Here we go. First, a little housecleaning:
- For the past week or 2, this forum has been hopping with developers in panic mode, seemingly under the impression that they have been seized upon, out of pitch darkness and without notice, by a new and mysterious signature signing method that has a million quirks to be worked out and doesn’t work, and also isn’t documented anywhere. About 95% are posting about SIM/DPM. This is a sort of new thing for the 5% on API based integrations, but for the remainder, when I looked this up the process for how to do this has been in place and recommended since at least September of 2017 in the below document.
https://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf
It is advisable to review your documentation on a more regular basis than once
every few years in my books. And when your docs say “we use recommend and use abc security method. xyz method is also supported but we don’t recommend it”, that’s a good heads up that down the road xyz method is going to be axed. The way technology works is it is always changing. What is secure today won’t be as secure 1 year from now, and eventually it won’t be secure at all. When new methods are introduced it’s not for no purpose at all. It’s not fun and not life’s main attraction, but it kind of comes with the territory.
2. I now realize why so many people with those methods are posting. This is required to submit your transactions, and seems to function the same way the token functions for Accept Hosted. The token is far easier than this. People are posting that they cannot upgrade to the API based integrations now, but this may be a good reminder to do that when you can. You may otherwise continually find yourself having to do things the hard way or not being able to do things at all that those using the current integration methods do easily.
Now that that’s out of the way, let me see if I can help my good friends here.
@karenb the signature key is totally different than the transaction key, in case you’re not clear on that. You have 3 API credentials, the login id, transaction key, and signature key. Everything you’ve ever done likely requires the first 2, but to this point you may have never had to use the SK. So in the code below you will generate a signature key to use.
For recurring billing, I looked at the webpage on that and it says to use webhooks. Am I correct that all recurring billing transactions are manually submitted?
@Vikas_chauhan see the code below. Looks like the transaction key plays no role in your product either.
Here is the code for SIM/DPM. I haven’t tested it at all, but I believe it should work or get you almost completely there.
date_default_timezone_set('UTC');
//^may not be necessary depending on your configuration
$login = "copy and paste your login here";
$signatureKey = "copy and paste your signature key here";
$signatureKey = hex2bin($signatureKey);
$amount = $amount;
//this assumes you have previously assigned the transaction
//amount to a variable called $amount in your script
$sequence = "make up a number and paste it here.";
//save whatever number you use for validation on your end.
//example in your docs uses 3 digit numbers
$timeStamp = strtotime("now");
$currency = "USD";
//looks like that you only use this
//if you specify currency type in your form request
//you can use another value if you do things in a different currency
//use one of the two strings below.
$string = "^$login^$sequence^$timeStamp^$amount^";
//the above seems to be what you use if you don't submit
//x_currency_code in your request
$string2 = "^$login^$sequence^$timeStamp^$amount^$currency";
//looks like you use this if you specify currency
$digest = strtoupper(HASH_HMAC('sha512',$string,$signatureKey));
//Looks like this value is submitted in your request under "x_fp_hash"
//Look in the SIM/DPM developer guide on for what "x_" to to use for $sequence, etc.
//page 29. Test this without the strtoupper fuction as well
//All of the above are what is submitted in your request. You can
//use the first code I posted to validate the response in SIM/DPM
//you would retrieve the value lightwave posted x_sha2_hash instead
//of what I posted and you change your $string input to match this
//(the string and value from my orignal post are for php API based integrations)