Posts: 11
Registered: ‎09-25-2017

MD5 Hash Removal/Disablement

[ Edited ]

Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key.

The end of life for MD5 Hash will be done in two phases:

  • Phase 1 - Remove ability to configured/update MD5 Hash setting in the Merchant Interface. This feature will be removed in the coming weeks by end of January 2019/early February 2019. This change has no impact to the API response, that will be done in Phase 2.

  • Phase 2 - Stop sending the MD5 Hash data element in the API response. The date for this change will be announced at a later time but is expected in the next 2-3 months.


For more details, see MD5 Hash End of Life & Signature Key Replacement article. Developer Center documentation is in progress of being updated.