developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

possible ways to make silent post url script secure

Hello,

 

anyone know possible ways to make our script to handle authorize silent post url response secure ? if someone knows/ crack  our slient post url and try to run manullay from browser or hack script then it may create problem with our system.

 

can we use HTTP_REFERER or something else to make this happen ?

 

Thanks!

tatvaauthorize
Contributor

‎09-06-2015 11:43 PM

0 Kudos
2 REPLIES 2

Hello @tatvaauthorize

 

A silent post will always originate from the same IP addresses as documented here: https://community.developer.authorize.net/t5/Integration-and-Testing/Authorize-Net-Relay-Response-Si...

 

Richard

RichardH
Administrator Administrator
Administrator

‎09-08-2015 08:39 AM

Another method of ensuring that a transaction Silent Post or Relay Response is legitimate and from Authorize.Net is to set an MD5 Hash setting in the Merchant Interface and verify the resulting hash returned in the response. This feature is documented in the AIM and SIM documentation.

 

We like to verify both the hash and the IP.

 

Fritz

coppercup
Regular Contributor
In response to RichardH

‎12-15-2015 07:52 AM

Copyright © 2024 Khoros, LLC