[#7418] Authorize.Net is phasing out the MD5 hash

5 years 2 weeks ago #311141 by beat
Just got following automatic email from authorize.net:

MD5 Hash End of Life Moved to June 28, 2019

After reviewing feedback concerning the production cutoff date for the MD5 Hash, we are pushing back the production update from March 14, 2019, to June 28, 2019. We will continue to review feedback and consider further date changes as needed over the next month.


So, customers calling them works. For such business-breaking changes, a clear drop-off date and active advance customer notification should be minimum 12 to 24 months in advence.

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
The following user(s) said Thank You: ospaorg

Please Log in to join the conversation.

5 years 1 week ago #311341 by beat
Latest nightly release, just released allows to just empty the MD5 Hash setting in CBSubs to stop testing it.

That also adds a new "Authorize.net Signature Key" parameter for the SHA2 signature (not yet implemented on their Sandbox server!!!!).

IF your ARB Silent Posts of the productive server (see in Notifications of CBSubs) *have* a SHA2 signature as they should (Sandbox server does not have it, so couldn't test) then you can try setting the (optional) the new Authorize.net Signature Key parameter too, but please test thoroughly the ARB re-curring payments (not the first one, but re-occuring ones) as I had to guess from different posts how that could work, so no guarrantee it works. Otherwise leave "Authorize.net Signature Key" parameter blank for no tests.

If you see an authorize.net Auto-recurring Silent Post with a x_SHA2_Hash parameter in the POST, please PM me the content of raw POST that you can find in your Notification so I can check/try to guess their undocummented signature algorithm for ARB silent posts. Thanks!

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
The following user(s) said Thank You: nant

Please Log in to join the conversation.

4 years 11 months ago #311707 by ThePiston
so now that I have deleted the MD5 hash and saved the new Signature Key, all should be good? My users were getting a lot of denials the past few days

CB 2.3, CBsubs 4.3, PHP 7.1, J! 3.9.X

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.252 seconds

Facebook Twitter LinkedIn