Search

OUR API

API Developer Guides API Reference Sample Code [on GitHub]
SDKs [on GitHub] API Change Log System Change Log
Upgrade Guide

Hello World

Get Started Common Setup Questions How Payments Work
Testing Guide Go-Live Checklist

Support

Get Support News and Announcements Forums
Authorize.net on GitHub Authorize.net on Stack Overflow Developer Blog
Response (Error) Codes FAQs Knowledge Base

Sign In

Sandbox Affiliate

Search Developer Site

Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
All Star
Renaissance
Posts: 733
Registered: ‎11-05-2018

Re: Working php hash verification

‎02-21-2019 10:48 AM

You’ll want to use the code I posted on page 2 of this thread. The first code I posted has nothing to do with DPM, although I didn’t realize this until this thread was well underway. The page 2 code is for the signature/fingerprint to submit transactions. You’ll need a signature key from your interface. I never posted actual correct code for the verification of the response, but others have. As far as magento, I know little. Per authorize.net DPM is being phased out, so at some point any app based on any framework or based on no framework at all using DPM will no longer work. I have no idea of the time frame but that’s what it says on the website here.
Message 51 of 68 (50,087 Views)
Reply
0 Kudos
Member
wenabar16
Posts: 7
Registered: ‎06-15-2016

Re: Working php hash verification

‎02-22-2019 05:36 AM

Thank you @Renaissance ...just to confirm that you were responding to @wenabar16 . This is only my second time posting here in the forums, so I just want to be sure that I'm passing the correct info on to my development. They also want confirmation that this recommendation works for Magento 2x Open Source. Kind regards, 

Message 52 of 68 (49,937 Views)
Reply
Solution
Accepted by topic author Renaissance
‎02-22-2019 09:21 AM
All Star
Renaissance
Posts: 733
Registered: ‎11-05-2018

Re: Working php hash verification

‎02-22-2019 09:08 AM

Yes I was responding to @wenabar16.

It will work for any version of magento that exists, as long as you can edit the code appropriately. And again it is the second code example I posted. I do not use DPM/SIM so I never tested it. Others have tested pretty much identical code and theirs works. Follow the instructions on the code I posted. It looks like you use a different string depending on whether you pass the currency type. I am also not 100% sure if you convert to uppercase. That is also in the instructions on the code. Everything that starts with // is a comment or instructions.

I looked at that extension you posted. That is for accept.js. That’s a new method that has nothing to do with DPM. I am not sure if your timeframe for DPM is measured years or more or less. You will get a notification in advance for sure. If I were in your shoes I would get ahead of the curve and get your integration method upgraded ahead of time. The new stuff has a lot of capabilities. Accept.js is thr replacement for DPM. Give me a sec and I will try to find you the sample code that others posted that has been tested, before my food comes out.
Message 53 of 68 (107,778 Views)
Reply
All Star
Renaissance
Posts: 733
Registered: ‎11-05-2018

Re: Working php hash verification

‎02-22-2019 09:21 AM

https://community.developer.authorize.net/t5/Integration-and-Testing/Upgrading-MD5-to-new-hash-SIM/t...

Look for the post by @cwdsl. They are using the currency in their example. Between my code and this code you should be able to get it working in a short time. I would use hex2bin since you’re on php 7. Base convert worked for them and others have also posted that a pack function worked for them. All of
The values on that example code this person posted tie back to the 2nd code example I gave. So the process that would work easiest would be to try my exact code. If you pass currency in your API call use the version of the string that has currency. Test that. If that doesn’t get a match try it without converting to upper case.
Message 54 of 68 (49,878 Views)
Reply
Member
wenabar16
Posts: 7
Registered: ‎06-15-2016

Re: Working php hash verification

‎02-22-2019 10:05 AM

Thank you, @Renaissance ! I've shared the details and the recommendations for the different scenarios with my team. I appreciate the follow up. @wenabar16 

Message 55 of 68 (49,850 Views)
Reply
0 Kudos
Member
daohoangson2017
Posts: 5
Registered: ‎10-31-2017

