Showing results for 
Search instead for 
Did you mean: 

Authorize.Net Direct Post Patch for M2 and M1

New Contributor

Magento’s implementation of the Authorize.Net Direct Post payment method currently uses MD5 based hash for all M1 and M2 installations. As of June 28, 2019, Authorize.Net will stop supporting MD5 based hash usage (announcement).


This will result in Magento merchants not being able to process payments using Authorize.Net Direct Post. To avoid disruption and to continue processing payments, merchants need to apply a patch provided by Magento and add a Signature Key (SHA-512) in the Magento Admin configuration settings.


Magento Versions Requiring Patch


Merchants using the following Magento versions and editions need to update:


  • Magento Commerce and Open Source 1.X.X
  • Magento Commerce, Commerce Cloud, and Open Source 2.1.X, 2.2.X, 2.3.X
  • Net Direct Post


Patch Information


The patch name is Direct Post Signature Key. The patch for 2.X can be applied to all 2.3.X, 2.2.X, and 2.1.X instances. Merchants on M1 have specific patches to download.


This patch replaces the MD5 Hash field with Signature Key field. You can obtain the new key and configure your Magento Admin following the KB article.


Required Steps to Update


startup.png Complete the following steps using our KB Article Update Authorize.Net Direct Post from MD5 to SHA-512. The KB includes information for all M1 and M2 merchants.


  1. Download and install the patch update through your Magento account.
  2. Get a new Signature Key through your Authorize.Net account.
  3. Add the new Signature Key in the Magento Admin for Authorize.Net Direct Post.


More information 




Magento Commerce merchants and Partners can contact Magento Support with questions.