search

vcatalano / py-authorize

A full-featured Python API for the Authorize.net payment gateway.
MIT License
42 stars 35 forks source link

HTTP GET deprecation #57

Closed jsma closed 8 years ago

jsma commented 8 years ago

Has this library been audited to ensure it does not make HTTP GET requests? Auth.net is notifying merchants that HTTP GET will be disabled as of July 30, 2016. I'm having difficulty getting any clearer information out of them on this topic, but here is an example email they are sending out:

Dear Authorize.Net Merchant:
We previously contacted you to alert you that we will soon no longer allow HTTP GET methods for transaction requests, because HTTP GET methods do not adhere to current TLS protection requirements. The date for that change has been extended to July 30, 2016. 

However, to avoid any disruptions to your transaction processing, we still recommend that you immediately update your code to use the HTTP POST method instead. Any transaction request submitted using HTTP GET after July 30th will be rejected. 

Please contact your Web developer or solution provider for assistance, or check out our Certified Developer Directory at http://www.authorize.net/cdd to find a developer to help you. 

If you have already made these changes, please disregard this message. If you have any questions about this email, please contact Customer Support. 

Thank you for your attention to this matter and for being an Authorize.Net merchant. 

Sincerely,
Authorize.Net
vcatalano commented 8 years ago

@jsma, I can confirm that the request being sent to the Authorize.net server is an HTTP POST method.

The request is sent using urllib2 here: https://github.com/vcatalano/py-authorize/blob/master/authorize/apis/authorize_api.py#L55-L57. According to the urllib2 documentation, the Request object will use a POST method when the data parameter is provided, which is currently the case.

jsma commented 8 years ago

Thanks for the reply! ...and being gentle with the clue stick ;) I had overlooked the implications of L55.

vcatalano commented 8 years ago

Oops, I didn't mean to sound so blunt in my reply. I just figured I would document how urllib2 distinguishes between POST and GET methods for myself for future reference :-)

jsma commented 8 years ago

You weren't blunt at all! I was in panic mode trying to find out how this change may impact my clients and didn't read the source carefully enough to figure this out for myself. Thanks again!