1. Magento Help Center
  2. Troubleshooting
  3. General

Articles in this section

See more

Update Authorize.Net Direct Post from MD5 to SHA-512

Avatar
Aleksandra Marchenko
  • Updated

UPDATED on March 5th, 2019

Magento's implementation of the Authorize.Net Direct Post payment method uses MD5 based hash. Authorize.net will stop supporting MD5 based hash usage on June 28, 2019. This will result in Magento merchants not being able to process payments using Authorize.Net Direct Post. To avoid this, merchants need to apply the patch provided by Magento and replace the existing MD5 hash with a Signature Key (SHA-512) in the Magento Admin configuration settings.

Magento is releasing a new Authorize.Net extension to replace Direct Post in upcoming 2019 releases, starting with v2.3.1 for Commerce and Open Source. Watch for updates in the release notes.

Affected versions

  • Magento Commerce 1.X.X
  • Magento Open Source 1.X.X
  • Magento Commerce 2.X.X
  • Magento Open Source 2.X.X
  • Magento Commerce (Cloud) 2.X.X
  • Authorize.Net Direct Post

Issue

Magento implements the Authorize.Net Direct Post payment method, using Authorize.Net's AIM (Advanced Integration Method) and DPM (Direct Post method) APIs, which use MD5 based hash.

Authorize.net will stop supporting MD5 based hash usage on March 14, 2019. Starting from this date, Magento Open Source, Magento Commerce and Magento Cloud merchants will not be able to process payments using Authorize.Net Direct Post payment method. To be able to continue successfully process payments using these methods, merchants need to apply the patch provided by Magento and replace the existing MD5 hash with a Signature Key in the Magento Admin configuration settings.

Solution

Further are described the three general steps you need to take be able to continue using Authorize.Net Direct Post payment method.

1. Apply the patch

You may require developer assistance to apply the update. To update, you can download and install packages for your Magento edition and version. Download patches also available for those who installed with Composer.

Magento Commerce and Open Source

For Magento Commerce M1 and M2, follow these steps to download and install the patch:

  1. Access My Account.
  2. Navigate to Downloads tab. Select the Magento edition and version (like Magento Commerce 1.X or Magento Commerce 2.x), then edition and version.
    For Magento 2: There are two patches available. One patch can be used to update Magento 2.0.X and  2.1.X, the other one can be used to update Magento 2.2.X and 2.3.X.
  3. Select Support Patches and Security Patches, then Authorize.net Direct Post Signature Key patch.
  4. Download and install the Authorize.net Direct Post Signature Key patch for your Magento version.

For Magento Open Source M1 and M2, follow these steps to download and install the patch:

  1. Click a link to download: M1 patch or M2 patch.
  2. For Select your format, select a format best matching your needs. For M1, there is just one option. For M2, choose between Git-based or Composer-based.
  3. Download and install the Authorize.net Direct Post Signature Key patch for your Magento version.

Magento Cloud

For Magento Commerce Cloud, apply the M2 patch and deploy. For details, see Apply custom patches.

2. Get a new Signature Key

You need to get a new Signature Key and add it to your Magento Admin configuration. For more information, see What is a Signature Key?

  1. Log into the Merchant Interface at https://account.authorize.net.
  2. Click Account from the main toolbar.
  3. Click Settings in the main left-side menu.
  4. Click API Credentials & Keys.
  5. Select New Signature Key. Review the options available.
  6. Click Submit to continue.
  7. Request and enter PIN for verification.
  8. Your new Signature Key is displayed. Copy this key to add to your Magento Admin configuration.

3. Update Magento Admin configuration

Take the following steps to update the Magento Admin configuration:

  1. Log into the Magento Admin.
  2. On the Admin sidebar, click Stores. Then under Settings, click Configuration.
  3. In the panel, click Sales then Payment Methods.
  4. Expand the Authorize.net Direct Post section.
  5. In the Signature Key enter the SHA-512 Signature Key.
  6. Click Save Config.

auth-net-signature-key-m2.png

Magento 2 Authorize.Net Direct Post configuration screen

auth-net-signature-key-m1.png

Magento 1 Authorize.Net Direct Post configuration screen

The process is successful if the Signature Key updates and payment processing continues. If you have issues, verify the Signature Key with Authorize.Net. 

More information 

Was this article helpful?
4 out of 22 found this helpful
Return to top

Related articles