I just updated the Give Plugin and am now receiving a notification that
“Give is having trouble creating the necessary Authorize.net webhooks that are necessary to communicate with the API. Please generate a signature key within the Authorize.net merchant interface to resolve the issue. Click here for instructions »”
I followed the instructions, now have the signature key, but am not instructed how to update Give with the new signature key. Can you point me in the right direction?
The page I need help with: [log in to see the link]
To use the Signature Key to validate the value of transHashSHA2: Step 1. Generate a Signature Key and store it in a secure location on your server. Convert the Signature Key into a byte array. Accept.js is a JavaScript library for sending secure payment data directly to Authorize.Net. Accept.js captures the payment data and submits it directly to us, in exchange for a one-time-use token, or payment nonce. You can use this payment nonce in the place of payment data in a follow-on createTransactionRequest API call. I think the terminology is just confusing here. We aren't talking about the 'md5 hash' which as you noted was always optional. This is about the new fingerprint which is also referred to as 'xfphash' and used to use the login id and transaction key but now uses login id and signature key.
That is the problem, that the webhook is not successfully set up. It says “There was a problem setting up the live webhooks.” It also says “No Sandbox API Keys Detected” which is fine since we are not using a sandbox. Thanks.
I already did put in a ticket, it’s #11891. I replied to the email that was sent and put in that I am working with you on it. Thanks.
My client has the Give Authorize.net plugin and I’ve generated a new Live Transaction Key and verified the Live API Login ID but still getting the “There was a problem setting up the live webhooks.” as they are. I notice in the logs it has the following error under payment errors…
Connection error: (400) INVALID_DATA: Please generate a signature key from the Merchant/Partner interface to create a webhook. (400)
That appears to be the issue, I generated a new Signature Key and then ran the script again and now it is showing the webhooks was created. Thank you for the help. Do I need to do anything with this Signature Key?
We got a notice from Authorize.net that there is going to be a MD5 hash change and that our system apparently is using it, is this something that will be taken care of with the plugin or something we need to update?
I received the same notice. I opened up a trouble ticket to WPGIVE asking if this is anything we need to be concerned about. Being today is a Saturday (01/12), I am not expecting a response until Monday. We have some time since the elimination of MD5 support does not terminate until the end of January.
To add more detail for WPGIVE Support Team, here is the full email instructions:
To use the Signature Key to validate the value of transHashSHA2:
Step 1. Generate a Signature Key and store it in a secure location on your server.
Step 2. Convert the Signature Key into a byte array.
Step 3. Create a message string that starts with a caret (“^”), followed by the following three fields delimited by carets, and terminated with another caret:
• The API Login ID that you send in createTransactionRequest in the name element.
• The transaction ID that we send in createTransactionResponse in the transId element.
• The transaction amount that we send in createTransactionResponse in the amount element.
For example, if your API Login ID is “ANet123”, the value of transId is “20987654321”, and the value of amount is “9.99”, the message string would look like this:
^ANet123^20987654321^9.99^
Step 4. Use HMAC-SHA512 to hash the byte array form of the Signature Key from Step 2 with the message string from Step 3.
Step 5. Compare the value of transHashSHA2 with the output from the HMAC-SHA512 hash mentioned in Step 4.
For C# users, Authorize.Net provides the following code for converting the Signature Key into a byte array and calculating the HMAC-SHA512 hash.
public string HMACSHA512(string key, string textToHash)
{
if (string.IsNullOrEmpty(key))
throw new ArgumentNullException(“HMACSHA512: key”, “Parameter cannot be empty.”);
if (string.IsNullOrEmpty(textToHash))
throw new ArgumentNullException(“HMACSHA512: textToHash”, “Parameter cannot be empty.”);
if (key.Length % 2 != 0 key.Trim().Length < 2)
{
throw new ArgumentNullException(“HMACSHA512: key”, “Parameter cannot be odd or less than 2 characters.”);
}
try
{
byte[] k = Enumerable.Range(0, key.Length)
.Where(x => x % 2 0)
.Select(x => Convert.ToByte(key.Substring(x, 2), 16))
.ToArray();
HMACSHA512 hmac = new HMACSHA512(k);
byte[] HashedValue = hmac.ComputeHash((new System.Text.ASCIIEncoding()).GetBytes(textToHash));
return BitConverter.ToString(HashedValue).Replace(“-“, string.Empty);
}
catch (Exception ex)
{
throw new Exception(“HMACSHA512: ” + ex.Message);
}
}
The details can be found at: https://developer.authorize.net/support/hash_upgrade/?utm_campaign=19Q2%20MD5%20Hash%20EOL%20Merchant&utm_medium=email&utm_source=Eloqua