Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MD5 Hash End of Life, SDK Impact? #360

donnorman opened this Issue Jan 25, 2019 · 3 comments


None yet
3 participants
Copy link

donnorman commented Jan 25, 2019


Authorize.Net sent out an email:

Dear Developer:

Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key. If your existing integrations or clients are using MD5 hash, they will need to move to using the SHA-512 based hash. This applies to all Authorize.Net integration methods including the Authorize.Net API, AIM, SIM/DPM and Relay Response.

The end of life for MD5 Hash will be done in two phases:

Phase 1 - Remove ability to configured/update MD5 Hash setting in the Merchant Interface by end of January 2019/early February 2019. This change has no impact to the API response; it will be done in Phase 2.

Phase 2 - Stop sending the MD5 Hash data element in the API response. The date for this change will be announced at a later time but is expected in the next 2-3 months.

For specific details on upgrading to use the SHA-512 hash, please see our support article: MD5 Hash End of Life & Signature Key Replacement.
Thank you for your attention to this matter and for being an Authorize.Net developer.

Will this impact the SDK?

I only see isAuthorizeNet() in what are now deprecated classes according to the docs.



This comment has been minimized.

Copy link

alberto1el commented Jan 25, 2019

Another question regarding the MD5 Hash End of life.

  • When will this change be reflected on the sandbox environment? so that we can test if our integrations have been correctly developed? (asking since I do not see any reference to the sandbox environment in the notifications I have received)

This comment has been minimized.

Copy link

gnongsie commented Mar 13, 2019

Apologies for the late reply.

Rest assured, the MD5 Hash End of Life will not affect the SDK in any way.

Since v2.0.0, the deprecated classes have been removed, which also means that isAuthorizeNet() has also been removed. We have a new way that you can use for validating the new SHA-512 based hash. Kindly refer to this sample code for that.

This change has already been reflected on the sandbox environment.


This comment has been minimized.

Copy link

donnorman commented Mar 14, 2019


Thanks for the reply, the sample code helped us update our implementation. We're not on v2.0.0 yet, but aren't using any of the deprecated code; will have to upgrade soon!

I'm glad to see they extended the production EoL date!

@donnorman donnorman closed this Mar 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.