Authorize.net MD5 to SHA-512

We have started this task because we recently got an email from Authorize.net specifying that they are phasing out the MD5 based transHash element in favor of the SHA-512 based transHashSHA2. We have followed below steps to setup API request from Magento to Authorize.net and compare the response as per the reference document provided by AN (Ref: https://developer.authorize.net/support/hash_upgrade)

STEP A: Generate a Signature Key
First of all, we need to generate a new signature key from AN account. This key, later used in our Magento backend AN settings area.

1) Log into Authorize.net merchant interface at https://account.authorize.net
2) Click ‘Account’ from the main toolbar
3) Click ‘Settings’ in the main left-side menu
4) Click ‘API Credentials & Keys’
5) Select ‘New Signature Key’
6) Note down this signature for later use

STEP B: Convert that Signature Key into ASCII.

Then, programatically convert signature key into byte array format, which is the only option to use in the API. See below sample code to convert signature key to byte array.
$signature_key = ‘1234567890C76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F1234567890’;
$signature_key = hex2bin($signature_key);
print_r($signature_key);

STEP C: Creating message string

As per the document from AN, we need to create a message string that join with a caret (“^”) symbol. Don’t put caret (“^”) in the beginning and end of the string. See below example:
$messageString = $merchantApiLoginId . “^” . $fpSequence . “^” . $fpTimestamp . “^” . $amount . “^”. $currencyCode

Explenation:
$merchantApiLoginId = This is the Merchant Id provided by Authorize.net
$fpSequence = This is a unique number like order id or random number
$fpTimestamp = This is current time stamp, can be generated using “time()”
$amount = This is the order total with decimal point like 500.00
$currencyCode = This is the currency code used in current store like USD or EU

STEP D: Create SHA512 hash string

Here, we use HMAC-SHA512 to hash the message string with the Signature Key.
Example: $data = hash_hmac(“sha512”, $merchantApiLoginId . “^” . $fpSequence . “^” . $fpTimestamp . “^” . $amount . “^”. $currencyCode, $signature_key);

Then, we send the hashed message string to the Authorize.net API in the x_fp_hash field along with request array. Authorize.net automatically check the hash value type. If Signature Key conversion is correct, Authorize.net automatically return SHA512 hash string in x_SHA2_Hash field along with the response array.

How to check the response:
Follow the below steps to check the response from Authorise.net API.

STEP E: Compare the result
Compare the value in x_SHA2_Hash with the POST data in the Authorize.net response array. For this purpose, we need to concatenate the post data with a caret (“^”) and terminated with another caret symbol. Then compare this string with the value in x_SHA2_Hash.

Example code:
$signature_key = ‘1234567890C76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F1234567890’;

$signature_key = hex2bin($signature_key);

$string = implode(‘^’, [$_POST[‘x_trans_id’],$_POST[‘x_test_request’],$_POST[‘x_response_code’],$_POST[‘x_auth_code’],$_POST[‘x_cvv2_resp_code’],$_POST[‘x_cavv_response’],$_POST[‘x_avs_code’],$_POST[‘x_method’],$_POST[‘x_account_number’],$_POST[‘x_amount’],$_POST[‘x_company’],$_POST[‘x_first_name’],$_POST[‘x_last_name’],$_POST[‘x_address’],$_POST[‘x_city’],$_POST[‘x_state’],$_POST[‘x_zip’],$_POST[‘x_country’],$_POST[‘x_phone’],$_POST[‘x_fax’],$_POST[‘x_email’],$_POST[‘x_ship_to_company’],$_POST[‘x_ship_to_first_name’],$_POST[‘x_ship_to_last_name’],$_POST[‘x_ship_to_address’],$_POST[‘x_ship_to_city’],$_POST[‘x_ship_to_state’],$_POST[‘x_ship_to_zip’],$_POST[‘x_ship_to_country’],$_POST[‘x_invoice_num’],]);

$generate = strtoupper(hash_hmac(‘sha512’, ‘^’.$string.’^’, $signature_key));

if($generate==$x_SHA2_Hash){
{
///your success code goes here…
}

Conclusion:
We reached this solution after a long r&d based on a document provided by Authorize.net. We implemented this solution for a few of our Magento 1.9.x websites, running live successfully without any problem so far.

If you have any queries or support required, feel free to contact us.

Shaarif is one of the senior magento developer working with ti Technologies. Shaarif is experienced in working with Magento2 development and he is expert in magento2 development, module development, upgrading magento 1.x to latest Magento2 version.