Authorise net API Keys Setup Guide

Configure Authorise.net keys under Settings > Payment Methods > Authorise.net > Settings.



To collect these keys, Follow below steps:

  1. Visit https://www.authorize.net/ and click on the ‘signup->pricing’ section provided at the top-right corner.
    Note: In case, you already have an Authorise.net account, then use that account to proceed further. Authorise.net website home page
  2. New page will open. Select either ‘I only have a checking/savings account’ or ‘I have a merchant bank account’. Go with Merchanct Bank Account. Authorise.net Sign Up Page
  3. A new page will open. Fill in all the details and submit. Authorise.net Merchant application Page
  4. A pop-up form will open. Fill in details and click on the ‘Create Your Account’ button. Authorise.net create account pop-up
  5. Account dashboard page will open. Authorise.net account dashboard page.
  6. To obtain Login Id and Transaction Key, click on Account from the main toolbar. Authorise.net account navigation.
  7. Click Settings  > API Credentials & Keys. Authorise.net Api credentials link.
  8. Select New Transaction Key, and click on submit.

    Delete

    Note: When obtaining a new Transaction Key, you may choose to disable the old Transaction Key by clicking the box titled, Disable Old Transaction Key immediately. You may want to do this if you suspect your previous Transaction Key is being used fraudulently. Authorise.net gets new transaction key


  9. A pop-up window will open. Click on the Request Pin button. Authorise.net request pin pop-up
  10. Next pop-up will open asking for a pin. You will get a pin on the email id used for registration. Copy and paste it. Click on verify. Authorise.net verify pin pop-up.
  11. Pin verified, click on continue. Authorise.net verified pin successfully message pop-up.
  12. Copy the transaction key and click on continue. Now click on the same Settings->API Credentials & Keys. API Login ID is there. Save these credentials in the corresponding section of the website admin panel. Authorise.net Api Login ID.
  13. Important :  Right now in system md5 hash is optional and not in use. So below points (Point 14) are just for illustration’s purpose. (As and when signature key concept will be implemented in system, Point 14 will be necessary to perform)
    Note: md5 Hash concept is no longer available and signature key concept has been added as a replacement for it. As stated in the support forum link: (https://support.authorize.net/s/article/MD5-Hash-End-of-Life-Signature-Key-Replacement ) . (Right now in system md5 or signature key concept is not in use)
    Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key.The end of support for MD5 Hash will be done in two phases:
    Phase 1 - As of February 11, 2019 Authorize.net have removed the ability to configure or update MD5 Hash setting in the Merchant Interface. Merchants who had this setting configured have already been emailed/contacted.
    Phase 2- Stop sending the MD5 Hash data element in the API response. To continue verifying via hash will require applications to support the SHA-512 hash via signature key.
    • Sandbox has been updated as of March 7, 2019 to stop populating the MD5 Hash value, but the field will still be present but empty.
    • Production has been updated as of June 27, 2019 (10:30am PT) to stop populating the MD5 Hash value. The field will still be present but empty.
      When you receive a transaction response from Authorize.Net, it includes a SHA2 hash element; the name and position depend on the API integration method used. The SHA2 field contains HMAC-SHA512 hash that Authorize.Net generated for the transaction and can be used to validate the response received from Authorize.Net but is not required to do so.
  14. To obtain ‘Signature key’ follow the same process  from Point 6 to 12  but select ‘new signature key’ instead of ‘new transaction key’ . 14:Authorise.net Signature key generation process.This signature key needs to be added instead of Md5 hash into the system once implemented in the system.