# paradoxlabs/authnetcim

> Authorize.Net CIM payment method for Magento 2.x by Paradox Labs

`composer require paradoxlabs/authnetcim`

Canonical URL: https://packagento.com/paradoxlabs/authnetcim

## At a glance

- **Vendor**: paradoxlabs (https://packagento.com/paradoxlabs.md)
- **Latest version**: 6.0.0 — released 2026-06-17
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/paradoxlabs/authnetcim and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require paradoxlabs/authnetcim:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

Authorize.Net CIM payment method for Magento 2.x by Paradox Labs

## README

[![Latest Stable Version](https://poser.pugx.org/paradoxlabs/authnetcim/v/stable)](https://packagist.org/packages/paradoxlabs/authnetcim)
[![License](https://poser.pugx.org/paradoxlabs/authnetcim/license)](https://packagist.org/packages/paradoxlabs/authnetcim)
[![Total Downloads](https://poser.pugx.org/paradoxlabs/authnetcim/downloads)](https://packagist.org/packages/paradoxlabs/authnetcim)

<p align="center">
    <a href="https://www.paradoxlabs.com"><img alt="ParadoxLabs" src="https://paradoxlabs.com/wp-content/uploads/2020/02/pl-logo-canva-2.png" width="250"></a>
</p>

Authorize.net is one of the world's largest payment gateways, serving over 400,000 merchants. Their services allow you
to accept payment from your customers, by credit card or eCheck, straight from your website. You must have an
Authorize.net account to use this extension (account fees will vary).

This extension brings
Authorize.net's [Customer Information Manager (CIM)](https://support.authorize.net/s/article/What-Is-the-Customer-Information-Manager-CIM)
service to Magento 2. Authorize.net CIM takes payment processing to a whole new level, by allowing your customers to
store their payment info on Authorize.net's secure servers. This gives you and your customers the convenience of stored
credit cards, with all the security of Authorize.net. It also allows us to give you many advanced features that most
payment methods aren't capable of.

For full product details,
please [visit our website](https://store.paradoxlabs.com/magento2-authorize-net-cim-payment-module.html).

Don't have an Authorize.net account yet? [Sign up now](http://reseller.authorize.net/application/?resellerId=24716)

Requirements
============

* Adobe Commerce / Magento Open Source 2.4.6 – 2.4.9 (or equivalent version of Adobe Commerce Cloud), or Mage-OS 2.0 – 3.0
* PHP 8.1, 8.2, 8.3, 8.4, or 8.5
* composer 2

Features
========

* Pay by credit card or ACH (eCheck)
* Save credit cards (tokens) for reuse
* Add, edit, and delete saved payment data
* Edit orders and reorder, without having to ask the customer for CC info again
* Authorize, Capture, or Save CC Info (without charging) at time of checkout
* Capture funds even after the authorization expires
* Partially invoice orders (including reauthorization on partial invoice)
* Partially refund (online credit memo)
* Send shipping address and line items to Authorize.net
* Require CCV code when adding a card, or with every purchase
* Validate billing address with Address Verification (AVS)
* Update stored cards automatically with Account Updater
* Protect against fraud with Advanced Fraud Detection Suite (AFDS) and hold-for-review
* Integrate your systems thanks to Magento API support
* Use a different Authorize.net account for each website (multi-store support)
* Supports
  ParadoxLabs [Adaptive Subscriptions](https://store.paradoxlabs.com/magento2-subscriptions-recurring-billing.html)
  extension

Installation and Usage
======================

In SSH at your Magento base directory, run:

    composer require paradoxlabs/authnetcim
    php bin/magento module:enable ParadoxLabs_Authnetcim ParadoxLabs_TokenBase
    php bin/magento setup:upgrade

**Before proceeding: Sign up for
an [Authorize.net merchant account](https://ems.authorize.net/oap/home.aspx?SalesRepID=98&ResellerID=24716) if you have
not done so, and ensure your account has Customer Information Manager (CIM) enabled.**

Open your Admin Panel and go to **Stores > Settings > Configuration > Sales > Payment Methods**. If the extension
installed correctly, you will see a new setting section near the bottom titled **Authorize.net CIM**. Enter your **API
Login ID** and **Transaction Key** as found in your Authorize.net account, and complete the rest of the settings. Once
you're done, click **Save Config** to save the changes.

After saving, if the API connection is working properly, the 'API Test Results' setting will display "Authorize.net CIM
connected successfully." in green.

### Applying Updates

In SSH at your Magento base directory, run:

    composer update paradoxlabs/authnetcim
    php bin/magento setup:upgrade

These commands will download and apply any available updates to the module.

If you have any integrations or custom functionality based on this extension, we strongly recommend testing to ensure
they are not affected.

**If you have modified the template or JS files in any theme**, be sure to update them to match any changes in the
extension. Failing to do this may result in errors during checkout or card management.

Changelog
=========

Please see [CHANGELOG.md](https://github.com/ParadoxLabs-Inc/authnetcim/blob/master/CHANGELOG.md).

Support
=======

This module is provided free and without support of any kind. You may report issues you've found in the module, and we
will address them as we are able, but **no support will be provided here.**

**DO NOT include any API keys, credentials, or customer-identifying in issues, pull requests, or comments. Any
personally identifying information will be deleted on sight.**

If you need personal support services,
please [buy an extension support plan from ParadoxLabs](https://store.paradoxlabs.com/support-renewal.html), then open a
ticket at [support.paradoxlabs.com](https://support.paradoxlabs.com).

