Magento’s implementation of the Authorize.Net Direct Post payment method currently uses MD5 based hash for all M1 and M2 installations. As of June 28, 2019, Authorize.Net will stop supporting MD5 based hash usage (announcement).
This will result in Magento merchants not being able to process payments using Authorize.Net Direct Post. To avoid disruption and to continue processing payments, merchants need to apply a patch provided by Magento and add a Signature Key (SHA-512) in the Magento Admin configuration settings.
Magento Versions Requiring Patch
Merchants using the following Magento versions and editions need to update:
- Magento Commerce and Open Source 1.X.X
- Magento Commerce, Commerce Cloud, and Open Source 2.1.X, 2.2.X, 2.3.X
- Net Direct Post
Patch Information
The patch name is Authorize.net Direct Post Signature Key. The patch for 2.X can be applied to all 2.3.X, 2.2.X, and 2.1.X instances. Merchants on M1 have specific patches to download.
This patch replaces the MD5 Hash field with Signature Key field. You can obtain the new key and configure your Magento Admin following the KB article.
Required Steps to Update
- Download and install the patch update through your Magento account.
- Get a new Signature Key through your Authorize.Net account.
- Add the new Signature Key in the Magento Admin for Authorize.Net Direct Post.
More information
- Update Authorize.Net Direct Post from MD5 to SHA-512 for complete instructions
- Tech Resourcesfor Magento Open Source and Commerce documentation
- Net announcement: MD5 Hash End of Life & Signature Key Replacement
Questions?
Magento Commerce merchants and Partners can contact Magento Support with questions.
46 Comments