cancel
Showing results for 
Search instead for 
Did you mean: 

MD5 Hash Removal/Disablement DPM, Python

We are using Python with DPM post option. Followed the hash upgrade link instructions from here:

https://developer.authorize.net/support/hash_upgrade/

 

 

DPM post fails with "This transaction cannot be accepted." Not getting additional clues and the failed transaction is not visible in Sandbox.

 

I am stuck and don't know how to proceed. Need a clear example for the following:

 

1. How to generate the SHA512 hash in Python

2. How to verify the returned hash in Python

 

Here is what I tried for #1 above that results in failure:

 

 fingerprint = hmac.new(binascii.unhexlify(security_tokens["SIGNATURE_KEY"]),
"^"+security_tokens["LOGIN_ID"]+"^"+self.seq+"^"+ts+"^"+self.amount+"^", digestmod=hashlib.sha512).hexdigest()

 

When I do a DPM post with this generated hash in x_fp_hash, I get  "This transaction cannot be accepted."

 

Still don't know the exact python code to verify the returned SHA512 hash (#2).

 

Example code snippets in Python is much appreciated.

 

 

Also when I copied the signature key to clipboard, I noticed an extra carriage return in the beginning. However, I used the characters after the carriage return. Not sure if that has any impact?

 

Thanks

 

nkannan123
Contributor
1 ACCEPTED SOLUTION

Accepted Solutions
@nkannan123

Your string begins with “^”. For DPM the first value in the string doesn’t start with a ^. Take out that caret and you have the correct version of the string, unless you submit the currency in your request, in which case you would append the currency to the end of the string, without a terminating caret.

View solution in original post

19 REPLIES 19
I am not versed in python, but are you passing the individual components of your hash in the request? I looked at the DPM/SIM guide a few days ago, and it looks like your sequence, etc. must be passed in the transaction individually as well as combined. The other thing that might be snagging you is your timestamp may not be UTC. It is the number of seconds since January (1st? Can’t remember) 1970 in UTC. A third possibility is that you pass the currency type in your request but are not including it in your hash.

I wish I knew python but that’s on my to do list and not knowledge I currently have.
Renaissance
All Star

Any update. I am not able to proceed. 

@nkannan123

Your string begins with “^”. For DPM the first value in the string doesn’t start with a ^. Take out that caret and you have the correct version of the string, unless you submit the currency in your request, in which case you would append the currency to the end of the string, without a terminating caret.

Thank you very much for this useful input. Got confused by this post: 

https://developer.authorize.net/support/hash_upgrade/

 

 

Now transaction succeeds. But the auth response hash 'x_SHA2_Hash' does not match the generated hash as suggested in the above article. I generate the hash at my end as follows from the DPM response:

 

generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
"^"+security_tokens["LOGIN_ID"]+"^"+request.POST.get('x_trans_id')+"^"+request.POST.get('x_amount')+"^", hashlib.sha512).hexdigest().upper()

 

I tried with the intial ^ and without that also. But my generated hash does not match the hash in response 'x_SHA2_Hash'. What am I missing?

 

I also saw this post suggesting using all fields in response:

https://stackoverflow.com/questions/54256127/updating-md5-to-sha512-authorizenet

 

Very confused!!!

 

Thanks

I saw conversation regarding amount with decimals, having to use all the fields in the response for the hash and still don't have a definitive answer on how to compare the hash in response. The amount fields in my cas has decimals already. Stuck.

Next I tried the following (all 30 fields) as suggested in the forum. Still NO SUCCESS!! Very frustrating!!!!

 

str_to_hash=("^" + request.POST.get('x_trans_id', '') +
"^" + request.POST.get('x_test_request', '') +
"^" + request.POST.get('x_response_code ', '') +
"^" + request.POST.get('x_auth_code', '') +
"^" + request.POST.get('x_cvv2_resp_code', '') +
"^" + request.POST.get('x_cavv_response', '') +
"^" + request.POST.get('x_avs_code', '') +
"^" + request.POST.get('x_method', '') +
"^" + request.POST.get('x_account_number', '') +
"^" + request.POST.get('x_amount', '') +
"^" + request.POST.get('x_company', '') +
"^" + request.POST.get('x_first_name', '') +
"^" + request.POST.get('x_last_name', '') +
"^" + request.POST.get('x_address', '') +
"^" + request.POST.get('x_city', '') +
"^" + request.POST.get('x_state', '') +
"^" + request.POST.get('x_zip', '') +
"^" + request.POST.get('x_country', '') +
"^" + request.POST.get('x_phone', '') +
"^" + request.POST.get('x_fax', '') +
"^" + request.POST.get('x_email', '') +
"^" + request.POST.get('x_ship_to_company', '') +
"^" + request.POST.get('x_ship_to_first_name', '') +
"^" + request.POST.get('x_ship_to_last_name', '') +
"^" + request.POST.get('x_ship_to_address', '') +
"^" + request.POST.get('x_ship_to_city', '') +
"^" + request.POST.get('x_ship_to_state', '') +
"^" + request.POST.get('x_ship_to_zip', '') +
"^" + request.POST.get('x_ship_to_country', '') +
"^" + request.POST.get('x_invoice_num', '') +
"^")
#generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
#"^"+security_tokens["LOGIN_ID"]+"^"+request.POST.get('x_trans_id')+"^"+request.POST.get('x_amount')+"^", hashlib.sha512).hexdigest().upper()
generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
str_to_hash, hashlib.sha512).hexdigest().upper()

This also did not work:

 

generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
security_tokens["LOGIN_ID"]+request.POST.get('x_trans_id')+request.POST.get('x_amount'), hashlib.sha512).hexdigest().upper()

 

Frustrating!!! Why is there a simple definitive post like this: If you are using DPM here is how you will generate sha512 hash to compare????

I am not versed in python, but why is the login in your most recent post? The login has nothing to do with the response verification. And again, I cannot read the syntax very well. It is a question.

Please post the authoritative sha512 verification code from the DPM response in php and I will take it from there. Thanks