Are you Magento store owner using any of the below versions and using Authorize.Net Direct Post payment method with MD5 based hash?
- Magento Commerce 1.X.X
- Magento Open Source 1.X.X
- Magento Commerce 2.X.X
- Magento Open Source 2.X.X
- Magento Commerce (Cloud) 2.X.X
If yes, continue reading this important post!
However, if you installed Magento SUPEE 11155 patch, you don’t need to worry as this solution is already resolved in the security patch!
Uptill now, Magento used the MD5 based hash to implement the Authorize.Net Direct Post payment method. But not anymore after Authorize.net announced MD5 Hash End of Life & Signature Key Replacement!
After this announcement, the store owners will not be able to process secure payments using the Authorize.net Direct Post.
Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key. It will stop supporting the MD5 based hash key use from June 28, 2019.
Not to worry, as Magento provides the patch that merchants need to apply and replace the existing MD5 hash with a Signature Key (SHA-512) in the Magento Admin configuration settings.
Follow the below steps to continue using the Authorize.Net Direct Post in the Magento stores!
Steps to Update Authorize.Net Direct Post from MD5 to SHA – 512 in Magento:
Step 1: Apply the Patch
Download the zip file for your Magento Version for the patch installation. You can also download these Pre Patched files from GitHub. Unzip the downloaded files and add them to your root Magento folder.
| Magento Version | Patch Files |
|---|---|
| Magento 2.3.0 | Magento CE-2.3.0 |
| Magento 2.2.6 to Magento 2.2.7 | Magento CE-2.3.0 |
| Magento 2.2.0 to Magento 2.2.5 | Magento CE-2.3.0 |
| Magento 2.1.0 to Magento 2.1.9 | Magento CE-2.3.0 |
| Magento 1.5.0 to Magento 1.9.4.0 | Magento CE-1.5.0.1-CE-1.9.4.0 |
Note: If you use Magento Commerce Cloud, apply the patch and deploy. For more information, visit Apply custom patches.
Step 2: Get a New Signature Key
Follow the below steps to get a new signature key. To know more about the signature key, visit here.
- Log into the Merchant Interface at https://account.authorize.net.
- Click Account from the main toolbar.
- Go to Settings in the main left-side menu.
- Click API Credentials & Keys.
- Select New Signature Key. Review the options available.
- Click Submit and continue.
- Request and enter the PIN for verification.
- Your new Signature Key will be displayed that is to be copied to add to your Magento Admin configuration.
Step 3: Update Magento Admin Configuration
- Log in to the admin panel.
- Go to Stores > Configuration.
- Click Sales > Payment Methods.
- Expand the Authorize.net Direct Post section.
- In the Signature Key enter the SHA-512 Signature Key.
- Click Save Config.
For Magento 1:
For Magento 2:
After the successful signature key update, you can enjoy capturing secure online payments using the Authorize.NetDirect Post!
Note: With the upcoming Magento 2.3.1 release, Magento will include the new Authorize.Net extension to replace the Direct Post. If you are not going to update to Magento 2.3.1 anytime soon, follow the above method to update Authorize.Net Direct Post from MD5 to SHA – 512 in Magento stores.
Or, you may contact us for professional help with Authorize.net Direct Post transaction key update.
Thank you!