Re: Working php hash verification

‎03-04-2019 01:17 AM

These lines are incorrect:

 

 

$string = "^$login^$sequence^$timeStamp^$amount^";
//the above seems to be what you use if you don't submit
//x_currency_code in your request

$string2 = "^$login^$sequence^$timeStamp^$amount^$currency";
//looks like you use this if you specify currency

 

 

You must remove the first caret to generate a valid fingerprint. My working code looks something like this (strtoupper is not required):

 

 

$fpString = "{$id}^{$sequence}^{$timestamp}^{$amount}^{$currency}";
$fp = hash_hmac('sha512', $fpString, hex2bin($signatureKey));

 

Hope this helps someone...

 

Message 56 of 68 (44,998 Views)
Reply
0 Kudos
All Star
Renaissance
Posts: 733
Registered: ‎11-05-2018

Re: Working php hash verification

‎03-04-2019 05:34 AM

Yep,

I didn’t have anything to test those on. Just pulled it from the guide. I have working code I will be posting soon to help some folks out. I can’t remember offhand whether I had to convert to uppercase. Seems like I did. Nice catch however....
Message 57 of 68 (44,893 Views)
Reply
0 Kudos
Solution
Accepted by topic author Renaissance
‎03-04-2019 09:40 AM
All Star
Renaissance
Posts: 733
Registered: ‎11-05-2018

Re: Working php hash verification

[ Edited ]

‎03-04-2019 09:39 AM - edited ‎03-04-2019 09:42 AM

My original post (first post in this thread)  has the code for latest php SDK. Tested on API calls, should work with AIM but hasn't been tested. 

 

Here is the tested code for SIM/DPM.  Few notes: First SIM code I posted had not been tested and I in error put an extra ^ at the beginning of the string. The code below is correct and works. For the verification component, this is probably not the best way to do it but it has been tested and works. I do not use these integration methods but finally decided to write a script to test.   

 

 

//response verification code for DPM/SIM
//This code goes on your silent post URL


$anetResponse = file_get_contents('php://input');

$response = array(
    
'x_trans_id'=>'', 'x_test_request'=>'', 'x_response_code'=>'', 
'x_auth_code'=>'','x_cvv2_resp_code'=>'', 'x_cavv_response'=>'',
'x_avs_code'=>'', 'x_method'=>'', 'x_account_number'=>'', 'x_amount'=>'',
'x_company'=>'','x_first_name'=>'','x_last_name'=>'','x_address'=>'', 
'x_city'=>'','x_state'=>'', 'x_zip'=>'','x_country'=>'',   'x_phone'=>'',  
'x_fax'=>'','x_email'=>'',  'x_ship_to_company'=>'', 'x_ship_to_first_name'=>'', 
'x_ship_to_last_name'=>'',  'x_ship_to_address'=>'',  'x_ship_to_city'=>'',  
'x_ship_to_state'=>'',  'x_ship_to_zip'=>'','x_ship_to_country'=>'',  
'x_invoice_num'=>'');

$string = '^';

$responseCheck = explode('&',$anetResponse);


foreach($responseCheck as $key=> $value){
    
    
    $newKey = strstr($value,'=',true);
    $newVal = strstr($value,'=');
    $newVal = str_replace('=','',$newVal);   
    $newVal = urldecode($newVal);
    
   if(array_key_exists($newKey,$response)){
      
       
       $response[$newKey]= $newVal;
       
     
       
   }
    
if($newKey=="x_SHA2_Hash"){
    
    
    $hash = $newVal;
    
    
}    
    
    
}

foreach($response as $key => $value){
    
    
    $string .= $value .='^';
    
    
    
}

$signatureKey = "Copy and Paste Your Signature Key Here.";

$signatureKey = hex2bin($signatureKey);

$validation = strtoupper(HASH_HMAC('sha512',$string,$signatureKey));



if(hash_equals($hash,$validation)){
    
//Insert code to be executed if response 
//is validated here.
    
