Authorize.net works today with CBSubs, and we hope to have a new tested version for their SHA hash in time for their very short-noticed phase-out of their MD5 hash.
We have initiated a SHA test-transaction with ARB on their test gateway end of last week. But their test gateway (still! 10 years after we told them it's a big annoyance) implements the 7 days minimum renewal interval, so we won't get the ARB silent post with the SHA hash before end of this week! So only thing I can say is that it won't be before mid-next week that we will have a CBSubs release that supports SHA in a tested way.
According to their very short noticed dates here
support.authorize.net/s/article/MD5-Hash-End-of-Life-Signature-Key-Replacement
:
Phase 1 - As of February 11, 2019 we have removed ability to configure or update MD5 Hash setting in the Merchant Interface. Merchants who had this setting configured have already been emailed/contacted.
Phase 2 - Stop sending the MD5 Hash data element in the API response. To continue verifying via hash, this will require applications to support the SHA-512 hash via signature key.
- Sandbox has been updated as of March 7, 2019 to stop populating the MD5 Hash value, but the field will still be present but empty.
- Production will be updated on [strike]March 14, 2019[/strike] March 28, 2019 (updated) to stop populating the MD5 Hash value, but the field will still be present but empty.
If you have a sample SHA2 ARB silent post from your history logs/notifications logs, with the corresponding SH2 key for us to try to implement the undocumented ARB SHA2 hash, please PM it to me.
Worst case, we will provide a way to remove the MD5 hash check, which is what most carts have done!!! Which is quite sad.
Needless to say that we do not recommend Authorize.net for new projects, given their very short notice phase-out notices.
You should contact your Auth.net sales representative and protest for such short-notice business-breaking practices.
krileon
