Authorize.Net CIM for Magento 2

Authorize.Net CIM for Magento 2

Certified by Authorize.Net. The convenience of stored credit cards with the security of Authorize.Net.

Magento Community 2.0, 2.1, 2.2
Magento Enterprise 2.0, 2.1, 2.2, Cloud
Latest Version
4.0.0 (Sep 25, 2017) - View Release Notes
We will install and configure the module for you, and make sure it works properly in its intended environment.
Request Demo Login

Questions? Give us a call: 717-431-3330

This extension is for Magento 2. If you are using Magento 1, go here: Authorize.Net CIM for Magento 1.x

We know what you're looking for. You want a proven solution that just works, with all of the features you would expect, from a reputable company that stands behind their product. Our payment extensions are used on thousands of Magento stores. We know what we're doing, and we've been doing it for a long time. We pride ourselves on quality support. If you need help, we'll make sure you're taken care of.

Payment processing is a fundamental part of your business, and it's a fundamental part of ours too. We'll help you make sure it never becomes a problem.

Authorize.Net is one of the world's largest premier payment gateways, serving over 400,000 merchants. Their services allow you to accept payment from your customers, by credit card or eCheck, straight from your website. There is no extra fee for the Customer Information Manager service, but you must have an Authorize.Net account (fees will vary).

This extension brings Authorize.Net's Customer Information Manager (CIM) service to Magento 2. Authorize.Net CIM takes payment processing to a whole new level, by allowing your customers to store payment information on Authorize.Net's secure servers. This gives you and your customers the convenience of stored credit cards, with all the safety and security of Authorize.Net. It also allows us to give you many advanced features that most payment methods simply aren't capable of.


This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.

  • Pay by credit card or ACH (eCheck)*
  • Enable Accept.js to send CC info straight to Authorize.Net, for enhanced security
  • Save credit cards (tokens) for reuse
  • Add, edit, and delete saved payment data for each customer
  • Edit orders and reorder without contacting the customer for their CC info (even for guests!)
  • Capture funds even after the authorization expires
  • Authorize, Authorize & Capture (invoice at shipment), or Save Info (save payment data without charging at checkout)
  • Partially invoice orders (including reauthorization on partial invoice)
  • Refund (Online Credit Memo)
  • Partially refund orders
  • Void/cancel authorizations
  • Sending shipping address with transactions
  • Sending line items with transactions
  • Require CCV code (on first transaction or with every purchase)
  • Address Verification (AVS)
  • Advanced Fraud Detection Suite (AFDS) and hold-for-review
  • Magento API support
  • Multi-store support: Use different Authorize.Net accounts for each website

The first time a customer checks out, they are given a form to enter credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'Manage My Cards' interface in their account. All frontend features are also available in the Magento Admin Panel.

* This extension has built-in support for ACH processing. ACH is configured as its own payment method, and can be enabled or disabled at will. To process ACH payments, you must apply and be accepted by Authorize.Net. For more info, see Authorize.Net's eCheck.Net FAQ.


Stored payment info is good for your business.

  • It simplifies checkout.
  • It encourages your customers to keep coming back.
  • It lets your customer service staff quickly process orders and billing changes, without needing to ask customers for credit card info once it's stored.
  • It streamlines order management and integration (for compatible systems).


This is an Authorize.Net Certified Solution since 2013, listed in Authorize.Net's official certified solutions directory. Our payment modules are used on thousands of Magento stores, and our reviews speak for themselves.

Authorize.Net Certified Solution


All communication with Authorize.Net is done using SSL encryption, and no confidential cardholder data is ever stored on your own server. A process called tokenization is used to run transactions with stored payment information. This lets your customers pay with a 'saved' card that's not stored on your server at all.

We are often asked about PCI compliance. PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, passwords, business processes, regular security scans, any other payment methods, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't log confidential cardholder data or do anything else that would bring you under scrutiny.

The exact PCI scope of this extension depends on your configuration.

  • If you enable Accept.js, and do not accept ACH payments, we will not send any confidential payment data through your server. Since Accept.js sends the credit card number directly to Authorize.Net, using this extension for all credit card transactions may make you eligible for PCI Self-Assessment Questionnaire (SAQ) A-EP.
  • If you do not enable Accept.js, this payment method falls under the scope of PCI SAQ D.

For details on the SAQ types and why, see "Understanding the SAQs for PCI DSS version 3" (PDF, by PCI Security Standard Council).


