Reply
Highlighted
Contributor
Posts: 24
Registered: ‎11-18-2013

possible ways to make silent post url script secure

Hello,

 

anyone know possible ways to make our script to handle authorize silent post url response secure ? if someone knows/ crack  our slient post url and try to run manullay from browser or hack script then it may create problem with our system.

 

can we use HTTP_REFERER or something else to make this happen ?

 

Thanks!

Highlighted
Posts: 2,765
Topics: 57
Kudos: 247
Blog Posts: 67
Registered: ‎12-05-2011

Re: possible ways to make silent post url script secure

Hello @tatvaauthorize

 

A silent post will always originate from the same IP addresses as documented here: https://community.developer.authorize.net/t5/Integration-and-Testing/Authorize-Net-Relay-Response-Si...

 

Richard

Highlighted
Contributor
Posts: 51
Registered: ‎10-28-2015

Re: possible ways to make silent post url script secure

Another method of ensuring that a transaction Silent Post or Relay Response is legitimate and from Authorize.Net is to set an MD5 Hash setting in the Merchant Interface and verify the resulting hash returned in the response. This feature is documented in the AIM and SIM documentation.

 

We like to verify both the hash and the IP.

 

Fritz