Authorize.net ends support of MD5

Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key.

Instead of hashing the transaction key with MD5, it is now required to hash the signature key with SHA-512.

Support for MD5 was stopped March 7 2019 for sandbox environment and will stop on June 28 2019 for production environment.

On February 11, 2019 Authorize.net removed the ability to configure or update MD5 Hash setting in the Merchant Interface. Merchants who had this setting configured have been emailed/contacted.

You can see more information about the change on Authorize.net.

What does it mean for you in Odoo?

Since both the Transaction Key and the Signature Key might be needed for Authorize.net to work properly depending on usage, you need to generate both types of keys in the Authorize.net platform. To be able to save both keys on the acquirer configuration in Odoo, you must first upgrade the integration by going to the Apps menu, search for the Authorize.net module (you might need to disable the "Apps" filter in the top right search box) and click on "Upgrade". Once that is done, you should see both Transaction and Signature input fields in the acquirer configuration.

To generate the keys, head to your Authorize.net account, then go to the Account tab and click on the API credentials & Keys link. From there, you can generate a new Transaction key and Signature key.After that you must set the transaction  and signature keys in Odoo with the new ones obtained from Authorize.net.

Useful links

What is a Signature Key

Signature Key Replacement

Upgrade my transaction fingerprint from MD5 to SHA-512

We hope the change will be seamless for you. Thank you for reading. 


We never negotiate legal terms. Here is why.