Searching Authorize.net CIM Records

Question

Has anyone come up with an elegant way to search data stored on Authorize.net's Customer Information Manager (CIM)?

Based on their XML Guide there doesn't appear to be any search capabilities at all. That's a huge short-coming.

As I understand it, the selling point for CIM is that the merchant doesn't need to store any customer information. They merely store a unique identifier for each and retrieve the data as needed. This may be great from a PCI Compliance perspective, but it's horrible from a flexibility standpoint.

A simple search like "Show me all orders from Texas" suddenly becomes very complicated.

How are the rest of you handling this problem?

Answer 1

The short answer is, you're correct: There is no API support for searching CIM records. And due to the way it is structured, there is no easy way to use CIM alone for searching all records.

To search them in the manner you describe:

1. Use getCustomerProfileIdsRequest to get all the customer profile IDs you have stored.
2. For each of the CustomerProfileIds returned by that request, use getCustomerProfileRequest to get the specific record for that client.
3. Examine each record at that time, looking for the criterion you want, storing the pertinent records in some other structure; a class, a multi-dimensional array, an ADO DataTable, whatever.

Yes, that's onerous. But it is literally the only way to proceed.

The previously mentioned reporting API applies only to transactions, not the Customer Information Manager.

Note that you can collect the kind of data you want at the time of recording a transaction, and as long as you don't make it personally identifiable, you can store it locally.

For example, you could run a request for all your CIM customer profile records, and store the state each customer is from in a local database.

If all you store is the state, then you can work with those records, because nothing ties the state to a specific customer record. Going forward, you could write logic to update the local state record store at the same time customer profile records are created / updated, too.

I realize this probably isn't what you wanted to hear, but them's the breaks.

Answer 2

This is likely to be VERY slow and inefficient. But here is one method. Request an array of all the customer Id's, and then check each one for the field you want... in my case I wanted a search-by-email function in PHP:

$cimData = new AuthorizeNetCIM;
$profileIds = $cimData->getCustomerProfileIds();

$profileIds = $cimData->getCustomerProfileIds();
$array = $profileIds->xpath('ids');
$authnet_cid = null;

/*
this seems ridiculously inefficient... 
gotta be a better way to lookup a customer based on email
*/

    foreach ( $array[0]->numericString as $ids ) { // put all the id's into an array
       $response = $cimData->getCustomerProfile($ids); //search an individual id for a match
    //put the kettle on

        if ($response->xml->profile->email == $email) {
            $authnet_cid = $ids;
            $oldCustomerProfile = $response->xml->profile;
        }
    }

// now that the tea is ready, cream, sugar, biscuits, you might have your search result!

Answer 3

CIM's primary purpose is to take PCI compliance issues out of your hands by allowing you to store customer data, including credit cards, on their server and then access them using only a unique ID. If you want to do reporting you will need to keep track of that kind of information yourself. Since there's no PCI compliance issues with storing customer addresses, etc, it's realistic to do this yourself. Basically, this is the kind of stuff that needs to get flushed out during the design phase of the project.

They do have a new reporting API which may offer you this functionality. If it does not it's very possible it will be offered in the near future as Authnet is currently actively rolling out lots of new features to their APIs.