card info

Reviewed by shopconmignon on March 23, 2015
Delivers as Promised + Excellent Support

Have tried both versions 1.4 & 2.0 of this module.

Both function as promised. If part of your business requirements is always needing the CCV code for all transactions, not just the first one to create a CIM profile, you will need v2.0.

Support is superb. Very responsive, articulate and extremely reasonable.

Any bugs I've submitted have been resolved quickly. Even worked me to resolve some confusion regarding Authorize.Net filter/validation settings.

Reviewed by dk88 on October 28, 2014
A good module - Community 1.9

I bought this module and had some issues and they were resolved quickly. The developer was very nice and always getting back quickly.

Reviewed by denisa84 on September 16, 2014
Great Module, Great Support

After evaluating about 10 of these Authorize.Net CIM modules, I decided on Paradox Lab's module. I emailed Paradox ahead of purchasing and they promptly answered all of my questions. During development and testing, they quickly answered additional questions and even helped as much as they could on troubleshooting compatibility with a third-party fraud module. Last, they even went as far as incorporating a small change into a release based on our feedback. Great module, competent developer and great support.

It's worth noting that some other modules require ionCube and parts of the source are encoded. As well, other modules sometimes don't support online refunds with the CIM payment method. Paradox Lab's module is fully open, does not require ionCube and supports all of the necessary CIM functionality for our usage.

Reviewed by quasiobject on January 16, 2014
Excellent update!

I bought this a year ago and finally got around to getting an updated version. Customer support was quick providing updated extension and the upgrade went without a hitch. I'm also using the Xtento Bulk Processing extension along side with the extension and it does not have trouble.

Reviewed by jsiu on January 8, 2014
Great Extension that is extremely easy to install!

I needed this extension for the integration of CIM and Magento. I called and talked with support for a brief 3-5 minutes to make sure I understood that this would do what I needed. Purchased the extension and had it installed and taking payments in 15 minutes! I am not a webmaster, more of a webpeasant boy.

Great service, extension is extremely easy to use and interfaces well with FireCheckout, one page checkout.

Reviewed by maddogl on November 11, 2013
Excellent Support, Great Plugin

This plugin works exactly as advertised, and the support from Brett and Paradox Labs is amazing. He truly bent over backwards to make sure everything worked on my highly customized store.

Reviewed by kimball1 on March 13, 2013
Highly recommended

This extension works perfectly and the support from Paradox is fantastic. We needed a small feature added and they were extremely responsive and we got the feature added which allowed us to deploy it on our store.

Reviewed by lloydalvarez on February 26, 2013
awesome plugin ... highly recommended

We purchased version 1.1.4 of this plugin and installed it with ZERO issues on magento version

Version 1.2 was shortly released after our initial purchase ... we sent an email asking for the update and shortly after it was emailed with a change log.
Works perfectly and we highly recommend using this module as users love the convenience factor.

Great plugin & great support!

Reviewed by MPS_ONLINE on February 19, 2013
Great extension

Great extension! I'm running 1.6.2 and this worked straight out of the box. (download) there were some minor bugs but the support responded quickly and updated right away.

Reviewed by jsiu on January 15, 2013
Super helpful

Just posting to mirror what teganbulu has said. These guys are super helpful and go the extra mile to make sure you've got everything you need. I've had no problems working with the module's code, and Ryan was happy to give me some assistance when I was making a couple of modifications.

As for the module itself, it does everything as expected, and we haven't run into any issues.

Reviewed by FujiwaraTakumi on January 14, 2013
Well written and easy to follow

I'm a developer myself, the code is well written and easy to follow. I used this extension as a building block to build a import script to aid in migrating all our existing customers at Recurly into Magento recurring profiles. I worked with Paradox Labs and Ryan. Good people. So far it is working good.

Reviewed by teganbulu on December 5, 2012
Sweet extension

Sweet extension. I highly recommend it, support is great.

Reviewed by WinesandMakers on October 25, 2012

Only registered users can write reviews. Please, log in or register.

I entered my Authorize.Net API Login ID and Transaction Key. Why is it telling me they are invalid?

You most likely are trying to use a live Authorize.Net account with the CIM payment module set to test mode, or vice versa.

In order to test CIM payment processing, you need to sign up for a free developer account at Authorize.Net. (The account type must be 'card not present.') After registering, you will be given an API Login ID and Transaction Key. Save these, then copy them into the Magento configuration at Admin Panel > System > Configuration > Payment Methods > Authorize.Net CIM. Also set 'Authorize.Net Test Mode' to 'Yes', then save.

To handle to live payment processing with CIM, enter your real Authorize.Net account details (API Login ID and Transaction Key) and set 'Authorize.Net Test Mode' to 'No'.

