Find Answers

Find Answers

Specified Languages
British English
English

Contact Us

Merchant Support

Toll-Free Phone:
(877) 447-3938

Support Hours:
24x7
(Closed major holidays)


Reseller Support

Toll-Free Phone:
(888) 437-0481

Support Hours:
M–F: 6 AM – 5 PM PDT
(Closed major holidays)


Affilate Support

Toll-Free Phone:
(866) 682-4131

Support Hours:
M–F: 6 AM – 5 PM PDT
(Closed major holidays)


Corporate Offices

Authorize.Net (Utah)
P.O. Box 947
American Fork, UT 84003-0947
Tel: 801.492.6450
Fax: 801.492.6489

What is a Signature Key?


Doc ID:    A1714
Version:    1.0
Status:    Published
Published date:    08/04/2016
Categories:    Integration
 

Answer

The Signature Key is a feature that allows you to enhance the security of your Server Integration Method (SIM) and Direct Post Method (DPM) integrations, by using the HMAC-SHA512 authenticated hash. HMAC-SHA512 should be used in place of the legacy HMAC-MD5 authenticated hash.

It also allows you to enhance the security of your transaction responses, by using a different HMAC-SHA512 hash, to replace the legacy MD5 Hash.

To generate your Signature Key:
 
  1. Log into the Merchant Interface at https://account.authorize.net.
  2. Click Account from the main toolbar.
  3. Click Settings in the main left-side menu.
  4. Click API Credentials & Keys.
  5. Enter your Secret Answer.
  6. Select New Signature Key.
  7. To disable the old Signature Key, click the check box labeled Disable Old Signature Key Immediately.
    • Note: If the Disable Old Signature Key check box is not selected, the old Signature Key will automatically expire in 24 hours.
  8. Click Submit to continue. Your new Signature Key is displayed.

Note: The Merchant Interface will present the Signature Key in a 128-character hexadecimal format. However, developers will need to convert the Signature Key into binary format to use it. Please consult the documentation for your scripting language or development framework, for details on how to convert long hexadecimal strings to binary.

Please check your integration method's API documentation for information on using the Signature Key.

Rate This Item