What you need
| Field | What it does |
|---|---|
| API Login ID | Identifies your account on API calls. Paired with the Transaction Key. |
| Transaction Key | The secret half of API auth. With the Login ID, it mints each payment form. Secret. |
| Signature Key | Confirms a webhook truly came from Authorize.Net. Separate from the Transaction Key. Secret. |
| Success URL / Cancel URL | Where the buyer lands after paying or backing out. |
The API Login ID and Transaction Key always travel together. The Signature Key is independent.
Why we ask for each field
API Login ID
Names your account on API calls. It works only when paired with the Transaction Key.
Transaction Key
The secret that proves an API request is yours. With the API Login ID, it lets us build the hosted payment form, so the charge runs through your account.
Signature Key
Proves an incoming webhook is genuinely from Authorize.Net, so nobody can forge a "paid" event. It is a separate value from the Transaction Key.
Success and Cancel URL
Plain settings: where the buyer lands after paying or backing out. Not secret.
Set up
- Open Account and API Settings (in the sandbox)
This walkthrough uses Authorize.Net’s free sandbox, so you can wire everything up and test it without a paid account. Sign in to the sandbox Merchant Interface at sandbox.authorize.net, open Account in the left menu, and click Account and API Settings.
Create a free sandbox account (no card required) ↗
Authorize.Net (sandbox) → Account → Account and API Settings Going live is the exact same flow: every screen and step below is identical. The only difference is that the live Merchant Interface at authorize.net needs an approved, paid Authorize.Net merchant account. Once you have one, run these same steps there for your live credentials and webhook, and paste those into the Live tab in Coin Moebius.
- Open API Credentials and Keys
Under Security Settings, click API Credentials and Keys. This one screen holds all three values Coin Moebius needs.
Security Settings → API Credentials and Keys - Copy your three credentials
Grab all three from this screen:
- API Login ID — shown at the top; copy it.
- Transaction Key — click Generate New Transaction Key, confirm, and copy it immediately.
- Signature Key — click Generate New Signature Key, confirm, and copy it right away.
Authorize.Net → API Credentials and Keys The Transaction Key and Signature Key are each shown only once, when generated, so copy them somewhere safe before leaving the page. The Signature Key is what signs your webhooks; it is a separate value from the Transaction Key.
- Open Webhooks
Back on the Account and API Settings page, scroll down to Webhook Notifications and click Webhooks.
Account and API Settings → Webhook Notifications → Webhooks - Create a webhook notification
On the Webhooks screen, click Create a webhook notification.
Authorize.Net → Webhooks → Create a webhook notification - Copy your Coin Moebius webhook URL
In a separate tab, open your project in the Coin Moebius dashboard and copy the Project ID from under the project name. Your webhook URL is that ID dropped into the address below.
https://api.coinmoebius.com/webhook/authorizenet/<your project id>Coin Moebius → your project → Project ID - Name it and paste your webhook URL
Back in Authorize.Net, give the notification a name like "Coin Moebius Webhook", paste your webhook URL into Endpoint URL, and set Status to Active.
Authorize.Net → Create Webhook Notification - Select your events
Under Select Events, check the Payment events Coin Moebius listens for, then click Save:
- Authorization Created, Authcapture Created, Capture Created, Prior Auth Capture Created, Refund Created, Void Created.
- The fraud events: Fraud Held, Fraud Approved, Fraud Declined.
Authorize.Net → Create Webhook Notification → Select Events Only check the Subscription events (the net.authorize.customer.subscription.* group) if you actually sell subscriptions. If you only take one-time payments, leave them unchecked — you do not need them. Extra events are harmless either way; we ignore anything we do not use.
- Confirm the webhook is active
The saved notification appears in your Webhooks list as Active, with the endpoint URL you pasted. From here on, Authorize.Net signs each delivery with your Signature Key.
Authorize.Net → Webhooks (active) Coin Moebius records each event id once and ignores duplicates, so replayed webhooks are handled for you.
- Connect in the Coin Moebius dashboard
In Coin Moebius, open Providers → Add provider → Authorize.Net, and set your Success URL and Cancel URL. Because the credentials above came from the sandbox, paste them into the Sandbox group (API Login ID, Transaction Key, Signature Key — all three, or none), then Save. When you go live, run the same steps in your paid account and paste the live credentials into the Live group instead. Live and sandbox are verified separately.
- You are connected
Authorize.Net now shows on your Providers tab with the date it connected and the webhook URL it expects. Use Edit to rotate keys or swap sandbox and live; Disconnect removes it.
Coin Moebius → Providers → Authorize.Net (connected) - Test with sandbox cards
With your sandbox provider connected, run a test payment to confirm everything works end to end. Sandbox cards never charge a real card: use any future expiration (for example 12/2030) and any CVV (3 digits, or 4 for American Express).
Network Card Visa 4111111111111111 Mastercard 5424000000000015 American Express 370000000000002 Discover 6011000000000012
After you connect
Run one test payment before going live:
- Create a product and set its Environment to Testing. That runs the product on your sandbox credentials, so you can place a full order without moving money. (If you skipped the sandbox set, a Testing product falls back to live, so add it first.)
- Place the buy button on a page (a local HTML file works) pointed at your project.
- Complete checkout with a sandbox test card from above.
- Open the Transactions tab. A new row appears, tagged Testing. When its status reaches succeeded, your credentials and webhook are both working end to end.
Switch the product Environment to Live when you are ready for real payments.
Troubleshooting
Start with Verify. In the dashboard, click Verify (or Verify test credentials for the sandbox set) to check your API Login ID and Transaction Key.
Verify fails.
The API Login ID and Transaction Key must be the pair from the same account (live or sandbox). Re-copy both.
Signature verification fails.
The Signature Key is a different value from the Transaction Key. Copy the Signature Key from the same screen. The scheme is identical in sandbox and live.
Payment completes but the order stays pending.
Confirm the webhook URL matches exactly and that you subscribed to the payment events.
A test product charged a live card.
A product marked as test falls back to your live credentials when no complete sandbox set is configured. Add all three sandbox fields, or unmark the product as test.
Confirm it end to end.
Authorize.Net only pings inactive webhooks: set the endpoint inactive, send a ping, then re-activate it, and watch the order update.
Good to know
Tokens are short-lived. The hosted form token lasts about 15 minutes. We mint a fresh one per checkout.
Currency. Authorize.Net is primarily a US, USD gateway. Non-USD depends on your processor agreement.
Rotating keys. Generate a new Transaction Key or Signature Key anytime, then paste it in. Secret fields stay blank on edit.
Questions? Join our Discord