Cybersource Developer Community Cybersource Developer Community

Just an FYI to those that read Richard's "just get your key"  you do this by signining into the sandbox account.  Go to Account and under Security Settings click API Credentials & Keys.  So far test results haven't worked but I'm currently building a string of 30 form fields also the secret I aquired had a cariage return in front of it that is also causing issues and no idea if that should be trimmed or left in place so still plugging away.

@MinneSnowtain

I saw this post earlier and was going to reply that you needed a signature key. That was obviously your issue. You have a second issue that you may not be aware of. You are using either SIM or DPM. That is why you are submitting x_fp_hash in your request. The sample request you posted has an MD5 hash as the value being submitted. x_fp_hash is required for you to submit transactions, and the MD5 will also be deprecated for that.


So you will have to submit a sha512 hash in your transaction request. There are 2 hashes for you, 1 is the fingerprint and the other is the validation. They both use different strings. And do confirm 100% what method you are using before you go any further. It is one of AIM,DPM, or SIM based on your request parameters. The x_name_name formatting in your request is for those methods. You had previously determined that you were on AIM but I would double check that. I do not think that you submit x_fp_hash with AIM, and you are also missing the cc #.

If I’ve missed something disregard, as I haven’t been following every post on this thread. Just glanced through it and am typing on my phone.

@RichardH 

 

Could you please confirm that the hashed string is to contain these fields AND in this order with no data seperated charactor:

• x_trans_id

• x_test_request

• x_response_code 

• x_auth_code

• x_cvv2_resp_code

• x_cavv_response

• x_avs_code

• x_method

• x_account_number

• x_amount

• x_company

• x_first_name

• x_last_name

• x_address

• x_city

• x_state

• x_zip

• x_country

• x_phone 

• x_fax 

• x_email 

• x_ship_to_company   

• x_ship_to_first_name 

• x_ship_to_last_name 

• x_ship_to_address 

• x_ship_to_city 

• x_ship_to_state 

• x_ship_to_zip 

• x_ship_to_country 

• x_invoice_num

so far in sandbox creating a string of those field's data and hashing with the secret key (minus the cariage return) it is NOT matching the data in X_SHA2_HASH. 

 

I've tried

• just contacting the data elements
• adding the ^ between the data elements
• binaryDecode the secret key
• leave the secret key as is
• use the three fields (both concantinated and with ^ between them)

  • API Login ID

  • Transaction ID

  • Amount 

If you could please, please, PLEASE confirm the hashed string data fields I can then switch my focus to maybe it's the server hashing that is the problem.  

 

Thank you Richard for your help.

@MinneSnowtain

The string you use for the hash depends on whether you are making the fingerprint, doing the verification, and your integration method. You need to nail down solid 100% what integration method you use before you go any further. This is just a hobby for me to kill time, but I’ve helped scores of people on this forum and have been wrong twice out of 100s of posts. If you’re using SIM/DPM you may have a very unpleasant surprise if you don’t address the fingerprint issue.

I would suggest reviewing the thread at https://community.developer.authorize.net/t5/Integration-and-Testing/Upgrading-MD5-to-new-hash-SIM/m...

 

It contains a great deal of information on how others have implemented their solution.

 

Richard

@Renaissance 

 

So I'm trying to verify the post I get from auth.net is from auth.net.  That is done by them posting form fields to the site I entered into the Silent Post Url.  I am not using any API but the Silent Post Url process. 

 

So when you ask 'nail down solid 100% what integration method you use' how would I nail that down exactly?  To me it's the Silent Post Url but everyone keeps talking about SIM/DPM, which idk what those mean or stand for or where I can see this intergration method in my sandbox account..I can only state what I've entered into the sandbox account Silent Post Url to get a response back that the user entered and paid (or didn't) and what data I get back.

The way I can tell that you are not using AIM is that you don’t submit the cc# and that you do submit
The x_fp_hash. That narrows you down to SIM/DPM. Those both use the same process. The reason I hedged my bets at all was that you previously determined you use aim in an earlier post, if I am recalling things correctly. I thought you may know something that I do not.

So for you, you have to submit a fingerprint in the transaction. Your sample code has an MD5 hash. I was under the impression that the fingerprint MD5 is also being deprecated, but the docs here aren’t 100% clear on that and seem to indicate that maybe the MD5 hash will still be supported going forward. So that’s not a question I can fully answer, because all I have are the docs to go on.

For silent post you are validating the response, so I think those 30 fields are what you need. If you want to know for sure what integration you are using, google authorize.net SIM developer guide. It will have both SIM and DPM, DPM is in the back of that pdf. The also look up AIM developer guide. You can compare your request process to what is in those docs. At this point I would bet high and let it ride that you are not using AIM, for the reasons I gave earlier.

I’ll be back on later sometime, at least by tomorrow afternoon. If you’re still stuck I’ll be looking for you. I can probably track down the exact string for silent post. Those 30 fields, for sure, and I think maybe enclosed in carets. I don’t use any of the products/methods discussed in this thread so I have to look up docs. Everything I have posted about my personal integration methods has been tested and used in live real
Money environments.

https://support.authorize.net/s/article/Do-I-need-to-upgrade-my-transaction-fingerprint-from-HMAC-MD...

The SIM/DPM guide hasn’t been updated and still says that “MD5 is supported but not recommended”. But per this more recent update linked above, you will need to update your fingerprint. I’ll see where you’re at next time I’m on. For your response validation I would say you can get it done fairly quickly by testing those 30 values delimited by carets and if that doesn’t work try without carets. Depending on your language you may have to convert your signature key to a byte array. I use php and with that strings work out of the box, just has to be converted from hex. The link @RichardH posted is a great resource for all aspects of the process. Also look for threads around the same time, as there were all kinds of post going around around that same time for many different methods and programming languages.

@Renaissance 

 

Thank you so much for your response.  My server side scripting is Coldfusion (v10) which can be buggy and I'm in the auth.net sandbox not live (I know I'm weird and try not to test code in production LOL). 

 

I've also ready threw that post @RichardH  provided and it did give some clues.  I will keep you posted since I also wonder if auth.net sandbox might be buggy too.  I read things regarding the field X_TEST_REQUEST being true in sandbox might be a problem (I do have my sandbox set to Live Mode as instructed but that field is set to true).