There is no way on earth that your auth.net credentials cause this error at all. These developers may believe this and they may tell you this is what happens, but it’s not the case.
This thing happens when programming websites. You will have at minimum hundreds of lines of code and usually thousands. You have other moving parts and factors like DNS, htaccess rules, server header configuration files, etc. Something goes wrong and the last thing the developer remembers doing is changing the API credentials, so they blame it on that. Or you change the API credentials in an interface and something goes wrong, and it gets blamed on the API credentials.
Both of your errors below sound like htaccess or httpd.conf mod rewrite driven issues. This assumes you use Apache like most sites. Not sure what the conf files are called for other servers.
What is happening in the first case is your rules are redirecting the browser over and over. Most likely the browser is being redirected to an nonexistent 404 page.
In the second error, you do not have a 404 page rule so you do not have a redirect. The issue is that there is no resource tied to the uri /buy-now/. This is either because your rewrite rules are not correct or because the file tied to that uri has been deleted or has had its name changed.
As to why your API credentials **seem** to cause this error, it is most likely that when you enter valid API credentials you get a token, which allows a successful API call and redirect to the payment page. The payment page isn’t there so you end up with those errors for the reasons described above.
FYI in my opinion these developers should not be having you have to reach out on this forum. I do not agree with this way of doing business. My clients have had to ask a total of 0 technical questions like this to anyone. The “its auth nets issue ask them” type of thing that will often drive merchants to this forum or some other forum is nonsense.
If you are paying an hourly rate then this isn’t exactly that bad, as long as you are fine with the trade off of saving some cash. If these developers quoted you a fixed price for a specific outcome, I.e. “I will get your auth.net integration set up for $xxx.xx” then I’d be telling them to fix it rather than having you do the footwork with cop outs like that.