Use the provider tokenization boundary
Load the correct sandbox or production Accept.js library, retrieve the public client key, and submit opaque payment data to the CMS Max server workflow.
Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.
Native card payment integration
Create a secure, testable card-payment path for CMS Max eCommerce checkout and payment-enabled forms.
CMS Max integrates Authorize.Net as an active credit-card provider using API Login ID and Transaction Key configuration, provider-hosted Accept.js tokenization, sandbox or production endpoints, server-side authorization and capture, and transaction-aware void and refund workflows.
with CMS Max
Payment architecture
Authorize.Net Accept.js sends sensitive payment data directly to Authorize.Net and returns opaque payment data for the server transaction request. The merchant still owns account security, PCI obligations, fraud policy, and operational acceptance.
Load the correct sandbox or production Accept.js library, retrieve the public client key, and submit opaque payment data to the CMS Max server workflow.
Use a void for an eligible unsettled transaction and a refund for a settled transaction, with the original reference, amount, and required card metadata preserved.
Prove not only approval, but decline, AVS response, invalid credentials, duplicate submission, timeout, refund, reconciliation, staff permissions, and customer communication.
Current capability boundary
The exact merchant services, limits, fraud tools, settlement behavior, and approval outcomes are controlled by the active Authorize.Net account and current provider configuration.
Configure the Authorize.Net API Login ID and Transaction Key in CMS Max. The current settings layer treats both as encrypted values and supports sandbox mode.
Use Authorize.Net-hosted JavaScript to exchange card data for one-time opaque payment data before the CMS Max server sends the transaction request.
The native service submits an authorization-and-capture transaction with amount, opaque data, order description, billing details, and merchant context.
The CMS Max public form workflow can load Accept.js credentials, tokenize card data, validate payment state, submit the transaction, and record the provider reference.
The native provider includes a void path for the original transaction. Eligibility and final response depend on the provider state and current merchant account.
The native provider includes refund handling using the original transaction reference, amount, and required last-four context, with the result recorded for operations.
Responsibility matrix
Each layer has a different responsibility. Preserving those boundaries helps reduce credential exposure and makes failures easier to diagnose.
| Workflow area | Current boundary | Production acceptance evidence |
|---|---|---|
| Card capture | Authorize.Net Accept.js in the customer browser | Correct environment library, HTTPS, public client key, valid and invalid card tests, accessible input and error behavior |
| Payment token | Authorize.Net opaque payment data | Token response handled once, no raw card details logged, expired and invalid token paths tested |
| Transaction request | CMS Max native Authorize.Net service | API Login ID, Transaction Key, amount, order context, billing data, auth-capture response, idempotent customer experience |
| Fraud controls | Merchant Authorize.Net account and merchant policy | AVS and card-code policy, Fraud Detection Suite configuration, review queue, decline handling, support ownership |
| Pre-settlement reversal | CMS Max void path plus Authorize.Net transaction state | Original reference, eligible state, provider response, order update, customer notice, and reconciliation |
| Post-settlement return | CMS Max refund path plus Authorize.Net settlement record | Original reference, last-four context, amount limits, provider response, audit history, and ledger reconciliation |
Transaction lifecycle
The integration is strongest when the customer, browser, CMS Max application, Authorize.Net account, and merchant operation each have one clear job.
The customer enters card and billing details into the approved checkout or payment form experience.
Accept.js sends payment data to Authorize.Net and returns opaque payment data for the transaction request.
CMS Max submits the amount and transaction context to Authorize.Net using the configured merchant credentials.
CMS Max stores the provider reference and outcome with the order or form submission for support and operations.
The merchant verifies settlement, handles exceptions, voids or refunds when eligible, and closes the accounting loop.
Implementation sequence
A sandbox approval is the start of acceptance, not the end.
Verify the Authorize.Net account, supported card brands, currencies, limits, settlement, reserves, fees, fraud tools, users, notifications, and support contacts.
Obtain the API Login ID, Transaction Key, and public client key through approved provider procedures; restrict access and document rotation.
Enable the test environment in CMS Max, use matching sandbox credentials and Accept.js library, and confirm no production credentials leak into tests.
Exercise representative amounts, billing details, card responses, validation, AVS and card-code behavior, duplicate clicks, timeout, abandonment, receipts, and access.
Prove order holds, fulfillment rules, void, refund, partial policy, provider portal lookup, customer support, permissions, audit history, and reconciliation.
Switch to live credentials through change control, run a controlled live payment and reversal, verify settlement, monitor errors, and record sign-off.
Operational ownership
Clear boundaries make merchant onboarding, security, transaction support, refunds, disputes, incident response, and financial reconciliation faster.
Documentation and related resources
Payment products, APIs, credentials, merchant services, networks, rules, and supported actions change. Confirm the live account and current documentation during implementation.
Payment integration FAQ
Turn each answer into configured rules, representative test cases, monitoring, written ownership, and production evidence.
Yes. The current CMS Max application has a native Authorize.Net service, card-provider selection, protected credential settings, sandbox support, checkout and form paths, and void and refund operations.
CMS Max uses Authorize.Net Accept.js for client-side tokenization. Sensitive card details go directly to Authorize.Net, which returns opaque payment data for the CMS Max server transaction request.
The CMS Max settings surface uses the merchant Authorize.Net API Login ID and Transaction Key. Accept.js also requires a public client key, which the current service can retrieve and cache from Authorize.Net.
Yes. The current payment-enabled form path supports Authorize.Net credit-card payments using Accept.js, provided the tenant is configured and the form, amount rules, success, failure, and refund workflows are tested.
A void generally reverses an eligible unsettled transaction; a refund returns funds from a settled transaction. The provider state, original reference, amount, credentials, and current merchant rules determine eligibility.
No. Tokenization changes the technical data path, but the merchant must determine the applicable PCI scope with its acquiring and compliance advisors and operate account security, policies, access, and validation.
No. Use credentials and scripts that match the selected environment. Production acceptance should follow controlled configuration, a small live transaction, reversal testing where appropriate, settlement verification, and sign-off.
Build payment confidence
Bring the provider account, required tenders, checkout and form journeys, countries and currencies, refund policy, fulfillment rules, finance process, support owners, security requirements, and launch goals.
The world's fastest and most SEO friendly website code.