I'm implementing credit card processing with Authorize.net's SIM such that my site will send to an Authorize.net payment form. I'm getting "(99) This transaction cannot be accepted" and I'm not sure why.
So, here is the core of the code that I threw together to handle this. The values computed here (except key) are put into input[type=hidden] elements in the form that gets submitted.
<?php
date_default_timezone_set("America/New_York");
$login = "XXX"; //A 12-character string
$sequenceNumber = $orderId; //equals 22
$timestamp = time();
$amount = $cost; // Equals 53.18
$key = "XXX"; //A 128-character string
$x_fp_hash = bin2hex(hash_hmac("sha512","$login^$sequenceNumber^$timestamp^$amount^USD",$key));
?>
I'm getting $key and $login as provided by the online interface from Authorize.net for my account.
It's giving me error 99 which indicates that the hash is not matching what they think it should be. I've tried some variations on this and cannot get it to work. Does anybody has some insights?
To make matters more complicated, all of the help material I refer to talks about the "transaction key", but the official developer guide pdf only refers to the "signature key". So, for the "$key" mentioned above I tried both even though it sounds like I'm supposed to use the signature key. It's also confusing because even though the developer guide specifically says to use sha512, a lot of online discussions are referring to md5.
So, am I right to use the signature key, am I using it right and can you spot anything wrong with the way I'm generating the hash?
It turns out I had to pack the key first. The following code worked, with the important bit being the final line.
<?php
$x_login = "XXX";
// Where you define orderId as you want
$x_fp_sequence = $orderId;
date_default_timezone_set("America/New_York");
$x_fp_timestamp = time();
// Where you define costTotal (and ensure that it always has two decimal digits
$x_amount = $costTotal;
//Instead of XXX this was the 128-character Signature Key as provided by Authorize.net online interface
$sig_key = "XXX";
$x_fp_hash = hash_hmac("sha512","$x_login^$x_fp_sequence^$x_fp_timestamp^$x_amount^USD",pack("H*", $sig_key));
?>