We are using Python with DPM post option. Followed the hash upgrade link instructions from here:
https://developer.authorize.net/support/hash_upgrade/
DPM post fails with "This transaction cannot be accepted." Not getting additional clues and the failed transaction is not visible in Sandbox.
I am stuck and don't know how to proceed. Need a clear example for the following:
1. How to generate the SHA512 hash in Python
2. How to verify the returned hash in Python
Here is what I tried for #1 above that results in failure:
fingerprint = hmac.new(binascii.unhexlify(security_tokens["SIGNATURE_KEY"]),
"^"+security_tokens["LOGIN_ID"]+"^"+self.seq+"^"+ts+"^"+self.amount+"^", digestmod=hashlib.sha512).hexdigest()
When I do a DPM post with this generated hash in x_fp_hash, I get "This transaction cannot be accepted."
Still don't know the exact python code to verify the returned SHA512 hash (#2).
Example code snippets in Python is much appreciated.
Also when I copied the signature key to clipboard, I noticed an extra carriage return in the beginning. However, I used the characters after the carriage return. Not sure if that has any impact?
Thanks
Solved! Go to Solution.
01-11-2019 03:29 PM - edited 01-11-2019 03:33 PM
02-27-2019 02:27 AM
01-20-2019 09:30 AM
Any update. I am not able to proceed.
02-25-2019 08:41 PM
02-27-2019 02:27 AM
Thank you very much for this useful input. Got confused by this post:
https://developer.authorize.net/support/hash_upgrade/
Now transaction succeeds. But the auth response hash 'x_SHA2_Hash' does not match the generated hash as suggested in the above article. I generate the hash at my end as follows from the DPM response:
generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
"^"+security_tokens["LOGIN_ID"]+"^"+request.POST.get('x_trans_id')+"^"+request.POST.get('x_amount')+"^", hashlib.sha512).hexdigest().upper()
I tried with the intial ^ and without that also. But my generated hash does not match the hash in response 'x_SHA2_Hash'. What am I missing?
I also saw this post suggesting using all fields in response:
https://stackoverflow.com/questions/54256127/updating-md5-to-sha512-authorizenet
Very confused!!!
Thanks
03-02-2019 04:23 PM
I saw conversation regarding amount with decimals, having to use all the fields in the response for the hash and still don't have a definitive answer on how to compare the hash in response. The amount fields in my cas has decimals already. Stuck.
03-02-2019 04:37 PM
Next I tried the following (all 30 fields) as suggested in the forum. Still NO SUCCESS!! Very frustrating!!!!
str_to_hash=("^" + request.POST.get('x_trans_id', '') +
"^" + request.POST.get('x_test_request', '') +
"^" + request.POST.get('x_response_code ', '') +
"^" + request.POST.get('x_auth_code', '') +
"^" + request.POST.get('x_cvv2_resp_code', '') +
"^" + request.POST.get('x_cavv_response', '') +
"^" + request.POST.get('x_avs_code', '') +
"^" + request.POST.get('x_method', '') +
"^" + request.POST.get('x_account_number', '') +
"^" + request.POST.get('x_amount', '') +
"^" + request.POST.get('x_company', '') +
"^" + request.POST.get('x_first_name', '') +
"^" + request.POST.get('x_last_name', '') +
"^" + request.POST.get('x_address', '') +
"^" + request.POST.get('x_city', '') +
"^" + request.POST.get('x_state', '') +
"^" + request.POST.get('x_zip', '') +
"^" + request.POST.get('x_country', '') +
"^" + request.POST.get('x_phone', '') +
"^" + request.POST.get('x_fax', '') +
"^" + request.POST.get('x_email', '') +
"^" + request.POST.get('x_ship_to_company', '') +
"^" + request.POST.get('x_ship_to_first_name', '') +
"^" + request.POST.get('x_ship_to_last_name', '') +
"^" + request.POST.get('x_ship_to_address', '') +
"^" + request.POST.get('x_ship_to_city', '') +
"^" + request.POST.get('x_ship_to_state', '') +
"^" + request.POST.get('x_ship_to_zip', '') +
"^" + request.POST.get('x_ship_to_country', '') +
"^" + request.POST.get('x_invoice_num', '') +
"^")
#generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
#"^"+security_tokens["LOGIN_ID"]+"^"+request.POST.get('x_trans_id')+"^"+request.POST.get('x_amount')+"^", hashlib.sha512).hexdigest().upper()
generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
str_to_hash, hashlib.sha512).hexdigest().upper()
03-02-2019 05:17 PM
This also did not work:
generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
security_tokens["LOGIN_ID"]+request.POST.get('x_trans_id')+request.POST.get('x_amount'), hashlib.sha512).hexdigest().upper()
Frustrating!!! Why is there a simple definitive post like this: If you are using DPM here is how you will generate sha512 hash to compare????
03-02-2019 05:32 PM
03-03-2019 12:23 AM
Please post the authoritative sha512 verification code from the DPM response in php and I will take it from there. Thanks
03-03-2019 02:40 PM