Authorize.net Direct Post MD5 Issue for Magento 1 and 2 Merchants

Magento 1 and Magento 2 merchants that use Authorize.net Direct Post as one of their payment methods will need to have a patch applied and update their Authorize.net settings in the Magento admin panel before March 28, 2019.

Authorize.net will stop supporting the MD5 hash method that Magento uses for its Direct Post integration. They have updated the date to March 28, 2019. Fortunately, Magento has released a patch and steps that can be taken to update Authorize.net Direct Post integration to use the Signature Key method.

[Update: 3/12/2019 – The date has been pushed back to June 28, 2019]

If your Magento store is hosted with us, we will be applying the patch to all stores that use Auth.net Direct Post, and you will be receiving an email letting you know when the patch is applied and the steps you need to take.

If your store is not hosted with us, you will need to follow the steps outlined in the Magento Help Center.

The steps to address this issue are:

  1. Apply the patch to your M1/M2 store (LexiConn will do this for all Magento sites hosted with us)
  2. Get a new signature key in the Auth.net Merchant interface:
    1. Log-in at https://account.authorize.net
    2. Go to: Account -> Settings -> API Credential & Keys -> New Signature Key
  3. Update Magento admin
    1. Log-in to your Magento admin panel
    2. Stores -> Configuration -> Sales -> Payment Methods -> “Authorize.net Direct Post”
    3. Enter the new Signature Key in the Signature Key field
    4. Save
  4. Place a test order using a live credit card to make sure Authorize.net is still working after the update

If you are hosted with us, and have any questions about this, please let us know.

Looking for a web host that understands ecommerce and business hosting?
Check us out today!

3 Comments

  1. Adrian says:

    Hello, I’ve been looking and asking all over the place if the “regular” Auth.net payment method will be affected by this change? With “regular” I mean the one that IS NOT Auth.net Direct Post.

    So my question is, if we only use Auth.net, and we don’t use Auth.net Direct Post, will this change affect us?

Leave a Reply to Adrian