No. While we continue to encourage all customers to use Akamai SureRoute, the migration is no longer mandatory by June 30, 2016.

During the course of migration planning, a few of our customers have reported unique implementations or constraints that prevent them from adopting the Akamai enhancement within the timeframe originally planned. As such, we will continue to support both legacy and Akamai SureRoute connection options. You may now migrate to the recommended Akamai URLs at your own pace.

Akamai is a third-party cloud network service that routes and delivers Internet traffic. They provide a distributed network of servers and over 100,000 dynamic IP addresses, any of which could be used at any time. Authorize.Net is taking advantage of the network components, along with our existing secure data centers, to further enhance our services.

When Akamai SureRoute's technology is used, all connections to Authorize.Net go through Akamai SureRoute first. With the extensive network of servers and IP addresses they offer, Akamai SureRoute routes traffic faster and more efficiently.

Using their technology helps safeguard against interruptions caused by issues beyond our direct control, such as Internet congestion, fiber cable cuts and other similar issues.

Additionally, merchants connected to Akamai should no longer be affected by planned downtimes.

UPDATE: The June 30th migration (Phase Two) to Akamai is now voluntary, but remains highly recommended. Authorize.Net will not automatically direct our existing URLs to Akamai as previously communicated.

We are implementing Akamai SureRoute technology into our network in two phases.

  • Phase One (Now through June 30, 2016) – We have created three new URLs for transaction processing that are hosted by Akamai. You can update your website or payment solution to point to the new transaction URLs today, which will provide you with the immediate benefits detailed below.
  • Phase Two (June 30, 2016) – We will automatically direct all of our existing transaction processing URLs to connect through Akamai starting June 30, 2016. After this change, all transaction URLs will connect to Authorize.Net through Akamai.

Akamai is available for testing now in our sandbox environment. We strongly encourage you to test your solution prior to making any production change to ensure that you will not experience any disruptions to your transaction processing.

The new Akamai SureRoute transaction URLs that are available now are:

Please contact your web developer or solution provider for assistance in updating to one of these new Akamai SureRoute URLs. Our SDKs have been updated to use the new URLs.

UPDATE: The June 30th migration (Phase Two) to Akamai is now voluntary, but remains highly recommended.

We strongly recommend that you proactively update your website or payment solution during Phase One rather than waiting to be automatically updated during Phase Two. This will allow you to sooner take advantage of the uptime benefits Akamai SureRoute offers and provide better platform reliability.

If your solution uses a firewall to filter outbound connections, make sure that the firewall is set to permit outbound traffic to flow to the Akamai cloud by configuring your outbound firewall to "ANY."

If you don't know whether your solution uses a firewall, please visit our Certified Developer Directory at www.authorize.net/cdd to find a developer who can help you.

If your solution connects to Authorize.Net directly via an IP address, you will need to update it to connect by domain name. Continuing to connect directly via an IP address is
strongly discouraged as you will not receive the benefits of routing through Akamai SureRoute, and you could suffer a loss of service if transactions are re-routed among our various data centers.

If you don't know whether your solution connects via an IP address, please visit our Certified Developer Directory at www.authorize.net/cdd to find a developer who can help you.

Please visit our Certified Developer Directory at www.authorize.net/cdd to find a developer who can help you with these changes.

UPDATE: The June 30th migration (Phase Two) to Akamai is now voluntary, but remains highly recommended. 

No. The existing transaction URLs on secure.authorize.net and api.authorize.net are not changing and will remain in service. They will be directed to Akamai SureRoute starting June 30, 2016, however, they will continue to work as usual unless you have a firewall that has whitelisted our IP address for outbound connections (see "I use a firewall that has whitelisted Authorize.Net's IP address for outbound connections. What do I need to do to use Akamai?" for more information).

You can use the new URLs if you wish to take advantage of Akamai SureRoute's benefits immediately, or you can wait until Phase Two is completed without modifying your API connections in any way. We highly recommend using the new URLs now rather than waiting for Phase Two to be completed.

No. Everything else in the API calls remains the same, and you should use the same API Login ID and Transaction Key you use today.

No. If you use either the Virtual Terminal or Simple Checkout, no updates will be necessary on your end.

Akamai SureRoute is available for testing now in our sandbox environment. We strongly encourage you to test your solution prior to making any production change to ensure that you will not experience any disruptions to your transaction processing.

Your transactions will be routed to the Akamai cloud. This space contains over 100,000 dynamically addressed proxies, any of which could be used at any time. Therefore, because you cannot whitelist IP addresses, you must open up your outbound firewall to
"ANY."

The Payment Card Industry Data Security Standard (PCI-DSS) allows this type of rule under normal circumstances. The core principle is to employ least privilege and only allow "authorized" traffic to be sent, which is what you will be sending to Authorize.Net.

PCI-DSS Sections 1.2 and 1.3 require that you restrict unnecessary traffic from traversing the payment data network. In this case, you are routing traffic to Authorize.Net domains, a trusted party, via the Akamai cloud (Akamai picks up your traffic at the nearest proxy and routes it to the Authorize.Net data center).

We strongly recommend that you continue to restrict inbound traffic to your whitelisted IP addresses, and to traffic resulting from an outbound session. Other controls in your environment will address exfiltration of data.

In addition, if your production environment handles payment data, you should use a network demilitarized zone (DMZ) with firewalls allowing connections only between the DMZ and the production environment. Your DMZ should allow connections from it to any outside Internet connection, but should limit inbound connections to those necessary for your business.

A DMZ is required by PCI DSS if you handle payment data in your production environment, and is a security best practice if you handle sensitive data of any sort. For more details please read the document, “PCI Card Production – Logical Security Requirements.” Please also contact your solution provider or developer to confirm whether the DMZ requirement applies to your situation.

For further technical details that will help in upgrading to Akamai SureRoute, visit our Akamai SureRoute Technical FAQs