https://community.developer.cybersource.com/t5/Integration-and-Testing/Hosted-Payment-md5-hash-error-99/m-p/55759#M30599 <P>I've been fighting against failed MD5 checksums for awhile now with payment profiles, although they work fine for non-payment-profile transactions.&nbsp;&nbsp; Are you saying you got it working by prefixing your amount with a $ (or locale-equivalent)?</P><P>&nbsp;</P><P>I had noticed that authorize.net stated somewhere that they would soon be providing some new transaction checksum down the road and I had assumed that md5 checksums was unfixably broken for payment profiles.</P><P>&nbsp;</P><P><A href="https://community.developer.authorize.net/t5/Integration-and-Testing/MD5-Hash-fails-for-CIM-profile-payment-method-but-works-for/m-p/53589#M28695" target="_blank">https://community.developer.authorize.net/t5/Integration-and-Testing/MD5-Hash-fails-for-CIM-profile-payment-method-but-works-for/m-p/53589#M28695</A></P> Fri, 16 Sep 2016 00:12:33 GMT mkienenb 2016-09-16T00:12:33Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Hosted-Payment-md5-hash-error-99/m-p/55752#M30593 <P>No matter what I do, I cannot make my fingerprint match that generated by <A href="https://developer.authorize.net/api/reference/responseCode99.html" target="_blank">https://developer.authorize.net/api/reference/responseCode99.html</A></P><P>&nbsp;</P><P>My PHP is below, and it used the hmac function from the SDK. I'm using fixed values for testing purposes. Despite beign obfuscated, I know for a fact my transaction_key is correct as is my x_login.</P><P>&nbsp;</P><P>&nbsp;</P><PRE>function hmac ($key, $data) { return (bin2hex (mhash(MHASH_MD5, $data, $key))); } $transaction_key = "xxxxxxxxxxxxxxxxx"; $x_login = "yyyyyyyy"; $x_amount = "50"; $x_fp_sequence = "159383"; $x_fp_timestamp = "1473967216"; $hmac_data = $x_login . "^" . $x_fp_sequence . "^" . $x_fp_timestamp . "^" . $x_amount; $x_fp_hash = hmac ($transaction_key,$hmac_data);</PRE><P>The result of the code 636fb8386946440d945390989aca6234.</P><P>&nbsp;</P><P>When I feed those same numbers to <A href="https://developer.authorize.net/api/reference/responseCode99.html" target="_blank">https://developer.authorize.net/api/reference/responseCode99.html</A> I get 0FCDB7701BE1FAE7B0CEF727344EF658.</P><P>&nbsp;</P><P>What is going on here?</P><P><BR /><STRONG>How do I generate a proper MD5 hash for a hosted payment form?</STRONG></P><P>&nbsp;</P><P>What's even more confusing is this link (<A href="https://support.authorize.net/authkb/index?page=content&amp;id=A1706&amp;actp=LIST_RECENT" target="_blank">https://support.authorize.net/authkb/index?page=content&amp;id=A1706&amp;actp=LIST_RECENT</A>) says that the encryption method has been changed from MD5 to HMAC-SHA512 but nowhere in the downloadable guides does it mention this.<BR /><BR /><STRONG>So is it MD5 ort SHA512?</STRONG></P><P>&nbsp;</P> Thu, 15 Sep 2016 20:45:23 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Hosted-Payment-md5-hash-error-99/m-p/55752#M30593 cdrugly 2016-09-15T20:45:23Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Hosted-Payment-md5-hash-error-99/m-p/55756#M30596 <P>I was finally able to get the fingerprints to match by including the (optional) currency code.</P><P>&nbsp;</P><P>I've found that it's not optional at all. If you do not include it in your fingerprint hash as well as your form data, it will results in an error 99.<BR /><BR />I hope this helps someone else who has beating their head against the wall like I have.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 15 Sep 2016 21:40:24 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Hosted-Payment-md5-hash-error-99/m-p/55756#M30596 cdrugly 2016-09-15T21:40:24Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Hosted-Payment-md5-hash-error-99/m-p/55759#M30599 <P>I've been fighting against failed MD5 checksums for awhile now with payment profiles, although they work fine for non-payment-profile transactions.&nbsp;&nbsp; Are you saying you got it working by prefixing your amount with a $ (or locale-equivalent)?</P><P>&nbsp;</P><P>I had noticed that authorize.net stated somewhere that they would soon be providing some new transaction checksum down the road and I had assumed that md5 checksums was unfixably broken for payment profiles.</P><P>&nbsp;</P><P><A href="https://community.developer.authorize.net/t5/Integration-and-Testing/MD5-Hash-fails-for-CIM-profile-payment-method-but-works-for/m-p/53589#M28695" target="_blank">https://community.developer.authorize.net/t5/Integration-and-Testing/MD5-Hash-fails-for-CIM-profile-payment-method-but-works-for/m-p/53589#M28695</A></P> Fri, 16 Sep 2016 00:12:33 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Hosted-Payment-md5-hash-error-99/m-p/55759#M30599 mkienenb 2016-09-16T00:12:33Z