To integrate Authorize.Net with V0 by Vercel, generate a payment form UI with V0, add the Authorize.Net Accept.js script for client-side card tokenization, and create a Next.js API route that submits the payment token to Authorize.Net's server-side API. Store your API Login ID and Transaction Key in Vercel environment variables. Authorize.Net is a traditional merchant account gateway used heavily in US enterprise and retail contexts.
Credit Card Processing with Authorize.Net in Your V0 App
Authorize.Net is one of the oldest and most widely deployed payment gateways in the United States, processing transactions for hundreds of thousands of merchants. While newer payment processors like Stripe offer a more developer-friendly experience, Authorize.Net remains the required integration for many enterprise clients, healthcare providers, government contractors, and businesses with existing merchant account relationships that predate Stripe's launch.
The Authorize.Net integration architecture for V0 Next.js apps follows the Accept.js pattern — a PCI-compliant approach where the card number and CVV never touch your server. Instead, Authorize.Net's Accept.js JavaScript library runs in the browser, collects card details, and exchanges them for a secure payment nonce (called a Payment Nonce or OpaqueData). This nonce is what gets sent to your Next.js API route, which then calls Authorize.Net's server-side API to complete the transaction. Your servers never handle raw card data, keeping you out of PCI DSS scope.
The Authorize.Net API is well-documented with a full sandbox environment for testing. The sandbox uses different credentials from production — you create a sandbox account at sandbox.authorize.net, get test API credentials, and use test card numbers to simulate various transaction outcomes. This makes development and testing straightforward before switching to production credentials.
Integration method
V0 generates the payment form UI. The Authorize.Net Accept.js library handles client-side card number tokenization — converting the card number to a payment nonce before it leaves the browser. A Next.js API route then submits this nonce to Authorize.Net's server-side API using your API Login ID and Transaction Key to complete the charge.
Prerequisites
- An Authorize.Net sandbox account — create one free at developer.authorize.net; sandbox API Login ID and Transaction Key will be provided after account creation
- A production Authorize.Net merchant account (for going live) — obtained through Authorize.Net or a reseller bank; production credentials are different from sandbox
- Understanding of Authorize.Net's Accept.js security model: card numbers are tokenized client-side and never sent to your server
- The authorizenet npm package for server-side API calls — or use the Authorize.Net REST API directly with fetch
- A V0 account and Next.js project deployed to Vercel with HTTPS (required for Accept.js in production)
Step-by-step guide
Generate the Payment Form UI with V0
Generate the Payment Form UI with V0
Use V0 to generate the payment form layout. Payment forms require specific design patterns to build user trust: a clean, professional appearance with security indicators, clear field labels, and unambiguous error states. V0 handles these design patterns well when you're explicit about the UI requirements in your prompt. The key fields for a credit card form are: cardholder name, card number (16 digits with auto-formatting), expiry date (MM/YY), and CVV/security code. You may also need billing address fields depending on your fraud requirements — Authorize.Net's Address Verification Service (AVS) can use the billing ZIP code to reduce fraud. Design the form to show real-time card type detection — when a user types a card number starting with 4, show a Visa icon; 5 shows Mastercard; 3 shows Amex. V0 can generate this UI pattern if you describe it. This small visual feedback significantly improves form completion rates. After V0 generates the form, you'll need to modify it to integrate Accept.js. The card number and CVV fields will need to be excluded from regular form submission and instead handled by the Accept.js library. Structure the form so card fields are controlled inputs without a name attribute (to prevent them from being submitted directly) — they'll be captured by Accept.js instead.
Create a payment form card component. Include fields for: Cardholder Name (text input), Card Number (16-digit formatted input with a credit card icon, show Visa/Mastercard/Amex brand icon as user types), Expiry Date (MM/YY format), and CVV (3-4 digit input with a question mark info icon tooltip). Add a 'Pay Now' button with a lock icon. Below the button, show 'Your payment is secured with 256-bit SSL encryption'. Show inline validation errors in red below each field. The form should have a clean white card design with subtle shadow.
Paste this in V0 chat
Pro tip: Do not add name attributes to the card number and CVV input fields — if these fields are submitted via a normal HTML form, the card data goes to your server, which is exactly what Accept.js is designed to prevent. Handle card data exclusively through Accept.js's dispatchData function.
Expected result: A professional payment form in V0 with card number formatting, card type detection icon, expiry and CVV fields, and a pay button — without name attributes on the sensitive card fields.
