Hi,
SHA-512 hash mismatch when we enter non-ascii characters in the hosted payment page fields such as Firstname, lastname and address.
Example from Sandbox testing:
Tested with following card information:
Card number: 4111111111111111
Expiry:1222
CVV: 123
Firstname: Renée
Lastname: brown
Address: 123 main street
Zip: 30321
Transaction Response:
x_card_type: Visa
x_method: CC
x_state:
x_last_name: brown
x_ship_to_city:
x_cvv2_resp_code:
x_email:
x_avs_code: P
x_tax_exempt: FALSE
x_auth_code: 000000
x_SHA2_Hash: CA8F8217A69502E67BAB881A4B6B008480E73DFBD2132D864D74E7F660D33F58B5C067011267D98DA4FEA9AEE98C35A7F581A2B8618D9537D470A7001A796ADF
x_type: auth_only
x_response_code: 1
x_invoice_num: 900002667
x_address: 123 main street
x_response_reason_text: (TESTMODE) This transaction has been approved.
x_description: Brygid - Test Store
x_company:
x_MD5_Hash:
x_cavv_response:
x_duty: 0.00
x_cust_id: s900002667
x_account_number: XXXX1111
x_test_request: true
x_ship_to_address:
x_country:
x_city:
x_ship_to_company:
x_fax:
x_zip: 30321
x_first_name: Ren�
x_ship_to_first_name:
x_tax: 0.00
x_phone:
x_ship_to_state:
x_ship_to_last_name:
x_po_num:
x_ship_to_country:
x_response_reason_code: 1
x_ship_to_zip:
x_trans_id: 0
x_freight: 0.00
x_amount: 3.23
Datastring to generate hash = ^0^true^1^000000^^^P^CC^XXXX1111^3.23^^Ren�^brown^123 main street^^^30321^^^^^^^^^^^^^900002667^
Hash generated: 91D06EE60901B000B4308A1A10BBE916A8B2C939C69F5E976D37CB2096887AAA9BAC0F6E7B96A512C5B3650C6A3C11E9F3A9C8AE7939E4234BD36A0CD3C38255
It is an issue with character encoding but we don't know how Auth.net handles the encoding before generating the hash which they send in the response.
Will really appreciate any help from the community to resolve this issue.
Thanks
06-04-2019 11:22 AM
In your sandbox, are you running in testmode or setting testmode in your request? If so, you'll want to set your sandbox to live mode.
Richard
06-04-2019 08:00 PM - edited 06-04-2019 08:01 PM
This is entirely an encoding issue and something that has to be handled on the developer's end. The auth.net response comes in a url encoded format and server side programming must be implemented to manipulate the encoding of the non-ASCII characters. This step was not needed for md5 due to customer information fields like name, address, etc. not being used to calculate the hash. This issue is not unique to any one developer and there are a few who have commented on how they handle it in their applications.
If auth.net wanted to pick up some of the work, they would need to send the SIM/DPM response in a different format, which would likely break 90% of existing integrations. Or you could change the method used to calculate the hash so it doesn't use customer info fields and have a forum gone wild with irate developers telling you to go to.....
I would recommend you use webhooks. The sha512 validation for that is much simpler and you will find a solution using that much faster than you will grinding your wheels on this. It took me 15 minutes to set up webhooks on the first go round, and it took me 4 hours to write the programming for the relay response you are working with. You are going to find it to be harder and harder to keep the pace with products that are no longer supported.
06-05-2019 04:20 AM
@RichardH
We are setting testmode in the request. We having the exact same issue in production as well. All of our clients are affected.
As @Renaissance mentioned, it is entirely an encoding issue. We need to know how to handle the non-Ascii characters data coming in the response so we can generate a correct hash.
We are looking for a proper solution which can handle any character being entered by the customer on the payment page.
06-05-2019 10:12 AM
06-05-2019 10:54 AM
@Renaissance
I never see Lithuanian I with an accented bottom being entered.
06-05-2019 02:33 PM
06-05-2019 07:51 PM - edited 06-05-2019 07:52 PM
06-05-2019 07:56 PM
@Renaissance It will be great to see how you are handling the non-ascii characters. Will it be able to handle single quote ’ ?
@RichardH Can you also give your input on how Auth.net suggest to handle the non-ascii characters in the response so we can generate a correct hash?
This issue is affecting all of our clients which are switched to SHA512 and there is nothing in the documentation which states how to handle the response data for non-ascii characters to generate a proper hash.
06-06-2019 09:09 AM
06-06-2019 07:48 PM - edited 06-06-2019 07:49 PM