Showing results for 
Search instead for 
Did you mean: 

Trouble testing DPM

I'm using the DPM integration method, and regardless of what details I enter it returns the response code 3. That's supposed to mean that the card is declined, but it gives that when I use the test card info from the help files and when I use real credit card info as well.


Here's the simplified test page which has nothing but the sample html with the values plugged in:


Does anyone know what I could be missing here?


It hard to said without the Response Reason Codes. The response_reason_text point to the x_fp_hash being wrong.


There is a debug tool from


The response code is 3, but I'm not seeing  a response reason code. The only values it's posting back to me are these:


[response_code] => 3

[response_reason_text] => (TESTMODE) This transaction cannot be accepted.



Temporarily change the applicable line in the relay response page to:


$redirect_url .= '?response_reason_code='.$response->response_reason_code . '&response_reason_text=' . $response->response_reason_text;

The error, as far as I can tell, has to do with a bad fingerprint. But there's no way to tell what's specifically wrong with it without the response reason code being passed to the error page.

I see I didn't have the x_tran_key field that says is required. However, I added it and that made no difference, same response. Edit: nevermind I see that should not be in there as a field so I took it back out.

I've made the suggested change and got a response_reason_code of  97. This indicates "Applicable only to SIM API. Fingerprints are only valid for a short period of time. If the fingerprint is more than one hour old or more than 15 minutes into the future, it will be rejected. This code indicates that the transaction fingerprint has expired."


I was intending to do DPM though not SIM.

DPM, SIM, AIM all use the same URL location. It just required some different inputs. It the timestamp hard coded?


Test your x_fp_timestamp

DPM is layered on top of SIM, so the same fingerprint errors apply to both. From the DPM lib:


    public static function getCreditCardForm($amount, $fp_sequence, $relay_response_url, $api_login_id, $transaction_key, $test_mode = true, $prefill = true)
        $time = time();
        $fp = self::getFingerprint($api_login_id, $transaction_key, $amount, $fp_sequence, $time);

The problem is that your local time is not the time that expects - either GMT or whatever your control panel is set to (I'm not sure which). You need to add to or subtract from $time so it matches up.

So I realized, of course it was expired -- because that was a .html simplified copy of the original PHP page. I went back to testing the PHP version ( ) and got response reason code 99 instead: "The server-generated fingerprint does not match the merchant-specified fingerprint in the x_fp_hash field."


Here's the PHP I'm using to generate the x_fp_hash field (hard-coded the number for testing):




That's calling the authnet_fingerprint function from the SDK.

Correction: sorry, that wasn't an SDK function, here's the functions:


function authnet_fingerprint($amount)

global $settings;
$apt_login_id = $settings->authorizenet;
$transaction_key = $settings->authorizenettransactionkey;
$fp_sequence = authnet_sequence();
$fp_timestamp = authnet_timestamp();

$api_login_id = ($api_login_id ? $api_login_id : (defined('AUTHORIZENET_API_LOGIN_ID') ? AUTHORIZENET_API_LOGIN_ID : ""));
$transaction_key = ($transaction_key ? $transaction_key : (defined('AUTHORIZENET_TRANSACTION_KEY') ? AUTHORIZENET_TRANSACTION_KEY : ""));
if (function_exists('hash_hmac')) {
return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key);
return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));


function authnet_sequence()
global $cache; // we cache this not for speed, but to make sure the same value gets used in each spot even if time second changes
if (!isset($cache['authnet_sequence'])) $cache['authnet_sequence'] = time();
return $cache['authnet_sequence'];


function authnet_timestamp()
global $cache; // we cache this not for speed, but to make sure the same value gets used in each spot even if time second changes
if (!isset($cache['authnet_timestamp'])) $cache['authnet_timestamp'] = time();
return $cache['authnet_timestamp'];