cancel
Showing results for 
Search instead for 
Did you mean: 

Received Hash and generated hash not matching

Hello,

I am using Authorized.net with c#. I have getting some problem at the time of transaction. Transaction received hash and generated received hash not matching. Can any one help me regarding this  where I am wrong? Thanks in advance.
My code is given below:

 

Received hash:

 

string key =Convert.ToString("abc123456");

string value = Convert.ToString(loginID + "^" + seq + "^" + timeStamp + "^" + amount + "^");

string fingerprint = HMACSHA512(key, value);

 

public string HMACSHA512(string key, string textToHash)
{
if (string.IsNullOrEmpty(key))
throw new ArgumentNullException("HMACSHA512: key", "Parameter cannot be empty.");
if (string.IsNullOrEmpty(textToHash))
throw new ArgumentNullException("HMACSHA512: textToHash", "Parameter cannot be empty.");
if (key.Length % 2 != 0 || key.Trim().Length < 2)
{
throw new ArgumentNullException("HMACSHA512: key", "Parameter cannot be odd or less than 2 characters.");
}
try
{
byte[] k = Enumerable.Range(0, key.Length)
.Where(x => x % 2 == 0)
.Select(x => Convert.ToByte(key.Substring(x, 2), 16))
.ToArray();
HMACSHA512 hmac = new HMACSHA512(k);
byte[] HashedValue = hmac.ComputeHash((new System.Text.ASCIIEncoding()).GetBytes(textToHash));
return BitConverter.ToString(HashedValue).Replace("-", string.Empty);
}
catch (Exception ex)
{
throw new Exception("HMACSHA512: " + ex.Message);
}
}

 

Received hash is given below: "9037CD31FADCCAD8EDFBAF97E27D58EA354FF3FB29060E09BC7C2BF7BD29F2F7D1E5F3CA96EEC2BB27B8BBA7677970851A0E65867E04BE812EC437A631E6122F"

 

Now the generated hash value process is given below:

 

string key = Convert.ToString("abc123456");

string str_generated_hash = HMACSHA512(key, "^" + x_login + "^" + x_trans_id + "^" + x_amount + "^");

 

I am using same function HMACSHA512 as given above. The generated hash value is "BF904ED074B81754725D1E7E547EBFC5B89EE6A6DEE1A08B79C536E1652D617D8644C7948B269A8C542D5D6783EF748A9000D51DE4BD94CFDF30CA85C4EE8B4B" which is different from received hash value.

 

 

 

akhalder123
Member
5 REPLIES 5

I'm having the same issue. Using the given function to generate the hash, the received hash and the generated hash are not the same. The issue I'm having is that I don't know the format of the amount that is supposed to be in the message string that is being hashed. The Transaction Hash Upgrade Guide gives this example:

 

For example, if your API Login ID is "ANet123", the value of transId is "20987654321", and the value of amount is "9.99", the message string would look like this:

^ANet123^20987654321^9.99^

 

So it seems like the format of the amount should be XXXX.XX, but it could also be X,XXX.XX. I have tried both formats and neither work for me. The documentation also says:

 

The transaction amount that we send in createTransactionResponse in the amount element.

 

The other problem here is that I'm not getting an amount back in the createTransactionResponse, so that doesn't help.

 

I've submitted a support ticket with Authorize.net, but never heard back (submitted it Friday 4/26 and haven't heard back on Thurs. 5/2).

 

Any help would be appreciated.

 

John

Rcm1Developer
Member
@Rcm1Developer

The number should not have a ,. It should be formatted as a float to 2 places. You use the amount you submitted in the transaction request.
Also, if you’re using legacy methods you’re using the wrong string.

@Renaissance 

 

Thanks for the reply.  Glad to know the actual format, though I tried the format you mention (actually tried 12 different formats) but it still didn't work.

 

I'm not actually sure what you mean by legacy methods. I'm posting XML to the Sandbox with https://apitest.authorize.net/xml/v1/request.api and using createTransactionRequest in the format from the API documentation.

@Rcm1Developer

Legacy methods are SIM/DPM/AIM. SIM/DPM have a different string and about 9 out of 10 trying to work out sha512 on this forum are using those methods. Reason is they cannot submit transactions or process responses without a hash. For API folks like you and I it is more optional. Their apps will break when MD5 is axed if they don’t figure this out.

You are using the right fields for the string if you’re using the modern API. If you want me to help you, post a sample transaction with the following:

API call you are using: I.e. chargeCreditCard, capturePreviouslyAuthorizedAmount, etc.
Amount, login, and transid.
The string you are constructing (i.e. the string you put in your hash function)
SignatureKey
Authnet delivered hash
The hash your app outputs

Obviously you want to use sandbox credentials if you’re posting them here. You can also IM me. Next time I’m killing time I will run your string and see what I get. Can probably zero in on your problem in just a few mins.