ARB subscriptions, Accept.js tokenization, and real-time webhooks for PMPro
Authorize.net for Paid Memberships Pro connects your PMPro membership site to Authorize.net using modern Accept.js tokenization. Card data is captured and encrypted in the browser by Authorize.net's own JavaScript library — it never passes through your server, keeping you out of PCI scope. Whether you sell one-off memberships, monthly subscriptions with free trials, or annual plans that start billing weeks after signup, this plugin handles every scenario through Authorize.net's Automated Recurring Billing (ARB) engine.
You run a membership site on Paid Memberships Pro and your payment processor is Authorize.net — or you're migrating away from PMPro's built-in gateway and need a modern, maintained replacement.
You sell recurring memberships and need reliable automatic renewals, trial periods, and subscription delays — all managed through Authorize.net's enterprise ARB engine.
You want to accept cards on-site without card data ever touching your server. Accept.js tokenization keeps your checkout out of PCI scope while still giving members a seamless native checkout experience.
On this page
Card data is captured and encrypted in the browser by Authorize.net's Accept.js library before the form is ever submitted. Your server only receives a single-use opaque token — raw card numbers, CVVs, and expiry dates never pass through your server, keeping your checkout out of PCI scope.
Recurring memberships are managed by Authorize.net's Automated Recurring Billing engine — the same system used by enterprise merchants. PMPro billing cycles, trial amounts, and subscription delays are all passed through to ARB correctly.
Supports PMPro's full range of trial configurations: free trials, paid trials with a different first-cycle amount, and subscription delays where the first billing date is set weeks after signup.
Handles all key Authorize.net payment events in real time: recurring renewal payments, refunds, subscription cancellations and terminations, failed payment suspensions, and fraud review outcomes (held, approved, declined).
Every incoming webhook request is authenticated against your Authorize.net Signature Key before any order is updated. Spoofed or tampered requests are silently rejected.
The plugin registers all required webhook event types automatically via Authorize.net's REST API directly from the PMPro Payment Settings page. The registered webhook ID is shown once registration succeeds — no manual setup in the Authorize.net dashboard required.
Transactions held for fraud review are handled automatically. The member sees a "payment under review" message and their order is saved in a pending state. Once approved in the Authorize.net dashboard, the plugin receives a webhook and completes checkout — activating the membership without any manual intervention.
Members update their payment method via PMPro's Billing Information page. The new Accept.js token is applied directly to the existing ARB subscription — no cancellation or re-signup required, and the billing date is unchanged.
Live and sandbox API credentials are stored independently. Switching environments in PMPro only changes which credential set is active — both sets are always preserved, so you can switch back to sandbox for testing at any time without re-entering credentials.
Pull the current subscription status, amount, and next payment date from Authorize.net on demand from the order screen. A "Check Payment" tool recovers stuck token-order checkouts without contacting the gateway manually.
After purchase, your license key and a download link are emailed to you instantly. You can also download from your account page at any time.
In your WordPress admin go to Plugins → Add New Plugin → Upload Plugin. Choose the pacificp-authorize-net-pmpro.zip file and click Install Now.
Click Activate Plugin after upload, or activate it from the Plugins list.
Open the plugin settings and paste your license key into the License Key field. Click Save — the key will be verified and your site activated automatically.
Go to Memberships → Payment Settings to complete setup. See the Configuration section below for a full walkthrough.
You need three values from your Authorize.net account. Live and sandbox credentials are stored separately — entering both lets you switch environments without re-entering keys.
| Setting | Where to find it |
|---|---|
| API Login ID | Account → Settings → API Credentials & Keys. Identifies your merchant account — do not confuse it with your login username. |
| Transaction Key | Generated on the same screen as the API Login ID. If you regenerate this key, update it here immediately or payments will fail. |
| Client Key | Account → Settings → Security Settings → General Security Settings → Manage Public Client Key. Used by Accept.js to tokenize card data in the browser. Separate from the Transaction Key. |
The Signature Key lets the plugin verify that incoming webhook requests genuinely came from Authorize.net and have not been tampered with. Without it, any POST to your webhook URL will be accepted and processed.
Find it under: Account → Settings → Security Settings → General Security Settings → Manage Signature Key.
