Reply
Member
Posts: 4
Registered: ‎02-11-2019

Re: Working php hash verification

Hi *,

 

I try anything I could imagine, but no success yet. Just can not get the right SHA512 hash... After the calculations I always get a string with length 32 chars, but the x_SHA2_Hash is 128 chars long... What I am missing? Is there any working soluton for PHP?

Trusted Contributor
Posts: 209
Registered: ‎11-05-2018

Re: Working php hash verification

What you need to find out is what integration method you are using. That will help determine which string you use. If your hash function is only outputting 32 characters you are probably using the wrong function. But first determine your integration method. I have code that is tested an works for AIM/API verification, and also code for DPM/SIM verification. Others have posted the DPM/SIM fingerprint solution, which involves 30 fields encapsulated in carets.

Member
Posts: 4
Registered: ‎02-11-2019

Re: Working php hash verification

Thanks a lot about the answer!

 

I try both methods, mentioned by you, and both use the "hash_hmac('sha256', ..., ...)" PHP function, that returns 64 chars (my fault above, seems was too sleepy...), while the provided "x_SHA2_Hash" POST argument is 128 chars long. And they never will be equal strings. That's my problem now...

 

Trusted Contributor
Posts: 209
Registered: ‎11-05-2018

Re: Working php hash verification

You’re welcome my friend,

I think you read my post too fast. It’s not sha256 it’s sha512. You use AIM or SIM or DPM? Plugging sha512 will fix your problem with the string being too short.
Member
Posts: 8
Registered: ‎01-22-2019

Re: Working php hash verification

https://developer.authorize.net/api/reference/index.html#payment-transactions-charge-a-customer-prof...

 

This api live console return empty,is there anyone has the same problem?

 

{
    "transactionResponse": {
        "responseCode": "1",
        "authCode": "WSD94V",
        "avsResultCode": "Y",
        "cvvResultCode": "P",
        "cavvResultCode": "2",
        "transId": "40025175521",
        "refTransID": "",
        "transHash": "82E60A2E49E34891C4DA3408D0A6832E",
        "testRequest": "0",
        "accountNumber": "XXXX1111",
        "accountType": "Visa",
        "messages": [
            {
                "code": "1",
                "description": "This transaction has been approved."
            }
        ],
        "transHashSha2": "",
        "profile": {
            "customerProfileId": "1506424532",
            "customerPaymentProfileId": "1505770522"
        },
        "SupplementalDataQualificationIndicator": 0
    },
    "refId": "123456",
    "messages": {
        "resultCode": "Ok",
        "message": [
            {
                "code": "I00001",
                "text": "Successful."
            }
        ]
    }
}

 

New Member
Posts: 2
Registered: ‎02-13-2019

Re: Working php hash verification

[ Edited ]

@Renaissance Thank you for helping out here. 

I have tried implementing your example using the latest PHP SDK from Github, and my hashes are not matching up. Here's my example code. Am I missing something?

 

<?php
// Include the Authorize.net PHP SDK from https://github.com/AuthorizeNet/sdk-php
require_once '../../vendor/autoload.php';
use net\authorize\api\contract\v1 as AnetAPI;
use net\authorize\api\controller as AnetController;

$amount = '10';
$my_api_key = 'your api key here';
$my_transaction_key = 'your transaction key here';
$my_signature_key = 'your signature key here';

/* Create a merchantAuthenticationType object with authentication details
	 retrieved from the constants file */
$merchantAuthentication = new AnetAPI\MerchantAuthenticationType();
$merchantAuthentication->setName( $my_api_key );
$merchantAuthentication->setTransactionKey( $my_transaction_key );

// Set the transaction's refId
$refId = 'ref' . time();

// Create the payment data for a credit card
$creditCard = new AnetAPI\CreditCardType();
$creditCard->setCardNumber( '4242424242424242' );
$creditCard->setExpirationDate( '12/34' );
$creditCard->setCardCode( '123' );

