AuthorizeNet auto recurring payment

Hi
Can you re-login and check i see the IPN IPN notification invalid hash / Fraud attempt in today's attempt as its ARB today and payment deducted, Due to security reasons not sharing a screenshot here. IN CB notification can see the entry.

Thank you

Both x_MD5_Hash and x_SHA2_Hash are empty in the Silent POST sent to CBSubs from Authorize.net. This means we can't verify the signature or even fallback to verifying MD5. Below is a 6 page topic with over 50 replies on their forums about this very issue.

community.developer.cybersource.com/t5/Integration-and-Testing/no-data-in-x-SHA2-Hash-when-using-Silent-Post/td-p/66218

The issue is entirely on Authorize.net end of things as we again can't process data that does not exist.

I get that they want to discontinue AIM and Silent Post, but this isn't some API for rendering funny pictures. We're dealing with transactions here. They need to have life-long fallback behavior or they cripple sites processing payments through them. It is unreasonable for developers to have spend hours and thousands of dollars to rewrite payment integrations because that payment processor doesn't want to have proper API B/C. I do not have the time nor do we have the funding to rewrite Authorize.net from the ground up into their new API. In short if Authorize.net wants us to rewrite to the newer API either them or someone else will have to sponsor the development. My recommendation is move to Stripe and rid yourself of terrible payment processor headaches.

Hi
i had again words with Authorize support and according to them, it's sent to the website.
Can you share the file path where in CB the silent posts fetch, is there a possible option to get the Silent post URL outside CB just to check whether its sent by AuthorizNet or blocked
AuthorizeNet also shared this link : support.authorize.net/knowledgebase/Knowledgearticle/?code=000001399
x_SHA2_Hash is supported not MD5

Thank you

You can see exactly what was sent to CBSubs in your notification. It's a raw export of $_POST. x_SHA2_Hash is empty in $_POST so there's nothing for us to verify against.

All I can suggest at this point is turn off Silent Post verification. To do this within your Authorize.net gateway in CBSubs empty "Authorize.net MD5 Hash" and "Authorize.net Signature Key".

Hi
i tried Stripe on test mode user got activate for a 1 week plan.
On date of expiration it not expired in CB but it does not got new log of activate
still it is showing 2 days back date for expiration prntscr.com/iKWzxmwrIJXG
On Stripe the account show activate for another week that is fine but no status update on CB.
prntscr.com/ff84b4sUmKTu
I selected all events on Stripe so nothing can be missed. still CB not updated for ARB.

Any suggestions to fix?

Stipe requires usage of Webhooks for recurring payments. Ensure you've correctly configured webhooks. You can even check your webhook log directly at Stripe to be sure it reached your site and if it did it will be logged in CBSubs > Notifications. We also have deep event logging for Stripe so any changes during a Stripe payment relevant to CBSubs will be logged to CBSubs > History Log. Sounds like you don't have webhooks configured if a renewal was not sent to your site; see the "Stripe Webhook Credentials" section in your Stripe gateway.