Plugin: Authorize.Net
We have been getting many transactions failing when processing valid credit card payments using the Authorize.net plugin.
The transactions that have failed are those that are successful, however, they are held to be reviewed and approved by the store owner, as part of Authorize.Net's fraud detection suite. The order still needs to be created when this happens. In the 4.0 plugin, the customer cannot complete the order, and an error is logged to the system.
We used the Authorize.net plugin in the 3.7 version, and these transactions have always processed, and the order were created. Looks like the 4.0 plugin uses a different API which behaves differently.
Error message from the error log:
Short message: Error while placing order. Error 1: Payment error: Authorize.NET unknown error (I00001:Successful.).
Full message:
IP address: 72.143.216.217
Customer: Guest
Page URL: https://www.<our domain>.com/checkout/confirm
Referrer URL: https://www.<our domain>.com/checkout/confirm
We tried to investigate the issue, and looks like the problem is in the AuthorizeNetPaymentProcessor.cs class.
This code in the GetApiResponse function looks for a response != null
var response = controller.GetApiResponse();
if (response != null)
{
then the code proceeds to process the response transaction.
However, a successful response can also be null, as in the example discussed here.
This is a known issue, and is discussed here:
https://github.com/AuthorizeNet/sdk-dotnet/issues/142
We can also see that the error message is logged using the code below, to generate the log message "Authorize.NET unknown error (I00001:Successful.)"
var controllerResult = controller.GetResults().FirstOrDefault();
const string unknownError = "Authorize.NET unknown error";
errors.Add(string.IsNullOrEmpty(controllerResult) ? unknownError : $"{unknownError} ({controllerResult})");
return null;
In this case the controllerResult value of "I00001:Successful" means "The request was processed successfully",
as documented here:
https://developer.authorize.net/api/reference/features/errorandresponsecodes.html
What really needs to happen is:
If response == null
Then check the controller result (controller.GetResults().FirstOrDefault())
If the controller result is (or contains) I00001, then it is a successful transaction, and the customer should be able to complete the order.
This is a very serious issue, as it prevents customers from placing orders.
This needs to be fixed ASAP, for both 4.0 and 4.1 plugins.