Cybersource Developer Community Cybersource Developer Community

ktp925 · ‎04-25-2017

Hi all, after searching the internet for a very long time, I figured I'd make a post about this.

Right now I'm using Ruby on Rails with a sandbox account, and using SIM with the ruby gem.

Following the documentation, I'm able to make a test payment to my sandbox account, and I can see the transaction is going through. However, the .success? below always returns false in relay_response:

def relay_response
sim_response = AuthorizeNet::SIM::Response.new(params)
# @sim_response = sim_response
if sim_response.success?(AUTHORIZE_NET_CONFIG['api_login_id'], AUTHORIZE_NET_CONFIG['merchant_hash_value'])
render :text => sim_response.direct_post_reply(payments_receipt_url(:only_path => false), :include => true)
else
render
end
end

The actual relay is fine, I end up at the correct route, however the .success? always evaluates to false.

I've checked, double checked, and tripple checked my api login id and merchant hash value, so I don't think that that is the problem.

Any help would be greatly appreciated, thanks.

RichardH · ‎04-25-2017

Hello @ktp925

Are you able to see the transaction in the sandbox merchant interface?

Richard

ktp925 · ‎04-26-2017

Hi, yes I am.

ktp925 · ‎04-26-2017

Here is what paramdump is giving me when I use it as my relay route:

Data Validation URL Tool

Data Validation Tool

The Data Validation Tool helps developers check the syntax of name/value pairs. Changing the
Transaction POST URL in your script from https://test.authorize.net/gateway/transact.dll to
http://developer.authorize.net/bin/developer/paramdump will display the transaction results.
You can then verify that all field names and values in your transaction request are correct.

Please Note:

The Data Validation tool only reflects the values from your POST, it will not provide error codes.
An HTTP Referer Header is required when using POST.

REQUEST_METHOD:	POST
HTTP_REFERER:	none

Field Name Field Value

x_response_code	1
x_response_reason_code	1
x_response_reason_text	This transaction has been approved.
x_avs_code	Y
x_auth_code	65JQ42
x_trans_id	60022782695
x_method	CC
x_card_type	Visa
x_account_number	XXXX0027
x_first_name
x_last_name
x_company
x_address
x_city
x_state
x_zip
x_country
x_phone
x_fax
x_email
x_invoice_num
x_description
x_type	auth_capture
x_cust_id
x_ship_to_first_name
x_ship_to_last_name
x_ship_to_company
x_ship_to_address
x_ship_to_city
x_ship_to_state
x_ship_to_zip
x_ship_to_country
x_amount	10.00
x_tax	0.00
x_duty	0.00
x_freight	0.00
x_tax_exempt	FALSE
x_po_num
x_MD5_Hash	9C12D9326A62002406386A8E395EE4BC
x_SHA2_Hash
x_cvv2_resp_code	P
x_cavv_response	2
x_test_request	false
utf8
authenticity_token	9FSjQ96vkWlInD3+G/dZbkzMqjZFT2ML97OopEUMB0IBcQbFgpQExkefjyV1NPqL/e1A8KwLq6BQu2jRcCKyhQ==
commit	Purchase

Trevor · ‎04-26-2017

I know you mentioned that you have doublechecked the md5 secret key, but an error validating the hash is really the only thing that I can think of that would cause this scenario. What I would recommend is to try and validate the hash value directly.

The validation is fairly simple and involves the following:

The shared secret key that you have entered into your Authorize.Net MD5 setting.
Your API Login ID
The transaction ID returned in the transaction response
The transaction amount

These four parameters are concatenated and then run through a simple md5 function to generate the x_MD5_hash value that is returned.

I don't know your shared secret or api login ID, but the validation would be along the lines of this:

md5("SecretLogin6002278269510.00") = "9C12D9326A62002406386A8E395EE4BC"

I would recommend substituting in those parameters and seeing if the values match. There are several tools online that allow you to generate an md5 hash if you don't have another easy way to do that.

If this doesn't match, then there is still something going on with the shared secret.

ktp925 · ‎04-26-2017

So, changing my code to:

sim_response = AuthorizeNet::SIM::Response.new(params)
hash = Digest::MD5.hexdigest(secret + login_id + sim_response.transaction_id + x_amount).upcase
if sim_response.x_MD5_Hash == hash

etc....

Makes my site timeout (transaction still goes through)

I'm suspicious if

sim_response = AuthorizeNet::SIM::Response.new(params)

Is actually successfully creating an object. In the view, I can echo out the object itself, but whenever I try to access any attributes on the object I get error messages. And trying to even find out if that object has valid attributes isn't happening, because whenever I try to access them in my controller, I get a timeout error from authorize..

So my post to authorize.net is fine, it's the post that I'm recieving from authorize.net

ktp925 · ‎04-26-2017

I apologize for the bombardment of messages this morning, but I've found out that I am actually getting paramaters (previous code had an assignment = instead of comparison)

Anyhow, I can now check to see if the x_response_code is 1, so that's how I'm verifying it for now.. Obviously this is not ideal though.

This comparison now evaluates to true as well:

if params[:x_MD5_Hash] == Digest::MD5.hexdigest('SecretLogin' + params[:x_trans_id] + params[:x_amount]).upcase

After I run:

sim_response = AuthorizeNet::SIM::Response.new(params)

I can not actually access any attributes on sim_response. So I think the problem has something to do with the initializer, but looking at the docs it seems that you just pass 'params' to it..

Cybersource Developer Community Cybersource Developer Community

Ruby gem, SIM response success returning false, transaction going through (sandbox)