Integrate Accept.js for Client-Side Tokenization
Integrate Accept.js for Client-Side Tokenization
Accept.js is Authorize.Net's PCI-compliant JavaScript library that handles card data collection and tokenization. Instead of sending raw card numbers to your server, Accept.js exchanges the card data for a payment nonce (OpaqueData) that your API route uses to complete the charge. Load Accept.js from Authorize.Net's CDN — use the sandbox URL during development (jstest.authorize.net/v1/Accept.js) and the production URL for live transactions (js.authorize.net/v1/Accept.js). Load it in your payment page component using a script tag in the useEffect hook, or add it to your page's metadata. To tokenize card data, call Accept.dispatchData() with the card information and your Public Client Key (different from your API Login ID — find it in your Authorize.Net account under Account → Settings → Security Settings → General Security Settings → Manage Public Client Key). The callback receives either an OpaqueData object with a dataDescriptor and dataValue, or an error. The OpaqueData token is valid for 15 minutes. Send it to your Next.js API route along with the transaction amount, customer info, and any other order details. The token can only be used once — for each new transaction, you must get a new token from Accept.js. Never try to extract or store the raw card number from the form fields after Accept.js processes them. Work exclusively with the OpaqueData token from that point forward.
1'use client';2import { useEffect, useState } from 'react';34declare global {5 interface Window {6 Accept: {7 dispatchData: (8 secureData: object,9 responseHandler: (response: AcceptResponse) => void10 ) => void;11 };12 }13}1415interface AcceptResponse {16 opaqueData?: { dataDescriptor: string; dataValue: string };17 messages: { resultCode: 'Ok' | 'Error'; message: Array<{ code: string; text: string }> };18}1920const AUTHORIZE_NET_PUBLIC_KEY = process.env.NEXT_PUBLIC_AUTHORIZE_NET_PUBLIC_KEY!;21const AUTHORIZE_NET_LOGIN_ID = process.env.NEXT_PUBLIC_AUTHORIZE_NET_LOGIN_ID!;22const IS_SANDBOX = process.env.NEXT_PUBLIC_AUTHORIZE_NET_SANDBOX === 'true';2324export function PaymentForm({ amount, onSuccess }: { amount: number; onSuccess: () => void }) {25 const [cardNumber, setCardNumber] = useState('');26 const [cardExpiry, setCardExpiry] = useState('');27 const [cardCode, setCardCode] = useState('');28 const [cardName, setCardName] = useState('');29 const [loading, setLoading] = useState(false);30 const [error, setError] = useState('');3132 useEffect(() => {33 const scriptSrc = IS_SANDBOX34 ? 'https://jstest.authorize.net/v1/Accept.js'35 : 'https://js.authorize.net/v1/Accept.js';36 const script = document.createElement('script');37 script.src = scriptSrc;38 script.async = true;39 document.head.appendChild(script);40 return () => document.head.removeChild(script);41 }, []);4243 async function handleSubmit(e: React.FormEvent) {44 e.preventDefault();45 setLoading(true);46 setError('');4748 const [month, year] = cardExpiry.split('/');4950 window.Accept.dispatchData(51 {52 authData: { clientKey: AUTHORIZE_NET_PUBLIC_KEY, apiLoginID: AUTHORIZE_NET_LOGIN_ID },53 cardData: {54 cardNumber: cardNumber.replace(/\s/g, ''),55 month: month?.trim(),56 year: `20${year?.trim()}`,57 cardCode: cardCode,58 fullName: cardName,59 },60 },61 async (response: AcceptResponse) => {62 if (response.messages.resultCode === 'Error') {63 setError(response.messages.message[0]?.text || 'Card tokenization failed');64 setLoading(false);65 return;66 }6768 try {69 const res = await fetch('/api/authorize-net/charge', {70 method: 'POST',71 headers: { 'Content-Type': 'application/json' },72 body: JSON.stringify({73 opaqueData: response.opaqueData,74 amount,75 fullName: cardName,76 }),77 });78 const data = await res.json();79 if (data.success) {80 onSuccess();81 } else {82 setError(data.error || 'Payment failed');83 }84 } catch {85 setError('Network error — please try again');86 } finally {87 setLoading(false);88 }89 }90 );91 }9293 return (94 <form onSubmit={handleSubmit} className="space-y-4">95 {/* form fields — use cardNumber, cardExpiry, cardCode, cardName state */}96 {error && <p className="text-red-500 text-sm">{error}</p>}97 <button type="submit" disabled={loading}98 className="w-full bg-blue-600 text-white py-3 rounded-lg font-medium disabled:opacity-50">99 {loading ? 'Processing...' : `Pay $${amount.toFixed(2)}`}100 </button>101 </form>102 );103}Pro tip: Accept.js's Public Client Key is separate from your API Login ID — find it in Authorize.Net Merchant Interface under Account → Settings → Security Settings → General Security Settings → Manage Public Client Key. The Public Client Key is safe to expose client-side (it has NEXT_PUBLIC_ prefix), but your API Login ID and Transaction Key must remain server-only.
