topic Re: Can anyone refer me to developer for MD5Hash update? in Integration and Testing

Can anyone refer me to developer for MD5Hash update?

govirtual1 — Sun, 03 Mar 2019 20:11:26 GMT

I am in quandary as do not have developer. I am using the SIM method and MDHash5 want to upgrade to the accepted host and signature key but not sure how to do. My site is built on php/mysql. If I cannot find someone I am going to have to disable the Authorize.net payment option.

Not sure if will let me post email here or can reply or message me please. Thank you.

Re: Can anyone refer me to developer for MD5Hash update?

Renaissance — Mon, 04 Mar 2019 00:20:24 GMT

Hi @govirtual1

I can refer you to myself. Send me a PM. Click on my name and it will let you send me a message.

Re: Can anyone refer me to developer for MD5Hash update?

govirtual1 — Fri, 08 Mar 2019 18:50:30 GMT

@RenaissanceYou are the best! You were the only one who was able to help me update the Hash to Signature key with my website. Thanks!

Re: Can anyone refer me to developer for MD5Hash update?

Villawinery — Fri, 15 Mar 2019 01:33:23 GMT

I have this procedural code that has been working fine for years. Its simple, straight forward and works. Now with the migration to HSA512 I wonder how I can upgrade, or if I need to. I tried to test it in a sandbox but sandboxes do not generate asignature key. Well here is the code:

function authorize_cc ($cc,$exp,$cvv,$amount,$first_name,$last_name,$login='',$tranKey='',$signatureKey=''){

$post_string = 'x_login=' . $login;
$post_string .= '&x_tran_key=' . $tranKey;
$post_string .= '&x_delim_data=TRUE';
$post_string .= '&x_url=FALSE';
$post_string .= '&x_type=AUTH_CAPTURE';
$post_string .= '&x_method=CC';
$post_string .= '&x_relay_response=FALSE';
$post_string .= '&x_card_num=' . $cc;
$post_string .= '&x_exp_date=' . $exp;
$post_string .= '&x_amount=' . $amount;
$post_string .= '&x_address=';
$post_string .= '&x_zip=';
$post_string .= '&x_card_code=' . $cvv;
$post_string .= '&x_name=' . $first_name . ' ' . $last_name;

//# New SHA512 hash

if ($signatureKey != '') {
$textToHash="^". $login."^". $tranKey ."^". $amount."^";
$sig = hash_hmac('sha512', $textToHash, hex2bin($signatureKey));

}
//# Now what do we do with $sig? Do we include the rest of the fields in the hash?

$test_url = 'https://test.authorize.net/gateway/transact.dll';
$production_url = 'https://secure2.authorize.net/gateway/transact.dll';

$curl_request = curl_init( $test_url );

curl_setopt( $curl_request, CURLOPT_POSTFIELDS, $post_string );
curl_setopt( $curl_request, CURLOPT_HEADER, 0 );
curl_setopt( $curl_request, CURLOPT_TIMEOUT, 45 );
curl_setopt( $curl_request, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYHOST, 2 );
curl_setopt( $curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYPEER, false );

$response = curl_exec( $curl_request );

curl_close( $curl_request );

$results = explode(',',$response);

return $results;

}

Could anyone give some point on what to do next?

Re: Can anyone refer me to developer for MD5Hash update?

Renaissance — Sat, 16 Mar 2019 20:00:10 GMT

@Villawinery

You're using the wrong string in your fingerprint. More pressing than the fingerprint is the validation of the response. You will need to implement a sha512 response validation or you will have to disable response validation completely once the md5 is gone.

Re: Can anyone refer me to developer for MD5Hash update?

Villawinery — Sun, 17 Mar 2019 14:53:45 GMT

That is my question. How can I implement SHA512 in my routine? I am using a sand box to test it but the sand box does not gives you a way to generate a key, the only thing you get is the id and the transaction id. I have gone through the SDK, which is very cumbersome to follow, and I have not been able to pinpoint where SHA512 is used to connect through CURD. My function works well in production and also with the sandbox. All I need if a way to authorize credit cards and capture the transaction. I wish Authorize.net would give you points without refereing you to a cumbersome SDK.

Re: Can anyone refer me to developer for MD5Hash update?

Renaissance — Sun, 17 Mar 2019 15:17:16 GMT

You can generate a signature key in the sandbox. Just go to your API credentials page and select “generate a new signature key”. That’s the first thing you need. The signature key is not something that is unique to each transaction. It is a credential that is tied to you and only changes when you cancel it and get a new one. It is similar to a transaction key in that way.

https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/m-p/65774#M39390

Message 58 in that post has 100% tested and working code for SIM/DPM. Go generate a signature key. Copy and paste in that code. There is a fingerprint piece and a separate response verification piece. The code has comments for where each piece is.

Re: Can anyone refer me to developer for MD5Hash update?

Jaspersa — Fri, 09 Jan 2026 10:22:09 GMT

Braum’s menu offers a delicious selection of fresh breakfast items, juicy burgers, crispy chicken, healthy salads, combo meals, and premium ice cream made with farm-fresh dairy. Known for quality ingredients and classic flavors, Braum’s menu is a favorite choice for customers seeking tasty, affordable meals and signature frozen treats across the United States.