// Add the payment data to a paymentType object
$newPayment = new AnetAPI\PaymentType();
$newPayment->setCreditCard($creditCard);

// Create order information
$order = new AnetAPI\OrderType();
$order->setDescription( 'My description' );

// Set the customer's Bill To address
$customerAddress = new AnetAPI\CustomerAddressType();
$customerAddress->setFirstName( 'MyFirstName' );
$customerAddress->setLastName( 'MyLastName' );
$customerAddress->setAddress( '123 Fake Street' );
$customerAddress->setCity( 'New York' );
$customerAddress->setState( 'New York' );
$customerAddress->setZip( '10001' );
$customerAddress->setCountry( 'United States' );

// This is Authorize.net's version of an Idempotency Key. It prevents the same purchase data within X seconds
$duplicateWindowSetting = new AnetAPI\SettingType();
$duplicateWindowSetting->setSettingName("duplicateWindow");
$duplicateWindowSetting->setSettingValue("10");

// Set the customer's identifying information
$customerData = new AnetAPI\CustomerDataType();
$customerData->setType( "individual" );
$customerData->setId( '1' );
$customerData->setEmail( 'user@example.com' );

// Create a TransactionRequestType object and add the previous objects to it
$transactionRequestType = new AnetAPI\TransactionRequestType();
$transactionRequestType->setTransactionType("authCaptureTransaction");
$transactionRequestType->setAmount( $amount );
$transactionRequestType->setOrder( $order );
$transactionRequestType->setPayment( $newPayment );
$transactionRequestType->setBillTo( $customerAddress );
$transactionRequestType->setCustomer( $customerData );
$transactionRequestType->addToTransactionSettings( $duplicateWindowSetting );

// Assemble the complete transaction request
$request = new AnetAPI\CreateTransactionRequest();
$request->setMerchantAuthentication( $merchantAuthentication );
$request->setRefId( $refId );
$request->setTransactionRequest( $transactionRequestType );

// Create the controller and get the response
$controller = new AnetController\CreateTransactionController( $request );
$response = $controller->executeWithApiResponse( \net\authorize\api\constants\ANetEnvironment::SANDBOX );

// Check to see if the API request was successfully received and acted upon
if ( $response->getMessages()->getResultCode() == "Ok" ) {
	// Since the API request was successful, look for a transaction response
	// and parse it to display the results of authorizing the card
	$tresponse = $response->getTransactionResponse();

	// If the transaction was successful
	if ( $tresponse != null && $tresponse->getMessages() != null ) {

		// Ge the hash returned from Authorize.net
		$authorize_hash = $tresponse->getTransHashSha2();

		// Generate the hash that attempts to match it
		$string = '^' . $my_api_key . '^' . $tresponse->getTransId() . '^' . $amount . '^';
		$key = hex2bin( $my_signature_key );
		$my_hash = strtoupper( HASH_HMAC( 'sha512', $string, $key ) );

		if( hash_equals ( $authorize_hash, $my_hash ) ) {
			echo '<p>Hashes Match</p>';
		} else {
			echo '<p>Hashes DO NOT Match</p>';
		}

		echo '<p>Authorize.net Hash: ' . $authorize_hash . '</p>';
		echo '<p>My Hash: ' . $my_hash . '</p>';

	}
}
Trusted Contributor
Posts: 209
Registered: ‎11-05-2018

Re: Working php hash verification

Your $amount needs to be a decimal value. Try putting it in as either 10.00 or "10.00"; Sometimes the string vs number makes a difference, sometimes not. You will never get a match without 2 decimal places. 

New Member
Posts: 2
Registered: ‎02-13-2019

Re: Working php hash verification

[ Edited ]

That was it! I added 2 decimal places and the hashes match now. You're awesome thank you. 

Member
Posts: 4
Registered: ‎02-11-2019

Re: Working php hash verification

Thanks! My fault...