Right. Thanks, Bart.
The 3rd pary docs (mis)state quite explicitly:
NOTE: Authorize.Net compatibility, POST to:
https://securefoodomain/barfilepath/foobarfile?x_Login
Note! [a statement stating the necessity of including "?" for passing cgi parameters] "?x_Login" is required for AuthorizeNet compatibility mode, native [non-authorize.net compatible] mode does not require this.
A suggestion has been added to bug list to help misled openACSers see the light of authorize-gatway's ease of use.