Expected result: The payment form loads Accept.js, tokenizes card data on submit, and calls the server-side API route with an OpaqueData token instead of raw card numbers.
Create the Authorize.Net Charge API Route
Create the Authorize.Net Charge API Route
Build the Next.js API route that receives the OpaqueData token from the browser and submits the transaction to Authorize.Net's server-side API. This route uses your secret API Login ID and Transaction Key — credentials that must only exist on the server. Authorize.Net's server-side API can be called using the authorizenet npm package (the official SDK) or directly via fetch to the REST API. The authorizenet package handles request building and response parsing, making it easier to work with Authorize.Net's XML-based API. However, it adds about 400KB to your serverless function bundle, so importing only the modules you need is important. For a basic charge, you create an AuthorizeNet.APIContracts.createTransactionRequest with a transactionRequestType containing: transactionType ('authCaptureTransaction' for immediate charge), amount, and payment (containing the OpaqueData from Accept.js). The API returns a transaction response with a response code (1 = Approved, 2 = Declined, 3 = Error) and a transaction ID. The sandbox API endpoint is https://apitest.authorize.net/xml/v1/request.api and the production endpoint is https://api.authorize.net/xml/v1/request.api. Switch between them using your environment variable. Always verify the response code — a successful HTTP 200 from the API does not mean the payment was approved; check the transaction response code.
1import { NextResponse } from 'next/server';23const API_LOGIN_ID = process.env.AUTHORIZE_NET_LOGIN_ID!;4const TRANSACTION_KEY = process.env.AUTHORIZE_NET_TRANSACTION_KEY!;5const IS_SANDBOX = process.env.AUTHORIZE_NET_SANDBOX === 'true';67const API_URL = IS_SANDBOX8 ? 'https://apitest.authorize.net/xml/v1/request.api'9 : 'https://api.authorize.net/xml/v1/request.api';1011interface OpaqueData {12 dataDescriptor: string;13 dataValue: string;14}1516export async function POST(request: Request) {17 const { opaqueData, amount, fullName }: { opaqueData: OpaqueData; amount: number; fullName: string } =18 await request.json();1920 if (!opaqueData?.dataDescriptor || !opaqueData?.dataValue) {21 return NextResponse.json({ error: 'Invalid payment token' }, { status: 400 });22 }2324 const payload = {25 createTransactionRequest: {26 merchantAuthentication: {27 name: API_LOGIN_ID,28 transactionKey: TRANSACTION_KEY,29 },30 transactionRequest: {31 transactionType: 'authCaptureTransaction',32 amount: amount.toFixed(2),33 payment: {34 opaqueData: {35 dataDescriptor: opaqueData.dataDescriptor,36 dataValue: opaqueData.dataValue,37 },38 },39 billTo: {40 firstName: fullName.split(' ')[0] || '',41 lastName: fullName.split(' ').slice(1).join(' ') || '',42 },43 userFields: {44 userField: [{ name: 'source', value: 'v0-nextjs-app' }],45 },46 },47 },48 };4950 const response = await fetch(API_URL, {51 method: 'POST',52 headers: { 'Content-Type': 'application/json' },53 body: JSON.stringify(payload),54 });5556 const data = await response.json();57 const txResponse = data.transactionResponse;5859 if (data.messages?.resultCode === 'Error') {60 return NextResponse.json(61 { error: data.messages.message[0]?.text || 'Transaction failed' },62 { status: 402 }63 );64 }6566 if (txResponse?.responseCode !== '1') {67 const msg = txResponse?.errors?.[0]?.errorText || 'Payment declined';68 return NextResponse.json({ error: msg }, { status: 402 });69 }7071 return NextResponse.json({72 success: true,73 transactionId: txResponse.transId,74 authCode: txResponse.authCode,75 });76}Pro tip: Log transaction IDs and auth codes from successful Authorize.Net responses — store them in your database alongside the order record. These IDs are essential for refunds, dispute resolution, and reconciliation with your Authorize.Net merchant dashboard.
Expected result: The API route successfully processes payments using the OpaqueData token and returns a transaction ID for approved charges.
