I was wondering if anyone here has used the authorize.net "Advanced Integration Method" API.
I've scoured the FAQs on their site, but I can't seem to find a straightforward answer or get through to them at this hour.
I know the API requires SSL (obviously), but does their TOS agreement require PCI compliance or any kind of certification, provided you are not storing credit card numbers? Also, if anyone would happen to know, is there anything in their TOS against using this for an app that stores merchant credential (with explicit merchant permission of course)?
To clarify, on that last part, I'm talking about a SaS application storing merchant id and transaction keys for multiple merchants (same server).