After saving your credentials, click Register Live Webhook on the Payment Settings page. The plugin contacts Authorize.net's API and registers all required event types automatically. The registered webhook ID is shown once registration succeeds.
If you later move to a different domain or change your permalink structure, click the button again — the plugin updates the existing registration. Your site must be publicly accessible over HTTPS for webhook registration and delivery to work.
| Setting | Default | Notes |
|---|---|---|
| Show Billing Address | On | When off, street, city, state, ZIP, country, and phone fields are hidden at checkout. First and last name are always shown — Authorize.net requires them for ARB subscriptions. Disable billing address when you do not need AVS (Address Verification) checks. |
Create a free sandbox account at developer.authorize.net and generate sandbox API credentials (separate from your live credentials).
Enter your sandbox credentials in the Sandbox Credentials section on the Payment Settings page.
Set PMPro's Gateway Environment to Sandbox and click Register Sandbox Webhook.
Use test card numbers from the Authorize.net Testing Guide to simulate successful payments, declines, and specific error codes.
Add one of the following to wp-config.php to log incoming webhook events. Remove or set to false in production.
| Constant value | Effect |
|---|---|
'log' |
Writes events to a log file in PMPro's protected logs directory. |
'admin@example.com' |
Emails each event to the specified address. |
true |
Emails each event to the WordPress admin email address. |
Constant name: PACIFICP_AUTHNET_WEBHOOK_DEBUG
Once configured, Authorize.net appears automatically on all PMPro checkout pages. Levels with a $0 price bypass the gateway entirely and complete immediately.
The member enters their card details on the PMPro checkout page. Accept.js tokenizes the card data in the browser before the form is submitted — your server receives only a single-use encrypted token.
The initial charge is processed. For recurring levels, the plugin creates an ARB subscription in Authorize.net using PMPro's configured billing cycle, trial settings, and subscription delay date.
On success, PMPro activates the membership and sends the confirmation email. The card type and last four digits are stored on the order for display on invoices.
Recurring renewals are processed automatically by Authorize.net's ARB engine on the scheduled billing date. The plugin records each renewal in PMPro via webhook — no cron job or polling required.
Members can update their card at any time via PMPro's Billing Information page. The new Accept.js token is applied directly to the existing ARB subscription — no cancellation or re-signup required, and the billing date is unchanged.
The plugin handles the following Authorize.net webhook events automatically. Every event appends a timestamped note to the PMPro order.
| Event | What happens |
|---|---|
payment.authcapture.created |
Records an ARB recurring renewal payment in PMPro. |
payment.refund.created |
Marks the order as refunded and emails the member and admin. |
subscription.cancelled / terminated |
Cancels the membership in PMPro when the billing limit is reached or the subscription is cancelled in Authorize.net. |
subscription.suspended |
Failed recurring payment. PMPro keeps the membership active and emails the member to update their card. |
payment.fraud.held |
Emails the admin to review the transaction in the Authorize.net dashboard. The member sees a "payment under review" message. |
payment.fraud.approved |
Completes the checkout and activates the membership automatically. |
payment.fraud.declined |
Marks the order as failed. |
When a membership is cancelled in PMPro — by the member from My Account or by an admin from the Members screen — the ARB subscription is cancelled in Authorize.net in the same request. No further charges will be made. The member retains access until the end of their current billing period per PMPro's standard behaviour.
New checkouts after the switch work immediately. Existing ARB subscriptions continue to bill at Authorize.net as normal.
By default, incoming webhook events are matched only against subscriptions created by this plugin. To also process webhooks for subscriptions created by PMPro's built-in authorizenet gateway, add the following to your theme's functions.php or a must-use plugin:
add_filter( 'pacificp_authnet_webhook_gateway_slug', function( $gateway, $subscription_id, $env ) {
$sub = PMPro_Subscription::get_subscription_from_subscription_transaction_id( $subscription_id, $gateway, $env );
if ( ! $sub ) {
$legacy = PMPro_Subscription::get_subscription_from_subscription_transaction_id( $subscription_id, 'authorizenet', $env );
if ( $legacy ) { return 'authorizenet'; }
}
return $gateway;
}, 10, 3 );14-day money-back guarantee.
Also from Pacific Plugins
Real-time WooCommerce inventory sync across multiple stores