Configure Authorize.Net Credentials in Vercel
Configure Authorize.Net Credentials in Vercel
Authorize.Net requires three server-side credentials and three client-side identifiers. The server-side credentials (API Login ID, Transaction Key) must never reach the browser. The Public Client Key and Login ID are needed by Accept.js in the browser — these use the NEXT_PUBLIC_ prefix and are safe to expose. From your Authorize.Net Merchant Interface (sandbox or production), navigate to Account → Settings → Security Settings → API Credentials and Keys. Your API Login ID is visible here. For Transaction Key, click 'New Transaction Key' to generate one — copy it immediately as it's shown only once. For the Public Client Key, go to Account → Settings → Security Settings → General Security Settings → Manage Public Client Key. Generate one if not present. In Vercel Dashboard → Settings → Environment Variables, add these variables: AUTHORIZE_NET_LOGIN_ID (server-only, no NEXT_PUBLIC_ prefix), AUTHORIZE_NET_TRANSACTION_KEY (server-only), AUTHORIZE_NET_SANDBOX ('true' for sandbox, 'false' for production), NEXT_PUBLIC_AUTHORIZE_NET_LOGIN_ID (same Login ID, client-accessible for Accept.js), and NEXT_PUBLIC_AUTHORIZE_NET_PUBLIC_KEY (your Public Client Key). Use different variable values per Vercel environment scope — sandbox credentials for Preview and Development, production credentials only for Production. This prevents test transactions from appearing in your production merchant dashboard.
1# .env.local — Sandbox credentials for development2# Server-only (no NEXT_PUBLIC_)3AUTHORIZE_NET_LOGIN_ID=your_sandbox_api_login_id4AUTHORIZE_NET_TRANSACTION_KEY=your_sandbox_transaction_key5AUTHORIZE_NET_SANDBOX=true67# Client-safe (for Accept.js tokenization)8NEXT_PUBLIC_AUTHORIZE_NET_LOGIN_ID=your_sandbox_api_login_id9NEXT_PUBLIC_AUTHORIZE_NET_PUBLIC_KEY=your_sandbox_public_client_key10NEXT_PUBLIC_AUTHORIZE_NET_SANDBOX=truePro tip: For Authorize.Net sandbox testing, use test card number 4111111111111111 (Visa) with any future expiry date and CVV 123. This always returns an approved response. Use 4222222222222 to simulate a decline. Find the full list of sandbox test cards at developer.authorize.net/hello_world/testing_guide.html.
Expected result: All Authorize.Net credentials are configured in Vercel, Accept.js loads with the correct public credentials, and the charge API route uses server-side credentials for transaction processing.
Common use cases
E-commerce Checkout with Card Payment
Add a complete checkout page to a V0-generated online store that accepts credit card payments via Authorize.Net. The form collects card details, tokenizes them client-side with Accept.js, and processes the charge server-side via your API route.
Create a checkout page with an order summary card on the left showing items, quantities, and subtotal. On the right, show a payment form with fields for cardholder name, card number (with card type icon), expiry date (MM/YY), and CVV. Add a 'Pay $49.99' button at the bottom. Show a lock icon and 'Secured by Authorize.Net' text for trust. On submit, show a loading state then a success confirmation card.
Copy this prompt to try it in V0
Subscription Plan Selection and Billing
Build a pricing page where users select a subscription plan and enter their payment details. The first charge is processed immediately via Authorize.Net, and subsequent charges are handled by Authorize.Net Recurring Billing using the stored customer profile.
Create a plan selection and payment page. At the top, show three pricing cards: Basic ($9/mo), Pro ($29/mo), Business ($99/mo). The selected plan is highlighted. Below, show a payment form with card fields. When a plan is selected, update the payment button text to show the selected amount. Call /api/authorize-net/charge on submit.
Copy this prompt to try it in V0
Invoice Payment Portal
Create a standalone payment portal where customers can pay outstanding invoices by entering their invoice number and card details. The invoice lookup fetches amount and customer info, and Authorize.Net processes the payment.
Build a payment portal page with two sections. First section: 'Find Your Invoice' with an invoice number input and 'Look Up' button. After lookup, show invoice details (customer name, amount due, due date). Second section: a payment form with card fields pre-filled with the customer name. Submit button shows the invoice amount. Call /api/authorize-net/charge with the invoice ID and card nonce.
Copy this prompt to try it in V0
Troubleshooting
Accept.js callback returns 'E_WC_10' — 'The value of the clientKey is invalid'
Cause: The Public Client Key passed to Accept.dispatchData() is incorrect, or it belongs to a different environment (sandbox key used in production, or vice versa).