Contributing
============

Please feel free to submit pull requests with any contributions. We welcome and appreciate your support, and will
acknowledge contributors.

This module is maintained by ParadoxLabs, a Magento solutions provider. We make no guarantee of accepting contributions,
especially any that introduce architectural changes.

License
=======

This module is licensed
under [APACHE LICENSE, VERSION 2.0](https://github.com/ParadoxLabs-Inc/authnetcim/blob/master/LICENSE).

## Changelog

### 6.0.0 - Jun 17, 2026: PHP 8.1–8.5 compatibility

**WARNING: PHP 8.1 is now the minimum. Now requires ParadoxLabs_TokenBase 5.0.**

- Added support up to PHP 8.5; PHP 8.1+ is now required.
- Added unit test coverage.
- Fixed billing address handling on API card save to build a customer AddressInterface (type-safety fix).
- Refactored for PHP 8.1+: constructor property promotion, readonly properties, strict types, import cleanup, and `$escaper` usage in templates.

### 5.2.0 - Jan 7, 2026

- Added ability to use a different CIM customer profile for each new checkout, to bypass 10-payment-profile limit
  errors.
- Added intermediate star certificate (DigiCert SHA2 Secure Server CA) to SSL bundle.
- Changed GraphQL to hard dependency, removing compatibility for Magento 2.2.
- Fixed ACH refund to reference masked account data when possible for hosted form compatibility.
- Fixed checkout to reload hosted form if guest email changes. (#20, #21) (Thanks Chris)
- Fixed hosted and webhook transaction amount comparisons to handle string versus float values and precision. (#18)
- Fixed hosted form margin and positioning on 400-740px viewport width.
- Fixed post-auth transaction fraud rejection via webhook failing to cancel the Magento order.
- Fixed "record cannot be found" error on hosted form init if Authorize.net account was changed mid-session. (#8)
- Fixed webhook capture to set invoice transaction ID after an external capture.
- Fixed webhook transaction approval to invoice when the payment action is set to authorize and capture.
- Removed Entrust chain certificates from cert bundle.

### 5.1.4 - Apr 23, 2025

- Added support for Magento 2.4.8.
- Fixed error handling if Accept Hosted returns an invalid JSON response.
- Fixed Hosted form failing to reload on address or totals change on Luma checkout. (#16)
- Fixed Hosted form reloading during order submit.
- Fixed issue where customer id was not being passed into Authorize.net. (#17) (Thanks Chris Huffman)
- Fixed PHP 8.4 compatibility.
- Fixed sending billTo data when no card data is present.

### 5.1.3 - Jan 13, 2025

- Fixed billing address errors when refunding to a stored card.
- Fixed a slow order query on legacy card import if no cards need to be imported. (Fixes #13; thanks Steven Hoffman)
- Fixed a PHP 7.1-7.2 compatibility issue (regression in 5.1.0).
- Fixed payment accept/deny from the admin panel. (Thanks Kyle)
- Fixed possible transaction error if customer email includes "+" and the API changed that to " " on response.

### 5.1.2 - Oct 16, 2024

- Updated SSL certificate bundle.
- Fixed an invalid template reference with the ACH inline form.
- Fixed checkout agreement validation with the hosted payment form; the payment form will no longer display until any
  required terms are accepted.
- Fixed CVV help tooltip showing up at the end of the page after open.
- Fixed input validation on the hosted customer form.

### 5.1.1 - Sept 30, 2024

- Added a help bar to the settings page for manual, support, and requests.
- Updated packaged SSL certificates for the upcoming DigiCert SSL Certificate Migration.
- Fixed CC Type validation errors with the hosted payment form.
- Fixed checkout error if validation mode is still set to 'none' (removed in 5.1.0).
- Fixed possible 'required field' errors on refund by including billing address on refund requests.
- Fixed possible API error on refund if order has no CC last4 stored.
- Fixed webhooks approving an order when the resulting transaction gets declined.

### 5.1.0 - Jun 28, 2024

_(Changelog truncated for .md surface. Full history on https://packagento.com/paradoxlabs/authnetcim.)_

## Recent Versions

| Version | Released |
|---|---|
| 6.0.0 | 2026-06-17 |
| 5.2.0 | 2026-01-12 |
| 5.1.4 | 2025-04-23 |
| 5.1.3 | 2025-01-13 |
| 5.1.2 | 2024-10-16 |
| 5.1.1 | 2024-09-30 |
| 5.1.0 | 2024-06-28 |
| 5.0.1 | 2024-01-23 |
| 5.0.0 | 2023-12-07 |
| 4.5.3 | 2023-11-09 |

Showing 10 of 43 versions. Full release history on https://packagento.com/paradoxlabs/authnetcim.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| paradoxlabs/tokenbase | ~5.0.0 |
| php | >=8.1 |

## Quality

Latest release (6.0.0) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | Pass | Pass |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 446 | 446 warnings (ruleset: Magento2) — 49 auto-fixable with phpcbf |
| PHPMD | Warning | 73 | 73 rule violations (UnusedFormalParameter:26, TooManyPublicMethods:13, CyclomaticComplexity:10, NPathComplexity:10, ExcessiveMethodLength:6) |
| Cpd | Warning | 21 | 21 duplicated chunks spanning 801 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Info | 1 | valid; 1 advisory note (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 131 | 131 | – | – |
| 2.4.8 | – | 131 | 131 | – |
| 2.4.9 | – | – | 125 | 125 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["paradoxlabs/authnetcim"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

paradoxlabs is a Magento 2 vendor on Packagento. See https://packagento.com/paradoxlabs.md for their full catalogue.