cancel
Showing results for 
Search instead for 
Did you mean: 

possible ways to make silent post url script secure

Hello,

 

anyone know possible ways to make our script to handle authorize silent post url response secure ? if someone knows/ crack  our slient post url and try to run manullay from browser or hack script then it may create problem with our system.

 

can we use HTTP_REFERER or something else to make this happen ?

 

Thanks!

tatvaauthorize
Contributor
2 REPLIES 2

Hello @tatvaauthorize

 

A silent post will always originate from the same IP addresses as documented here: https://community.developer.authorize.net/t5/Integration-and-Testing/Authorize-Net-Relay-Response-Si...

 

Richard

RichardH
Administrator Administrator
Administrator

Another method of ensuring that a transaction Silent Post or Relay Response is legitimate and from Authorize.Net is to set an MD5 Hash setting in the Merchant Interface and verify the resulting hash returned in the response. This feature is documented in the AIM and SIM documentation.

 

We like to verify both the hash and the IP.

 

Fritz

coppercup
Regular Contributor