Reply
Highlighted
Moderator
Posts: 12
Registered: ‎09-25-2017

MD5 Hash Removal/Disablement (Updated)

[ Edited ]

Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key.


The end of life for MD5 Hash will be done in two phases:

  • Phase 1 - As of February 11, 2019 we have removed ability to configure or update MD5 Hash setting in the Merchant Interface. Merchants who had this setting configured have already been emailed/contacted.

  • Phase 2 - Stop sending the MD5 Hash data element in the API response. To continue verifying via hash, this will require applications to support the SHA-512 hash via signature key.

    • Sandbox will be updated on March 7, 2019 to stop populating the MD5 Hash value, but the field will still be present but empty.

    • Production will be updated on March 14, 2019 to stop populating the MD5 Hash value, but the field will still be present but empty.

For more details, see MD5 Hash End of Life & Signature Key Replacement article. Sample codes have been added to Github and SKDs will be updated by end of February.