Solution: Verify NEXT_PUBLIC_AUTHORIZE_NET_PUBLIC_KEY matches the Public Client Key for the environment you're using (sandbox or production). Check that NEXT_PUBLIC_AUTHORIZE_NET_SANDBOX is set correctly. Sandbox Public Keys only work with the sandbox Accept.js URL (jstest.authorize.net), and production keys only with production (js.authorize.net).
Transaction returns response code 2 (Declined) with error code 'E00027'
Cause: The OpaqueData token has expired (valid for only 15 minutes) or has already been used in a previous transaction attempt.
Solution: Ensure the payment form doesn't retry on failure using the same OpaqueData token. Each failed attempt requires Accept.js to generate a new token. Add error handling that clears the form state and re-tokenizes if the first charge attempt fails.
1// Re-tokenize on each charge attempt — don't reuse opaqueData2async function handleSubmit() {3 // Always call Accept.dispatchData() fresh — never cache opaqueData4}API route returns 'The request was not accepted' — Authorize.Net returns resultCode 'Error' for every transaction
Cause: The API Login ID or Transaction Key is incorrect, or you're using sandbox credentials against the production API endpoint (or vice versa).
Solution: Double-check that AUTHORIZE_NET_LOGIN_ID and AUTHORIZE_NET_TRANSACTION_KEY match credentials from the same environment (sandbox or production). Verify AUTHORIZE_NET_SANDBOX is 'true' for sandbox testing and 'false' for production. Sandbox credentials only work with apitest.authorize.net; production credentials only with api.authorize.net.
Best practices
- Never add name attributes to card number or CVV form fields — this prevents browsers from auto-filling them from cached form data and ensures card data only flows through Accept.js
- Use the authCapture transaction type (not authOnly) for immediate charges — this ensures the payment is captured in one step without a separate capture call
- Store Authorize.Net transaction IDs and auth codes in your database for every successful transaction — you need them for refunds, chargebacks, and reconciliation
- Implement webhook handling for Authorize.Net's Silent Post or Event Notifications to receive async payment status updates — card declines and settlements can happen asynchronously
- Use separate sandbox and production credentials in separate Vercel environment scopes — never use production API credentials in development or staging
- Show clear, human-readable error messages for declined transactions — map Authorize.Net's error codes to user-friendly messages ('Your card was declined. Please try a different card.')
- Add CSRF protection to your charge API route — verify that requests come from your own frontend by checking origin headers or implementing a CSRF token
Alternatives
Choose Stripe if you're starting a new project and don't have an existing merchant account requirement — Stripe is significantly easier to integrate, has better developer documentation, and includes a free Vercel Marketplace integration.
Choose Square if you need both in-person POS and online payment capabilities — Square has a unified SDK for both physical and digital transactions while Authorize.Net is primarily online.
Choose Adyen if you need enterprise-grade global payments with multi-currency, local payment methods, and advanced fraud tools — Adyen targets larger merchants with complex payment requirements.
Frequently asked questions
What is the difference between Authorize.Net and Stripe?
Stripe is a modern, developer-first payment processor with simple integration and no monthly fees (just per-transaction fees). Authorize.Net is a traditional payment gateway that requires a separate merchant bank account — it's more complex to integrate but is the required gateway for many existing enterprise and retail contracts. If you're starting fresh, Stripe is almost always the better choice.
How does Accept.js keep my app PCI compliant?
Accept.js ensures your server never receives raw card numbers — the card data is encrypted and tokenized on the client side before leaving the browser. Your API route only receives the OpaqueData token, not the actual card number or CVV. This means your Vercel application is out of PCI DSS scope for cardholder data storage and transmission.
How long is the OpaqueData token valid?
OpaqueData tokens from Accept.js are valid for 15 minutes and can only be used once. If a charge attempt fails, you must call Accept.dispatchData() again to get a new token before retrying. Never cache or reuse OpaqueData tokens.
Can I save customer payment methods for future charges with Authorize.Net?
Yes — Authorize.Net's Customer Information Manager (CIM) lets you store payment profiles for customers. After a successful charge, use the customerProfileId and customerPaymentProfileId from the response to charge the customer again without requiring them to re-enter card details. This is Authorize.Net's equivalent to Stripe's saved payment methods.
How do I issue refunds via the Authorize.Net API?
Use the refundTransaction transaction type with the original transaction ID and the last 4 digits of the card number. The refund amount can be equal to or less than the original charge. Refunds can only be issued after the original transaction has settled (usually within 24 hours of the original charge).
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation