HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
-- url of the page with the problem -- : n/a
-- HikaShop version -- : 4.0.1
-- Joomla version -- : n/a
-- PHP version -- : n/a
-- Browser(s) name and version -- : n/a
-- Error-message(debug-mod must be tuned on) -- : n/a
Please advise when an update is available for this issue from Authorize.net. It is not urgent for existing HikaShop accounts as they have not given a phase out date. However, new accounts will not be able to use the MD5 next month. Thx
—
EMAIL RECEIVED 1/11/19:
Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.
We have identified that you have this feature configured and may be relying on MD5 based transHash in transaction responses for verifying the sender is Authorize.Net.
Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key.
Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change.
Additionally, please take a moment to complete this one question survey and provide details on the application used to connect to Authorize.Net.
Thank you for your attention to this matter and for being an Authorize.Net merchant.
Sincerely,
Authorize.Net
Please Log in or Create an account to join the conversation.
Hello,
There was a link in the email for the "transaction hash upgrade guide".
That guide explain what should be done :
developer.authorize.net/support/hash_upgrade/
Regards,
Please Log in or Create an account to join the conversation.
Jerome,
I assume your response was meant for other HikaShop developers. As a HikaShop user, I don’t know how to use those instructions.
Thx.
Please Log in or Create an account to join the conversation.
Hi,
I would recommend to contact the Authorize.net support.
Because this text and the upgrade guide talk about variables which aren't in the SIM or AIM APIs implemented in the Authorize.net payment plugin.
So either they sent you an email which actually isn't relevant to you, or it is relevant but they didn't provide any useful information concerning the API you're using.
We can't do anything to help you with the information so far and looking online for more information about that md5 hash upgrade didn't yield any useful information either.
So besides asking for more precision to Authorize.net support, I don't see anything else you can do.
Please Log in or Create an account to join the conversation.
I am also in this boat and not clear on what to do to ensure compatibility.
Please Log in or Create an account to join the conversation.
I just talked to Authorize.net customer support. He said the MD5 hash is an optional field on their end and if we don’t use the MD5 field then we won’t have any problems. He said that if HikaShop developers want to contact tech support regarding this issue, there is contact details in the developer section of their website. It is only email though — no phone support.
He said that some very old APIs required the MD5 hash tag and if their system doesn’t work without it, then this change will be a problem for them. I’m pretty sure the MD5 hash was optional when I set up my client. I will check later as I have an appointment in a few minutes. But Authorize.net support said that if I removed the MD5 hash from my API (i.e., my HikaShop payment plugin), that I would still be able to process a transaction as far as Authorize.net was concerned. If it doesn’t work, it would be because HikaShop required it (which I doubt).
So the gist is that if HikaShop doesn’t require the MD5 has be present for a successful transaction, then it is not an issue.
Please Log in or Create an account to join the conversation.
Hi,
Please note however that the MD5 Hash in the settings of the Authorize.net payment plugin is for the SIM and AIM APIs in order to set the x_fp_hash parameter and check the x_MD5_Hash parameter.
There is no transHash parameter in these APIs.
The MD5 hash in the settings of the payment plugin is required, but reading there message and guide, it looks like they are talking about something else since the parameter names don't match.
Please Log in or Create an account to join the conversation.
PS: I've sent a question to the developer support of Authorize.net to make sure that this change is not related to SIM/AIM and if it is, that they provide the necessary information. We'll see what they have to say.
Please Log in or Create an account to join the conversation.
So in theory we could remove the requirement of the Hikashop Authorize.net plugin for the MD5 field and be good to go?
Please Log in or Create an account to join the conversation.
I, too, am a bit confused on this email as I have a client who has received it. I looked on their Authorize payment plugin and there is a hash in the "Your MD5 Hash (response key) on Authorize.net" field.
In a previous post, the user indicated:
But Authorize.net support said that if I removed the MD5 hash from my API (i.e., my HikaShop payment plugin), that I would still be able to process a transaction as far as Authorize.net was concerned. If it doesn’t work, it would be because HikaShop required it (which I doubt).
So should I remove the hash total from the "Your MD5 Hash (response key) on Authorize.net" field and, if so, will this impact the ability to process transactions?
Please Log in or Create an account to join the conversation.
No, the MD5 Hash setting in the plugin is necessary.
What I said is that I don't see any link between the message you received and the APIs implemented in these plugins.
So in theory, you could just ignore that message and continue with what you have.
That's what we need to check with Authorize.net's support.
Please Log in or Create an account to join the conversation.
nicolas,
Thanks for the update. If you find out anything different, I'm sure everyone would appreciate a response in this thread as we are receiving notices. 
Luke
Please Log in or Create an account to join the conversation.
Hi,
I got a first answer from Authorize.net level 1 support which completely missed the subject. With my following reply they redirected the support request to the engineers on their end. I'm waiting for an anwser from them.
Please Log in or Create an account to join the conversation.
Got another email today in case it helps:
—
Subject: Reminder: Important MD5 Hash Removal/Disablement
Authorize.Net is phasing out the MD5 hash, an older method used by shopping carts, payment modules and plugins to verify that transaction responses are genuine and from Authorize.Net. We have identified that you have this feature configured and may be relying on this older method.
Please contact your web developer or solutions provider and confirm if you are using an MD5-based hash. If so, you should begin plans for moving to SHA-512 hash via Signature Key.
The MD5 Hash will phase out in two phases:
Phase 1 - Starting later this month to early February 2019, we will remove ability to configure or update MD5 Hash setting in the Merchant Interface. There are no changes to the existing API response.
Phase 2 - Stop sending the MD5 Hash data element in the API response. This change will require that applications support the SHA-512 hash via signature key. Dates for phase 2 will be announced later but is expected in the next 2-3 months.
Please refer to our support article:
MD5 Hash End of Life & Signature Key Replacement
for more details and information on this change.
Thank you for your attention to this matter and for being an Authorize.Net merchant.
Sincerely,
Authorize.Net
Please Log in or Create an account to join the conversation.
Same boat here. Waiting on a resolution if something needs to be changed with the plugin.
Please Log in or Create an account to join the conversation.
Us too. It certainly sounds like the plugin will need to change as the MD5 hash is being deprecated in the next few months entirely.
We have quite a few client sites we manage each month who are using Authorize.net, so curious to see what they reply back.
Please Log in or Create an account to join the conversation.
Hi,
Thank you for relaying the message.
This new message provides much more relevant information even though that's still not precise enough.
Unfortunately, they didn't update yet the integration guides regarding SIM and AIM.
This thread from their community forum is quite better:
community.developer.authorize.net/t5/Int...not-match/td-p/65807
As you will read there, it seems that they are not organised well enough and rushed the change without updating the old documentations that are still used by a lot of people.
Of course, we didn't heard from the developers of Authorize.net that were supposed to contact us back. I suppose they must be overwhelmed with all the developers trying to reach them to get more information.
I went ahead and modified the authorize.net plugin based on the information I got from the message link and the community forum.
You can download the new version there:
Please Log in or Create an account to join the conversation.
Nicolas,
Thanks for all the work on this. Just wanted to let you know though, I didn't receive an email notification of your post. Hopefully everyone else in this thread did, but I wanted to reply in case they didn't. I would think after a reply like yours there would be a few posts with questions or thanks as well.
Please Log in or Create an account to join the conversation.
Oh yes, thanks simplecms. I too did not receive the email notification of the reply, so I'm grateful that you posted. (I was just waiting patiently...sort of 
.
Thanks Nicolas for your work on this. I'm eager to hear how people's tests go!
Please Log in or Create an account to join the conversation.
Nicolas, Thank you so much for all your work on this! You are definitely appreciated.
FYI, I did not get of the posts from 4 days ago either. Must have been a glitch in the system. I got all the ones from today though.
Please Log in or Create an account to join the conversation.
