cancel
Showing results for 
Search instead for 
Did you mean: 

MD5 Hash Removal/Disablement DPM, Python

We are using Python with DPM post option. Followed the hash upgrade link instructions from here:

https://developer.authorize.net/support/hash_upgrade/

 

 

DPM post fails with "This transaction cannot be accepted." Not getting additional clues and the failed transaction is not visible in Sandbox.

 

I am stuck and don't know how to proceed. Need a clear example for the following:

 

1. How to generate the SHA512 hash in Python

2. How to verify the returned hash in Python

 

Here is what I tried for #1 above that results in failure:

 

 fingerprint = hmac.new(binascii.unhexlify(security_tokens["SIGNATURE_KEY"]),
"^"+security_tokens["LOGIN_ID"]+"^"+self.seq+"^"+ts+"^"+self.amount+"^", digestmod=hashlib.sha512).hexdigest()

 

When I do a DPM post with this generated hash in x_fp_hash, I get  "This transaction cannot be accepted."

 

Still don't know the exact python code to verify the returned SHA512 hash (#2).

 

Example code snippets in Python is much appreciated.

 

 

Also when I copied the signature key to clipboard, I noticed an extra carriage return in the beginning. However, I used the characters after the carriage return. Not sure if that has any impact?

 

Thanks

 

nkannan123
Contributor
19 REPLIES 19

Here is the string I am seeing to generate a hash and it does not compare to the in response:

 

^60117415595^false^^91KEK0^P^2^Y^CC^XXXX1111^2.00^^Jane^Doe^1540 W Blue Heron Blvd^Riviera Beach^FL^33404^^^^^^^^^^^^^4156^

 

Total 31 carets and here are the fields used to compute the hash:

str_to_hash=("^" + request.POST.get('x_trans_id', '') +
"^" + request.POST.get('x_test_request', '') +
"^" + request.POST.get('x_response_code ', '') +
"^" + request.POST.get('x_auth_code', '') +
"^" + request.POST.get('x_cvv2_resp_code', '') +
"^" + request.POST.get('x_cavv_response', '') +
"^" + request.POST.get('x_avs_code', '') +
"^" + request.POST.get('x_method', '') +
"^" + request.POST.get('x_account_number', '') +
"^" + request.POST.get('x_amount', '') +
"^" + request.POST.get('x_company', '') +
"^" + request.POST.get('x_first_name', '') +
"^" + request.POST.get('x_last_name', '') +
"^" + request.POST.get('x_address', '') +
"^" + request.POST.get('x_city', '') +
"^" + request.POST.get('x_state', '') +
"^" + request.POST.get('x_zip', '') +
"^" + request.POST.get('x_country', '') +
"^" + request.POST.get('x_phone', '') +
"^" + request.POST.get('x_fax', '') +
"^" + request.POST.get('x_email', '') +
"^" + request.POST.get('x_ship_to_company', '') +
"^" + request.POST.get('x_ship_to_first_name', '') +
"^" + request.POST.get('x_ship_to_last_name', '') +
"^" + request.POST.get('x_ship_to_address', '') +
"^" + request.POST.get('x_ship_to_city', '') +
"^" + request.POST.get('x_ship_to_state', '') +
"^" + request.POST.get('x_ship_to_zip', '') +
"^" + request.POST.get('x_ship_to_country', '') +
"^" + request.POST.get('x_invoice_num', '') +
"^")

 

Let me know what am I missing?

 

 

Here is python code that generates the hash using the string with 31 carets:

 

generated_hash = hmac.new(security_tokens["SIGNATURE_KEY"].decode("hex"),
str_to_hash, hashlib.sha512).hexdigest().upper()

 

The generated hash does not match the x_SHA2_Hash response.

Respnse has this:

088B6BA3BD05C000731F6B2564B580FFA3611E56AC6CE632333F4EC5B2E4B64D74225D38BEA29C305F7C30DE7D25EF5F15E05917CF318B9362C116BA7F66F784

 

My generated hash is:

7A4BFF15533642A882CAC23B9FE5B04F62354BA4A4D1E13098BA7FD845BA6017785768CD7F0912ED23003E6323614D5AEBC05B47E892CD7518FD989213BE7C9E

 

Legnths are identical but sizes are different?

content is different not size like I wrote earlier.

Still stuck and don't know what else to do?

The returned hash will always be the same size. You could hash an encyclopedia and it will still be the same size. If I could read python I would be able to nail your issue in 2 seconds. I will be on later or early tomorrow. I think you may have your items in the wrong order. Not sure.

@nkannan123 

 

Can you post a sample DPM html form submission? I just need one that works 100%. You can mark out your credentials and I will use mine. If you can get me that then I will be able to post the php code, and if you want, send me the exact same request you use in a test.  Python is not my strength, but I can post you a string with values and what you should get.   The hash will be the same regardless of the programming language.

Here is a thread where I give the details of what I need. Do you get responses in silent post with DPM? 

 

https://community.developer.authorize.net/t5/Integration-and-Testing/PHP-MD5-Depreciated-Stuff-Confu...

Yes. The transaction gets processed successfully. In the html I sent, you will find the needed details when you search for x_fp_sequence. I admit it is not nicely formatted. I really am confused and disappointed how authorize.net support their paying customers. 

@nkannan123 

 

I am aware it gets posted successfully. What I wanted was a dummy form that I could copy and paste. I do not use DPM.  I went ahead and made a form from the SIM version I had before. Just a few tweaks. Will post the working code when I have time. I also replied to your message.