Cybersource Developer Community Cybersource Developer Community

I have this procedural code that has been working fine for years. Its simple, straight forward and works.  Now with the migration to HSA512 I wonder how I can upgrade, or if I need to.  I tried to test it in a sandbox but sandboxes do not generate asignature key.  Well here is the code:

 

function authorize_cc ($cc,$exp,$cvv,$amount,$first_name,$last_name,$login='',$tranKey='',$signatureKey=''){

 

$post_string = 'x_login=' . $login;
$post_string .= '&x_tran_key=' . $tranKey;
$post_string .= '&x_delim_data=TRUE';
$post_string .= '&x_url=FALSE';
$post_string .= '&x_type=AUTH_CAPTURE';
$post_string .= '&x_method=CC';
$post_string .= '&x_relay_response=FALSE';
$post_string .= '&x_card_num=' . $cc;
$post_string .= '&x_exp_date=' . $exp;
$post_string .= '&x_amount=' . $amount;
$post_string .= '&x_address=';
$post_string .= '&x_zip=';
$post_string .= '&x_card_code=' . $cvv;
$post_string .= '&x_name=' . $first_name . ' ' . $last_name;

 

//# New SHA512 hash

 

if ($signatureKey != '') {
$textToHash="^". $login."^". $tranKey ."^". $amount."^";
$sig = hash_hmac('sha512', $textToHash, hex2bin($signatureKey));

}
//# Now what do we do with $sig? Do we include the rest of the fields in the hash?

 

$test_url = 'https://test.authorize.net/gateway/transact.dll';
$production_url = 'https://secure2.authorize.net/gateway/transact.dll';

 

$curl_request = curl_init( $test_url );

curl_setopt( $curl_request, CURLOPT_POSTFIELDS, $post_string );
curl_setopt( $curl_request, CURLOPT_HEADER, 0 );
curl_setopt( $curl_request, CURLOPT_TIMEOUT, 45 );
curl_setopt( $curl_request, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYHOST, 2 );
curl_setopt( $curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYPEER, false );

$response = curl_exec( $curl_request );

curl_close( $curl_request );

$results = explode(',',$response);

return $results;

}

 

Could anyone give some point on what to do next?

@Villawinery 

 

You're using the wrong string in your fingerprint. More pressing than the fingerprint is the validation of the response. You will need to implement a sha512 response validation or you will have to disable response validation completely once the md5 is gone. 

That is my question.  How can I implement SHA512 in my routine?  I am using a sand box to test it but the sand box does not gives you a way to generate a key, the only thing you get is the id and the transaction id. I have gone through the SDK, which is very cumbersome to follow, and I have not been able to pinpoint where SHA512 is used to connect through CURD.  My function works well in production and also with the sandbox.  All I need if a way to authorize credit cards and capture the transaction.  I wish Authorize.net would give you points without refereing you to a cumbersome SDK.

You can generate a signature key in the sandbox. Just go to your API credentials page and select “generate a new signature key”. That’s the first thing you need. The signature key is not something that is unique to each transaction. It is a credential that is tied to you and only changes when you cancel it and get a new one. It is similar to a transaction key in that way.

https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/m...

Message 58 in that post has 100% tested and working code for SIM/DPM. Go generate a signature key. Copy and paste in that code. There is a fingerprint piece and a separate response verification piece. The code has comments for where each piece is.