I'm using the DPM integration method, and regardless of what details I enter it returns the response code 3. That's supposed to mean that the card is declined, but it gives that when I use the test card info from the help files and when I use real credit card info as well.
Here's the simplified test page which has nothing but the sample html with the values plugged in: https://www.reellocations.com/clonedir/testpage.html
Does anyone know what I could be missing here?
11-30-2011 06:25 AM
It hard to said without the Response Reason Codes. The response_reason_text point to the x_fp_hash being wrong.
There is a debug tool from authorize.net
11-30-2011 07:47 AM
The response code is 3, but I'm not seeing a response reason code. The only values it's posting back to me are these:
[response_code] => 3
[response_reason_text] => (TESTMODE) This transaction cannot be accepted.
11-30-2011 08:35 AM
Temporarily change the applicable line in the relay response page to:
$redirect_url .= '?response_reason_code='.$response->response_reason_code . '&response_reason_text=' . $response->response_reason_text;
The error, as far as I can tell, has to do with a bad fingerprint. But there's no way to tell what's specifically wrong with it without the response reason code being passed to the error page.
11-30-2011 08:43 AM - edited 11-30-2011 08:43 AM
I see I didn't have the x_tran_key field that https://developer.authorize.net/tools/responsecode99/ says is required. However, I added it and that made no difference, same response. Edit: nevermind I see that should not be in there as a field so I took it back out.
11-30-2011 08:55 AM - edited 11-30-2011 09:05 AM
I've made the suggested change and got a response_reason_code of 97. This indicates "Applicable only to SIM API. Fingerprints are only valid for a short period of time. If the fingerprint is more than one hour old or more than 15 minutes into the future, it will be rejected. This code indicates that the transaction fingerprint has expired."
I was intending to do DPM though not SIM.
11-30-2011 09:04 AM
DPM, SIM, AIM all use the same URL location. It just required some different inputs. It the timestamp hard coded?
Test your x_fp_timestamp
11-30-2011 09:11 AM
DPM is layered on top of SIM, so the same fingerprint errors apply to both. From the DPM lib:
public static function getCreditCardForm($amount, $fp_sequence, $relay_response_url, $api_login_id, $transaction_key, $test_mode = true, $prefill = true) { $time = time(); $fp = self::getFingerprint($api_login_id, $transaction_key, $amount, $fp_sequence, $time);
The problem is that your local time is not the time that Authorize.net expects - either GMT or whatever your control panel is set to (I'm not sure which). You need to add to or subtract from $time so it matches up.
11-30-2011 12:52 PM
So I realized, of course it was expired -- because that was a .html simplified copy of the original PHP page. I went back to testing the PHP version ( https://www.reellocations.com/clonedir/index.php?action=bulksponsor ) and got response reason code 99 instead: "The server-generated fingerprint does not match the merchant-specified fingerprint in the x_fp_hash field."
Here's the PHP I'm using to generate the x_fp_hash field (hard-coded the number for testing):
authnet_fingerprint('19.95');
That's calling the authnet_fingerprint function from the SDK.
11-30-2011 08:45 PM - edited 11-30-2011 08:46 PM
Correction: sorry, that wasn't an SDK function, here's the functions:
function authnet_fingerprint($amount)
{
global $settings;
$apt_login_id = $settings->authorizenet;
$transaction_key = $settings->authorizenettransactionkey;
$fp_sequence = authnet_sequence();
$fp_timestamp = authnet_timestamp();
$api_login_id = ($api_login_id ? $api_login_id : (defined('AUTHORIZENET_API_LOGIN_ID') ? AUTHORIZENET_API_LOGIN_ID : ""));
$transaction_key = ($transaction_key ? $transaction_key : (defined('AUTHORIZENET_TRANSACTION_KEY') ? AUTHORIZENET_TRANSACTION_KEY : ""));
if (function_exists('hash_hmac')) {
return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key);
}
return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));
}
function authnet_sequence()
{
global $cache; // we cache this not for speed, but to make sure the same value gets used in each spot even if time second changes
if (!isset($cache['authnet_sequence'])) $cache['authnet_sequence'] = time();
return $cache['authnet_sequence'];
}
function authnet_timestamp()
{
global $cache; // we cache this not for speed, but to make sure the same value gets used in each spot even if time second changes
if (!isset($cache['authnet_timestamp'])) $cache['authnet_timestamp'] = time();
return $cache['authnet_timestamp'];
}
11-30-2011 09:05 PM