Reply
Member
Posts: 2
Registered: ‎07-29-2016

Hash value optional or required?


With the recent changes to the MD5 Hash, I was testing in the Sandbox where the MD5 Hash parameter is supposed to be disabled. In testing I found that if we did ot supply either the "x_fp_hash" nor the "x_SHA2_Hash" parameters we were met with an error upon attempting to load the SIM checkout page.

 

The error given was

"The gateway no longer supports the requested method of integration. "

 

Below is the basic data format we are using is:

 

<form name="AuthorizeNetForm" method="post" action="https://test.authorize.net/gateway/transact.dll">
<input type="hidden" name="x_login" value="abc123"></input>
<input type="hidden" name="x_fp_sequence" value="01234567890"></input>
<input type="hidden" name="x_fp_timestamp" value="01234567890"></input>
<input type="hidden" name="x_currency_code" value="USD"></input>
<input type="hidden" name="x_test_request" value="TRUE"></input>
<input type="hidden" name="x_amount" value="4.00"></input>
<input type="hidden" name="x_show_form" value="PAYMENT_FORM"></input>
<input type="hidden" name="x_version" value="3.1"></input>
<input type="hidden" name="x_method" value="CC"></input>
<input type="hidden" name="x_type" value="AUTH_CAPTURE"></input>
<input type="hidden" name="x_relay_response" value="TRUE"></input>
<input type="hidden" name="x_relay_url" value="https://mysite.com/app?PageId=AuthorizeNetSimOrder&amp;UserId=3000&amp;OrderId=12345&amp;ResultId=10...>
<input type="hidden" name="x_description" value="test description"></input>
<input type="hidden" name="x_invoice_num" value="123456"></input>
<input type="hidden" name="x_solution_id" value="AAA12345"></input>
</form>

Since the x_fp_hash parameter is being removed, is this correct that the transaction fails when no hash is supplied? It appears that the hash value is for use with validation of the return transaction. Hypothetically, if that validation is not performed, is there still a requirement to pass in a hash value in the first place?

All Star
Posts: 663
Registered: ‎11-05-2018

Re: Hash value optional or required?

@Ericaf

The x_fp_hash parameter is not being removed. At current you can submit either the md5 hash or the sha512 hash, and if your hash is calculated correctly you will be able to submit transactions. The string you use for sha512 is different than that you use for md5. So you change your hashing method and also the string you use to calculate the hash. I think you are getting that message because you hash is incorrect.
All Star
Posts: 663
Registered: ‎11-05-2018

Re: Hash value optional or required?

I have a bad habit of reading posts far too fast. The x_SHA parameter is never submitted with the request for a form. You submit either the md5 hash or the sha512 hash under x_fp_hash. The x_SHA is the value you compare the response with for validation.