    
}
//end of response verification

//sha512 transaction fingerprint for DPM, SIM

date_default_timezone_set('UTC');
//^may not be necessary depending on your configuration

$login = "Copy and Paste your Login Here";
$signatureKey = "Paste Signature Key Here";
$signatureKey = hex2bin($signatureKey);

$amount = "43.23";
//or
$amount = $amount
//this assumes you have previously assigned the transaction 
//amount to a variable called $amount in your script

$sequence = "123"; 
//you can use a variety of numbers
//example in your docs uses 3 digit numbers

$timeStamp = strtotime("now");

$currency = "USD";
//looks like that you only use this 
//if you specify currency type in your form request
//you can use another value if you do things in a different currency

//use one of the two strings below. 

$string = "$login^$sequence^$timeStamp^$amount^";
//the above is what you use if you don't submit
//x_currency_code in your request

$string2 = "$login^$sequence^$timeStamp^$amount^$currency";
//you use this if you specify currency

$digest = strtoupper(HASH_HMAC('sha512',$string,$signatureKey));

//or 

$digest = strtoupper(HASH_HMAC('sha512',$string2,$signatureKey));

//this value is submitted in your request under "x_fp_hash" 
//Look in the SIM/DPM developer guide on for what "x_" to to use for $sequence, etc.
//page 29.

 

Message 58 of 68 (94,664 Views)
Reply
Contributor
Vikas_chauhan
Posts: 15
Registered: ‎01-10-2018

Re: Working php hash verification

‎07-11-2019 01:09 AM

Please help me out -

 

I am getting different hash after payment is done usin Authorizenet DPM. It was working before but from last1-2 days it is not working. I am using following function to generate Fingerprint for x_hp_hash -

$signature_key = hex2bin($signature_key);

if (function_exists('hash_hmac')) {

return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .

 $fp_timestamp . "^" . $amount . "^", $signature_key); 

}

return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));

and hash compare after payment -

$hashFields =  [                $_POST['x_trans_id'],                $_POST['x_test_request'],                $_POST['x_response_code'],                $_POST['x_auth_code'],                $_POST['x_cvv2_resp_code'],                $_POST['x_cavv_response'],                $_POST['x_avs_code'],                $_POST['x_method'],                $_POST['x_account_number'],                $_POST['x_amount'],                $_POST['x_company'],                $_POST['x_first_name'],                $_POST['x_last_name'],                $_POST['x_address'],                $_POST['x_city'],                $_POST['x_state'],                $_POST['x_zip'],                $_POST['x_country'],                $_POST['x_phone'],                $_POST['x_fax'],                $_POST['x_email'],                $_POST['x_ship_to_company'],                $_POST['x_ship_to_first_name'],                $_POST['x_ship_to_last_name'],                $_POST['x_ship_to_address'],                $_POST['x_ship_to_city'],                $_POST['x_ship_to_state'],                $_POST['x_ship_to_zip'],                $_POST['x_ship_to_country'],                $_POST['x_invoice_num'],
            ];  $hashString = '^'.implode('^', $hashFields).'^';  $generatedhash = strtoupper(HASH_HMAC('sha512', $hashString, hex2bin($signature_key)));

  if (function_exists('hash_equals')) {      $equals = hash_equals($_POST['x_SHA2_Hash'], $generatedhash);
  } else {      $equals = $_POST['x_SHA2_Hash'] === $generatedhash;
  }
  if($equals) {
      //valid
  } else{
      //not valid
  }

Always giving not valid. IT was working before. I did update this code in Starting of Jan-2019 and it worked since then. Please help me out as the issue on production and I cant bear pain of the payment issue.

 

Message 59 of 68 (5,029 Views)
Reply
0 Kudos
All Star
Renaissance
Posts: 733
Registered: ‎11-05-2018

Re: Working php hash verification

‎07-11-2019 05:08 AM

@Vikas_chauhan

That script looks ok at first glance. You could try moving your hex2bin function out of the hash function and assigning it to a variable. I think one user did that and it helped. Otherwise you may have an issue that is too in depth to solve in a short time on a forum like this. You are free to IM me if you have additional help needed.
Message 60 of 68 (5,011 Views)
Reply
0 Kudos