We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows all Magento standards and techniques. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify the source any way you need to (within the terms of the license).


We pride ourselves on quality support, which includes free bug fixes and updates for the lifetime of this extension.

Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at

If you are not satisfied, we have a no-questions refund policy for thirty days after purchase.

Very Solid Extension. It works.

After fighting with the OOTB Authorize.Net extension, we decided to purchase the M2 Authorize.Net CIM Extension. The best decision we made. Worked from the beginning; Easy install/config; Just works. We deployed in Magento 2.1.7

Reviewed by Paul Hoskins on September 5, 2017
The module is just Fab :)

The module provides user with a lot of good features except the basic payment method features required.

The additional features that the module supports, i.e.
- when we void the transaction from and click 'Get payment update' button then the suspected fraud types of order gets cancelled
- when we cancel order from magento, the transaction gets voided in
are very helpful to us and automates the process.

Paradoxlabs team is very supportive.
They have always helped us in sorting out any issue / difficulty we faced during the module setup.

Reviewed by Deepika Janiyani on May 12, 2017

Great support.

Reviewed by Tim Shih on September 16, 2016
Always helpful

Paradox is always helpful and provides a solution to resolve the issue with the extension, even if they determine that the real issue is a core bug.

Reviewed by Chris Kendall on August 2, 2016
Excellent customer service

Couldn't ask for better turnaround and communication, thank you.

Reviewed by Mark Foulkrod on June 25, 2016

Only registered users can write reviews. Please, log in or register.

A complete user manual is included with the module. You can download it here: Authorize.Net CIM - User Manual for Magento 2 (pdf)

How do I migrate data from my site running Authorize.Net CIM for Magento 1?

To move from our extension on Magento 1.x to Magento 2, first you'll have to purchase this new version for compatibility. Then, you (or your developer, agency, or system integrator) will have to use the Magento Data Migration Tool to convert all of your data to the new site.

You will have to do some configuration of the data migration tool to include our extension's data fields. You can download a guide on the process here: Migrating Authorize.Net CIM data from Magento 1 to 2

That being said, please be aware that this is a fairly complex process, and data migration is not covered under extension support.


Why are my API Login ID and Transaction Key invalid?

You may be trying to use a live Authorize.Net account with our extension set to sandbox mode, or vice versa.

In order to test CIM payment processing, you need to sign up for a free developer account at Authorize.Net. (The account type must be 'card not present.') After registering, you will be given an API Login ID and Transaction Key. Save these, then copy them into the Magento configuration at Admin > Stores > Settings > Configuration > Sales > Payment Methods > Authorize.Net CIM. Also set 'Sandbox Account' to 'Yes', then save.

To handle to live payment processing with CIM, enter your real Authorize.Net account details (API Login ID and Transaction Key) and set ‘Sandbox Account' to 'No'.

Make sure that test mode is not enabled in your account settings at Authorize.Net, and that CIM is enabled. CIM will not work in test mode.


How do I do an online refund from Magento?

In order to process an 'online' refund through Authorize.Net, you have to go to the invoice you want to refund, and click the 'Credit Memo' button from there.

If you’ve done that correctly, at the bottom of the page you should see a button that says 'Refund'.

If you only have one button that says ‘Refund Offline’, it’s because you clicked ‘Credit Memo’ from the order instead of from the invoice.

The reason for this is that the refund needs to be associated with a particular capture transaction. An order can contain any number of capture transactions, but every capture has an invoice that’s directly related. You refund an invoice, not an order.


Error on checkout: “An error occurred on the server. Please try to place the order again.”

Magento made a change in 2.1.x that means no payment error messages actually make it out to the customer. When these error messages occur, the underlying error is usually some payment failure, like AVS failure, or invalid CCV, or transaction declined. These messages will be recorded in the transaction log (var/log/tokenbase.log), but the customer will only ever be given the generic failure message. Yes, this makes for bad user experience, but it’s not something we can control.

The issue should be resolved with Magento 2.2. In the meantime, you can fix it by overwriting two core files with their versions from 2.2:

vendor/magento/module-checkout/Model/GuestPaymentInformationManagement.php to new version

vendor/magento/module-checkout/Model/PaymentInformationManagement.php to new version

Making these changes will mean customers get the precise error message we intend, and can fix their payment information accordingly.


Error when refunding: “The referenced transaction does not meet the criteria for issuing a credit.”

