Magento Authorize.net End MD5 Hash Direct Post

As per the article published on Authorize.Net, this is what we found.

In short. Yes they are ending direct post or DPM method and you need to take action now. You can no longer create md5 hash keys, your payment gateway will be cut off around may.

Magento 1 there are two options which is suggested by Magento Developers. the Direct Post and just simply authorize.net  If your using the direct post method this will no longer work change that to use the authorize.net method.

Magento 2 I am assuming the next release of magento 2 will include this authorize.net extension but until it is included you can install this from the marketplace.

https://marketplace.magento.com/authorizenet-magento-module-authorizenet.html

Or you can find another extension available like the CIM method that allows you to store CC on authorize.net servers for future use so that your customers dont have to type their CC info in over again for every order.

Our magento developers can install this updated extension for you or recommend a good replacement like the CIM extensions that are available.

Full article 

Authorize.Net ending the use of MD5 based hash for transaction response verification to encourage the use of SHA-512 based hash utilizing a Signature Key.

MD5 Hash end of life will be done in the following two phases:

Phase 1: This phase started in later January to early February 2019. They removed the ability to update or configure the MD5 Hash setting in the Merchant Interface. But the existing API response will see no changes.

Phase 2: You don’t have to send the value for the MD5 Hash data element in the API response because the field will still be there but without any value. For this change, the date is expected to be announced in the next 2-3 months.

The transaction response that you will receive from Authorize.Net includes the SHA2 hash element and the name and position depend on the API integration method you have used. For the transaction, Authorize.Net has generated SHA2 that has field contains HMAC-SHA512 hash. You can use it to validate the response from Authorize.Net. However, it is not required to.

In the API response, transHashSHA2 is the SHA2 element for Authorize.Net API (XML, JSON, SOAP).

You can find the SHA2 element at the end of the API response for Advance Integration Method (AIM). However, the updates are in progress for the same.

Only 3 fields are involved in the SHA2 Hash for Authorize.Net API and AIM. They are:

  • API Login ID
  • Transaction ID
  • Amount

x_SHA2_Hash is the SHA2 element for Server Integration Method (SIM) and if you want to utilize Replay Response. For this too, updates are in progress.

There are 30 fields involved in the SHA2 Hash for SIM + Relay Response and Silent Post. They are:

  • x_trans_id
  • x_test_request
  • x_response_code
  • x_auth_code
  • x_cvv2_resp_code
  • x_cavv_response
  • x_avs_code
  • x_method
  • x_account_number
  • x_amount
  • x_company
  • x_first_name
  • x_last_name
  • x_address
  • x_city
  • x_state
  • x_zip
  • x_country
  • x_phone
  • x_fax
  • x_email
  • x_ship_to_company
  • x_ship_to_first_name
  • x_ship_to_last_name
  • x_ship_to_address
  • x_ship_to_city
  • x_ship_to_state
  • x_ship_to_zip
  • x_ship_to_country
  • x_invoice_num

Leave a Reply

Your email address will not be published. Required fields are marked *