Authorize.net Phasing Out MD5 transHash

  • Posts: 29
  • Thank you received: 2
  • Hikashop Business
1 week 17 hours ago #302499

-- url of the page with the problem -- : n/a
-- HikaShop version -- : 4.0.1
-- Joomla version -- : n/a
-- PHP version -- : n/a
-- Browser(s) name and version -- : n/a
-- Error-message(debug-mod must be tuned on) -- : n/a

Please advise when an update is available for this issue from Authorize.net. It is not urgent for existing HikaShop accounts as they have not given a phase out date. However, new accounts will not be able to use the MD5 next month. Thx


EMAIL RECEIVED 1/11/19:
Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.

We have identified that you have this feature configured and may be relying on MD5 based transHash in transaction responses for verifying the sender is Authorize.Net.

Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key.

Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change.

Additionally, please take a moment to complete this one question survey and provide details on the application used to connect to Authorize.Net.

Thank you for your attention to this matter and for being an Authorize.Net merchant.

Sincerely,
Authorize.Net

Please Log in or Create an account to join the conversation.

  • Posts: 23202
  • Thank you received: 3592
  • MODERATOR
6 days 13 hours ago #302518

Hello,

There was a link in the email for the "transaction hash upgrade guide".
That guide explain what should be done : developer.authorize.net/support/hash_upgrade/

Regards,


Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 29
  • Thank you received: 2
  • Hikashop Business
5 days 18 hours ago #302533

Jerome,

I assume your response was meant for other HikaShop developers. As a HikaShop user, I don’t know how to use those instructions.
Thx.

Please Log in or Create an account to join the conversation.

  • Posts: 64484
  • Thank you received: 9313
  • MODERATOR
5 days 1 hour ago #302566

Hi,

I would recommend to contact the Authorize.net support.
Because this text and the upgrade guide talk about variables which aren't in the SIM or AIM APIs implemented in the Authorize.net payment plugin.
So either they sent you an email which actually isn't relevant to you, or it is relevant but they didn't provide any useful information concerning the API you're using.
We can't do anything to help you with the information so far and looking online for more information about that md5 hash upgrade didn't yield any useful information either.
So besides asking for more precision to Authorize.net support, I don't see anything else you can do.

Please Log in or Create an account to join the conversation.

  • Posts: 79
  • Thank you received: 11
  • Hikashop Business
4 days 20 hours ago #302592

I am also in this boat and not clear on what to do to ensure compatibility.

Please Log in or Create an account to join the conversation.

  • Posts: 29
  • Thank you received: 2
  • Hikashop Business
4 days 17 hours ago #302602

I just talked to Authorize.net customer support. He said the MD5 hash is an optional field on their end and if we don’t use the MD5 field then we won’t have any problems. He said that if HikaShop developers want to contact tech support regarding this issue, there is contact details in the developer section of their website. It is only email though — no phone support.

He said that some very old APIs required the MD5 hash tag and if their system doesn’t work without it, then this change will be a problem for them. I’m pretty sure the MD5 hash was optional when I set up my client. I will check later as I have an appointment in a few minutes. But Authorize.net support said that if I removed the MD5 hash from my API (i.e., my HikaShop payment plugin), that I would still be able to process a transaction as far as Authorize.net was concerned. If it doesn’t work, it would be because HikaShop required it (which I doubt).

So the gist is that if HikaShop doesn’t require the MD5 has be present for a successful transaction, then it is not an issue.

Please Log in or Create an account to join the conversation.

  • Posts: 64484
  • Thank you received: 9313
  • MODERATOR
4 days 3 hours ago #302613

Hi,

Please note however that the MD5 Hash in the settings of the Authorize.net payment plugin is for the SIM and AIM APIs in order to set the x_fp_hash parameter and check the x_MD5_Hash parameter.
There is no transHash parameter in these APIs.
The MD5 hash in the settings of the payment plugin is required, but reading there message and guide, it looks like they are talking about something else since the parameter names don't match.

Please Log in or Create an account to join the conversation.

  • Posts: 64484
  • Thank you received: 9313
  • MODERATOR
4 days 3 hours ago #302614

PS: I've sent a question to the developer support of Authorize.net to make sure that this change is not related to SIM/AIM and if it is, that they provide the necessary information. We'll see what they have to say.

Please Log in or Create an account to join the conversation.

  • Posts: 79
  • Thank you received: 11
  • Hikashop Business
3 days 21 hours ago #302633

So in theory we could remove the requirement of the Hikashop Authorize.net plugin for the MD5 field and be good to go?

Please Log in or Create an account to join the conversation.

  • Posts: 300
  • Thank you received: 6
  • Hikaserial Standard Hikaserial Subscription Hikashop Business
3 days 11 hours ago #302649

I, too, am a bit confused on this email as I have a client who has received it. I looked on their Authorize payment plugin and there is a hash in the "Your MD5 Hash (response key) on Authorize.net" field.

In a previous post, the user indicated:
But Authorize.net support said that if I removed the MD5 hash from my API (i.e., my HikaShop payment plugin), that I would still be able to process a transaction as far as Authorize.net was concerned. If it doesn’t work, it would be because HikaShop required it (which I doubt).

So should I remove the hash total from the "Your MD5 Hash (response key) on Authorize.net" field and, if so, will this impact the ability to process transactions?

Please Log in or Create an account to join the conversation.

  • Posts: 64484
  • Thank you received: 9313
  • MODERATOR
3 days 2 hours ago #302635

No, the MD5 Hash setting in the plugin is necessary.
What I said is that I don't see any link between the message you received and the APIs implemented in these plugins.
So in theory, you could just ignore that message and continue with what you have.
That's what we need to check with Authorize.net's support.

Please Log in or Create an account to join the conversation.

  • Posts: 300
  • Thank you received: 6
  • Hikaserial Standard Hikaserial Subscription Hikashop Business
2 days 10 hours ago #302684

nicolas,

Thanks for the update. If you find out anything different, I'm sure everyone would appreciate a response in this thread as we are receiving notices. :)

Luke

Please Log in or Create an account to join the conversation.

  • Posts: 64484
  • Thank you received: 9313
  • MODERATOR
1 day 23 hours ago #302694

Hi,

I got a first answer from Authorize.net level 1 support which completely missed the subject. With my following reply they redirected the support request to the engineers on their end. I'm waiting for an anwser from them.

Please Log in or Create an account to join the conversation.

Time to create page: 0.128 seconds
Powered by Kunena Forum