Native card payment integration

Authorize.Net for CMS Max

Create a secure, testable card-payment path for CMS Max eCommerce checkout and payment-enabled forms.

CMS Max integrates Authorize.Net as an active credit-card provider using API Login ID and Transaction Key configuration, provider-hosted Accept.js tokenization, sandbox or production endpoints, server-side authorization and capture, and transaction-aware void and refund workflows.

  • Accept.js tokenization
  • Sandbox + live
  • eCommerce checkout
  • Payment forms
  • Void support
  • Refund support
Authorize.Netwith CMS Max
Native card provider
Customer making an online payment through a CMS Max website
CMS Max keeps the payment experience connected to checkout, forms, transaction records, support, and merchant operations while Authorize.Net processes the card transaction.
01Tokenize in browser
02Authorize + capture
03Record transaction
04Void pre-settlement
05Refund after settlement

Payment architecture

Keep raw card data out of the CMS Max server flow.

Authorize.Net Accept.js sends sensitive payment data directly to Authorize.Net and returns opaque payment data for the server transaction request. The merchant still owns account security, PCI obligations, fraud policy, and operational acceptance.

Use the provider tokenization boundary

Load the correct sandbox or production Accept.js library, retrieve the public client key, and submit opaque payment data to the CMS Max server workflow.

Match actions to transaction state

Use a void for an eligible unsettled transaction and a refund for a settled transaction, with the original reference, amount, and required card metadata preserved.

Test the business process

Prove not only approval, but decline, AVS response, invalid credentials, duplicate submission, timeout, refund, reconciliation, staff permissions, and customer communication.

Current capability boundary

Native payment behavior from token to refund.

The exact merchant services, limits, fraud tools, settlement behavior, and approval outcomes are controlled by the active Authorize.Net account and current provider configuration.

01 / Credentials

Protected merchant configuration

Configure the Authorize.Net API Login ID and Transaction Key in CMS Max. The current settings layer treats both as encrypted values and supports sandbox mode.

02 / Browser

Accept.js payment tokenization

Use Authorize.Net-hosted JavaScript to exchange card data for one-time opaque payment data before the CMS Max server sends the transaction request.

03 / Server

Authorization and capture

The native service submits an authorization-and-capture transaction with amount, opaque data, order description, billing details, and merchant context.

04 / Forms

Payment-enabled Maxforms

The CMS Max public form workflow can load Accept.js credentials, tokenize card data, validate payment state, submit the transaction, and record the provider reference.

05 / Void

Reverse eligible unsettled payments

The native provider includes a void path for the original transaction. Eligibility and final response depend on the provider state and current merchant account.

06 / Refund

Return settled funds with context

The native provider includes refund handling using the original transaction reference, amount, and required last-four context, with the result recorded for operations.

Native card provider: Provider accounts, approval, pricing, services, availability, settlement, disputes, and production outcomes remain subject to the current merchant agreement, live configuration, and accepted implementation scope.

Responsibility matrix

Map the Authorize.Net boundary from browser to ledger.

Each layer has a different responsibility. Preserving those boundaries helps reduce credential exposure and makes failures easier to diagnose.

Authorize.Net integration layers and production acceptance evidence.
Workflow areaCurrent boundaryProduction acceptance evidence
Card captureAuthorize.Net Accept.js in the customer browserCorrect environment library, HTTPS, public client key, valid and invalid card tests, accessible input and error behavior
Payment tokenAuthorize.Net opaque payment dataToken response handled once, no raw card details logged, expired and invalid token paths tested
Transaction requestCMS Max native Authorize.Net serviceAPI Login ID, Transaction Key, amount, order context, billing data, auth-capture response, idempotent customer experience
Fraud controlsMerchant Authorize.Net account and merchant policyAVS and card-code policy, Fraud Detection Suite configuration, review queue, decline handling, support ownership
Pre-settlement reversalCMS Max void path plus Authorize.Net transaction stateOriginal reference, eligible state, provider response, order update, customer notice, and reconciliation
Post-settlement returnCMS Max refund path plus Authorize.Net settlement recordOriginal reference, last-four context, amount limits, provider response, audit history, and ledger reconciliation

Transaction lifecycle

Follow the payment through five controlled handoffs.

The integration is strongest when the customer, browser, CMS Max application, Authorize.Net account, and merchant operation each have one clear job.

