Picture
Earlier today -- between 12:04 and 12:07pm PST, to be specific -- Authorize.net changed the way their API worked, unannounced, that caused successful transactions to not be recorded by us and many others, including ZenCart customers, and who knows how many others.

A Silent POST is the mechanism by which Authorize.net POSTs back to our servers to inform us of the outcome of a transaction. An MD5 hash is used to authenticate that the POST is legitimate, and one of the values hashed is the transaction amount.

Starting today, they are now passing the x_amount parameter back as 19.9500 (as an example) but still using 19.95 as the amount for the x_MD5_Hash parameter.

An immediate fix would require stripping out the last two 0's from x_amount (if present) when calculating the MD5 hash so that the computed md5 hash matches the x_MD5_Hash passed.

After having spent the better part of today figuring out what the problem was, fixing it, and manually reconciling hundreds of transactions, I'm really hoping they don't change the x_MD5_Hash tomorrow to rely on the new price format (x.xxxx), as it'll break everything all over again, and pretty much scuttle any chances I have of getting any thing done tomorrow.

If you're wondering why your transactions aren't showing up in your billing system, this is why.

And if it isn't clear enough, this is absolutely unacceptable. Not only is an unannounced API change to a heavily-used billing system horrendous, but this specific change is severely impacting customers, and Authorize.net are completely missing to fix the issue or answer any support requests.
 


Comments

andrew pearson link
06/30/2010 10:04

ya, finaly he posted again :)

Reply
Jason
06/30/2010 10:46

I can't thank you enough for this post! I've been trying to test a new product on our site for hours, and couldn't figure out why the hash comparison wasn't working. I even tried chatting with Authorize.net support, but they were clueless and rather unhelpful. I asked them - point blank - if there were any recent changes that might be impacting a hash comparison and was told "no". After seeing your post, I contacted them again and a new person acknowledged the issue. They told me that engineers just became aware of the problem, and are working to fix it. I agree that this is completely unacceptable, and am very disappointed by their poor service overall (now and in the past). They really need to get their act together!

Reply
Alex W.
07/01/2010 13:48

Yes, thanks for shedding some light on this! My sites are failing the MD5 test in a slightly different way... the Amount returned is always "0.00", no matter what x_amount we submit. If we use our original amount instead (still x.xx format) to generate the hash, it seems to match what they return.

Technical details aside, Authorize.Net is handling this HORRIBLY!

Reply
Velona-Folisan link
07/12/2010 06:13

is it possible? no information is available about this? Thank you very much!

Reply
Velona-Folisan
07/12/2010 06:14

Great header by the way!

Reply
kevser
07/24/2010 23:44

Great header (i got on your website by typing random names in the top bar)
Any waay i love your website check out mine www.hello2uhi.weebly.com, bye :-)

Reply
Jordan Flight 45 link
08/20/2010 00:18

Where there is a will there is a way.

Reply

Comments are closed.