Make sure that test mode is not enabled in your account settings at Authorize.Net, and that CIM is enabled.


How do I do an online refund?

You most likely clicked the 'Credit Memo' button from the order page. In order to process an 'online' refund through Authorize.Net, you have to open the related invoice and click the 'Credit Memo' button from there. At the bottom of the page, you should now see a button that just says 'Refund'.


I use the OneStepCheckout module, and trying to check out gives an error: 'AuthNetCIM: Payment Failed.' What's wrong?

This error can occur if you have multiple inline credit card payment methods enabled simultaneously. The simplest solution is to disable all but one. Alternatively, you can contact the developer about resolving the issue, or see their knowledgebase article here: OneStepCheckout: Credit card payments are failing to validate


I got an email from Authorize.Net about a new Akamai API endpoint. Does that affect me?

Authorize.Net offers an alternate API endpoint that using Akamai for better stability. Our extension already uses that alternate endpoint, so you have nothing to worry about. The same announcement also mentions transaction ID changes and an RC4 cipher change; neither of those should affect you.

Download the complete user manual here: Authorize.Net CIM Payment Module for Magento - User Manual (pdf)


  • Purchasing this product grants you a license for use on one installation of Magento, plus any associated non-production environments.
  • Our products are 100% unencoded. You are free to modify it as you see fit, within the terms of the complete license below.

Software License

This a legal agreement between you (either an individual or a single entity) and ParadoxLabs inc. for the ParadoxLabs inc software product(s) which may include associated software components, media, printed materials, and "online" or electronic documentation ("software product"). By installing, copying, or otherwise using the software product, you agree to be bound by the terms of this Agreement. This license agreement represents the entire agreement concerning the program between you and ParadoxLabs inc, (referred to as "licenser"), and it supersedes any prior proposal, representation, or understanding between the parties. If you do not agree to the terms of this agreement, do not install or use the software product.

The software product is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The software product is licensed, not sold.

    The software product is licensed as follows:
    1. Installation and Use.
      ParadoxLabs inc grants you the right to install and use the software product on one website.
    2. Backup Copies.
      You may also make copies of the software product as may be necessary for backup and archival purposes.

    1. Maintenance of Copyright Notices.
      You must not remove or alter any copyright notices on any and all copies of the software product.
    2. Distribution.
      You may not distribute copies of the software product to third parties.
    3. Prohibition on Reverse Engineering, Decompilation, and Disassembly.
      You may not reverse engineer, decompile, or disassemble the software product, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
    4. Rental.
      You may not rent, lease, or lend the software product.
    5. Support Services.
      ParadoxLabs inc may provide you with support services related to the software product ("Support Services"). Any supplemental software code provided to you as part of the Support Services shall be considered part of the software product and subject to the terms and conditions of this Agreement.
    6. Compliance with Applicable Laws.
      You must comply with all applicable laws regarding use of the software product.

    Without prejudice to any other rights, ParadoxLabs inc may terminate this Agreement if you fail to comply with the terms and conditions of this Agreement. In such event, you must destroy all copies of the software product in your possession.

    All title, including but not limited to copyrights, in and to the software product and any copies thereof are owned by ParadoxLabs inc. All title and intellectual property rights in and to the content which may be accessed through use of the software product is the property of the respective content owner and may be protected by applicable copyright or other intellectual property laws and treaties. This Agreement grants you no rights to use such content. All rights not expressly granted are reserved by ParadoxLabs inc.

    ParadoxLabs inc expressly disclaims any warranty for the software product. The software product is provided 'As Is' without any express or implied warranty of any kind, including but not limited to any warranties of merchantability, noninfringement, or fitness of a particular purpose. ParadoxLabs inc does not warrant or assume responsibility for the accuracy or completeness of any information, text, graphics, links or other items contained within the software product. ParadoxLabs inc makes no warranties respecting any harm that may be caused by the transmission of a computer virus, worm, time bomb, logic bomb, or other such computer program. ParadoxLabs inc further expressly disclaims any warranty or representation to Authorized Users or to any third party.

    In no event shall ParadoxLabs inc be liable for any damages (including, without limitation, lost profits, business interruption, or lost information) rising out of 'Authorized Users' use of or inability to use the software product, even if ParadoxLabs inc has been advised of the possibility of such damages. In no event will ParadoxLabs inc be liable for loss of data or for indirect, special, incidental, consequential (including lost profit), or other damages based in contract, tort or otherwise. ParadoxLabs inc shall have no liability with respect to the content of the software product or any part thereof, including but not limited to errors or omissions contained therein, libel, infringements of rights of publicity, privacy, trademark rights, business interruption, personal injury, loss of privacy, moral rights or the disclosure of confidential information.