01

Enter

The customer enters card and billing details into the approved checkout or payment form experience.

02

Tokenize

Accept.js sends payment data to Authorize.Net and returns opaque payment data for the transaction request.

03

Process

CMS Max submits the amount and transaction context to Authorize.Net using the configured merchant credentials.

04

Record

CMS Max stores the provider reference and outcome with the order or form submission for support and operations.

05

Reconcile

The merchant verifies settlement, handles exceptions, voids or refunds when eligible, and closes the accounting loop.

Implementation sequence

Prove the complete Authorize.Net journey before launch.

A sandbox approval is the start of acceptance, not the end.

Confirm merchant services

Verify the Authorize.Net account, supported card brands, currencies, limits, settlement, reserves, fees, fraud tools, users, notifications, and support contacts.

Create and protect credentials

Obtain the API Login ID, Transaction Key, and public client key through approved provider procedures; restrict access and document rotation.

Configure sandbox first

Enable the test environment in CMS Max, use matching sandbox credentials and Accept.js library, and confirm no production credentials leak into tests.

Test checkout and forms

Exercise representative amounts, billing details, card responses, validation, AVS and card-code behavior, duplicate clicks, timeout, abandonment, receipts, and access.

Test operations

Prove order holds, fulfillment rules, void, refund, partial policy, provider portal lookup, customer support, permissions, audit history, and reconciliation.

Accept production carefully

Switch to live credentials through change control, run a controlled live payment and reversal, verify settlement, monitor errors, and record sign-off.

Operational ownership

Know who controls each payment outcome.

Clear boundaries make merchant onboarding, security, transaction support, refunds, disputes, incident response, and financial reconciliation faster.

CMS Max
Owns the native integration, settings surface, checkout and form implementation, transaction context, supported void and refund actions, and CMS Max support scope.
Authorize.Net
Owns the merchant gateway account, Accept.js service, API processing, transaction state, settlement services, provider availability, and provider support.
Merchant
Owns underwriting, credentials, fraud policy, PCI responsibilities, account users, fees, reserves, settlement bank, disputes, refunds, and provider contract.
Operations and finance
Own customer support, order release, review queues, exception resolution, refund approval, daily reconciliation, access reviews, and incident escalation.

Documentation and related resources

Verify current provider and CMS Max requirements.

Payment products, APIs, credentials, merchant services, networks, rules, and supported actions change. Confirm the live account and current documentation during implementation.

Payment integration FAQ

Resolve the practical questions before launch.

Turn each answer into configured rules, representative test cases, monitoring, written ownership, and production evidence.

Is Authorize.Net a native CMS Max payment provider?

Yes. The current CMS Max application has a native Authorize.Net service, card-provider selection, protected credential settings, sandbox support, checkout and form paths, and void and refund operations.

How does CMS Max collect card details?

CMS Max uses Authorize.Net Accept.js for client-side tokenization. Sensitive card details go directly to Authorize.Net, which returns opaque payment data for the CMS Max server transaction request.

Which credentials are required?

The CMS Max settings surface uses the merchant Authorize.Net API Login ID and Transaction Key. Accept.js also requires a public client key, which the current service can retrieve and cache from Authorize.Net.

Can Authorize.Net be used in Maxforms?

Yes. The current payment-enabled form path supports Authorize.Net credit-card payments using Accept.js, provided the tenant is configured and the form, amount rules, success, failure, and refund workflows are tested.

What is the difference between a void and a refund?

A void generally reverses an eligible unsettled transaction; a refund returns funds from a settled transaction. The provider state, original reference, amount, credentials, and current merchant rules determine eligibility.

Does Accept.js eliminate every PCI responsibility?

No. Tokenization changes the technical data path, but the merchant must determine the applicable PCI scope with its acquiring and compliance advisors and operate account security, policies, access, and validation.

Should production credentials be tested in sandbox?

No. Use credentials and scripts that match the selected environment. Production acceptance should follow controlled configuration, a small live transaction, reversal testing where appropriate, settlement verification, and sign-off.

Build payment confidence

Connect payment technology to an operation the merchant can trust.

Bring the provider account, required tenders, checkout and form journeys, countries and currencies, refund policy, fulfillment rules, finance process, support owners, security requirements, and launch goals.

Building Relationships with Web Developers and Marketing Agencies that want better results

The world's fastest and most SEO friendly website code.