Authorize.Net does not allow capture transactions to be refunded until they have ‘settled’ with the merchant bank and card processor. Settlement happens once a day, usually in the evening (but varies based on your account settings). If you try to refund a transaction before it has settled, you’ll receive this error message. When this happens, just wait until the next day for the bank to catch up, then try again.

Note that this will only happen if you are attempting a partial refund (refunding less than the total amount of the invoice). If you are refunding the entire invoice and the transaction has not yet settled, we automatically void it instead. You won’t notice anything different.


I got an email from Authorize.Net about a new Akamai API endpoint. Does that affect me?

As of 2016, Authorize.Net offers an alternate API endpoint that routes through Akamai for better stability. Our extension already uses that alternate endpoint, so you have nothing to worry about.

Download the complete user manual here: Authorize.Net CIM for Magento 2 - User Manual (pdf)


  • Purchasing this product grants you a license for use on one installation of Magento, plus any associated non-production environments.
  • Our products are 100% unencoded. You are free to modify it as you see fit, within the terms of the complete license below.

Software License

This a legal agreement between you (either an individual or a single entity) and ParadoxLabs inc. for the ParadoxLabs inc software product(s) which may include associated software components, media, printed materials, and "online" or electronic documentation ("software product"). By installing, copying, or otherwise using the software product, you agree to be bound by the terms of this Agreement. This license agreement represents the entire agreement concerning the program between you and ParadoxLabs inc, (referred to as "licenser"), and it supersedes any prior proposal, representation, or understanding between the parties. If you do not agree to the terms of this agreement, do not install or use the software product.

The software product is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The software product is licensed, not sold.

    The software product is licensed as follows:
    1. Installation and Use.
      ParadoxLabs inc grants you the right to install and use the software product on one website.
    2. Backup Copies.
      You may also make copies of the software product as may be necessary for backup and archival purposes.

    1. Maintenance of Copyright Notices.
      You must not remove or alter any copyright notices on any and all copies of the software product.
    2. Distribution.
      You may not distribute copies of the software product to third parties.
    3. Prohibition on Reverse Engineering, Decompilation, and Disassembly.
      You may not reverse engineer, decompile, or disassemble the software product, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
    4. Rental.
      You may not rent, lease, or lend the software product.
    5. Support Services.
      ParadoxLabs inc may provide you with support services related to the software product ("Support Services"). Any supplemental software code provided to you as part of the Support Services shall be considered part of the software product and subject to the terms and conditions of this Agreement.
    6. Compliance with Applicable Laws.
      You must comply with all applicable laws regarding use of the software product.

    Without prejudice to any other rights, ParadoxLabs inc may terminate this Agreement if you fail to comply with the terms and conditions of this Agreement. In such event, you must destroy all copies of the software product in your possession.

    All title, including but not limited to copyrights, in and to the software product and any copies thereof are owned by ParadoxLabs inc. All title and intellectual property rights in and to the content which may be accessed through use of the software product is the property of the respective content owner and may be protected by applicable copyright or other intellectual property laws and treaties. This Agreement grants you no rights to use such content. All rights not expressly granted are reserved by ParadoxLabs inc.

    ParadoxLabs inc expressly disclaims any warranty for the software product. The software product is provided 'As Is' without any express or implied warranty of any kind, including but not limited to any warranties of merchantability, noninfringement, or fitness of a particular purpose. ParadoxLabs inc does not warrant or assume responsibility for the accuracy or completeness of any information, text, graphics, links or other items contained within the software product. ParadoxLabs inc makes no warranties respecting any harm that may be caused by the transmission of a computer virus, worm, time bomb, logic bomb, or other such computer program. ParadoxLabs inc further expressly disclaims any warranty or representation to Authorized Users or to any third party.

    In no event shall ParadoxLabs inc be liable for any damages (including, without limitation, lost profits, business interruption, or lost information) rising out of 'Authorized Users' use of or inability to use the software product, even if ParadoxLabs inc has been advised of the possibility of such damages. In no event will ParadoxLabs inc be liable for loss of data or for indirect, special, incidental, consequential (including lost profit), or other damages based in contract, tort or otherwise. ParadoxLabs inc shall have no liability with respect to the content of the software product or any part thereof, including but not limited to errors or omissions contained therein, libel, infringements of rights of publicity, privacy, trademark rights, business interruption, personal injury, loss of privacy, moral rights or the disclosure of confidential information.