I was caught off guard by the retirement of the md5 hash. I'm trying to fix some legacy code to keep our legacy site limping along until we can get the rebuilt site out -- THE LEGACY SERVER CANNOT RUN the latest SDK so please do not suggest that in response to this question.
In trying to fix this legacy code, I cannot get the test transactions (or even a couple of transactions run on the production system) to supply the HMAC-SHA512 hash promised in the Aim Guide in the section titled "Authenticating the Response."
Here's a sample raw response from an AIM transaction with some values changed for privacy:
"1"|"1"|"1"|"This transaction has been approved."|"52R4QE"|"Y"|"40034138508"|"2019-07-0269072"|"Purchase Description Blah Blah Blah"|"99.95"|"CC"|"auth_capture"|"3"|"Joe"|"Test"|"n/a"|"123 Main St."|"Los Angeles"|"CA"|"90026"|"US"|""|""|"joe.test@example.com"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"P"|"2"|""|""|""|""|""|""|""|""|""|""|"XXXX1111"|"Visa"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""
According to the AIM Guide, "The last field in the response contains the HMAC-SHA512 hash that Authorize.Net generated for the transaction, which can be used to authenticate the response. To use it, construct an HMAC-SHA512 hash..."
This does not appear to be the case at all. Is this HMAC only present for certain types of transacations? Is it not provided by the sandbox gateway? What's the deal?
Solved! Go to Solution.
07-02-2019 11:38 PM
07-02-2019 11:52 PM
07-02-2019 11:52 PM
Thanks for your response. It stands to reason that the gateway cannot provide a hash until you define the signature key used to generate that hash. I added a signature key to the account(s) and I now see the signature.
07-03-2019 11:45 AM
07-03-2019 12:20 PM
Thanks for the additional detail. I had managed to locate all that and things seem to be working. I found this code snippet to be especially useful:
https://github.com/AuthorizeNet/sample-code-php/blob/master/Sha512/compute_trans_hashSHA2.php
07-03-2019 12:25 PM