What can we help you with?



02/02/2022 17:03 PM



The Signature Key is a feature that allows you to enhance the security of your Server Integration Method (SIM) and Direct Post Method (DPM) integrations, by using the HMAC-SHA512 authenticated hash. HMAC-SHA512 should be used in place of the legacy HMAC-MD5 authenticated hash.

It also allows you to enhance the security of your transaction responses, by using a different HMAC-SHA512 hash, to replace the legacy MD5 Hash, for more information please see: MD5 Hash End of Life & Signature Key Replacement

NOTE: You must have configured a Signature Key in the Authorize.Net Merchant Interface before you can receive Webhooks notifications. This signature key is used to create a message hash to be sent with each notification that the merchant can then use to verify the notification is genuine. 

To generate your Signature Key:
  1. Log into the Merchant Interface at https://account.authorize.net.
  2. Click Account from the main toolbar.
  3. Click Settings in the main left-side menu.
  4. Click API Credentials & Keys.
  5. Select New Signature Key.
    • To disable the old Signature Key, click the check box labeled Disable Old Signature Key Immediately.
    • If the Disable Old Signature Key check box is not selected, the old Signature Key will automatically expire in 24 hours. This will also impact any use of the Signature Key for transaction response validation for the SHA2 field. If the old Signature Key is not expired the previous key will continue to be used for the hash/response validation.
  6. Click Submit to continue.
  7. Request and enter PIN for verification.
  8. Your new Signature Key is displayed.
NOTE: The Merchant Interface will present the Signature Key in a 128-character hexadecimal format. However, developers will need to convert the Signature Key into binary format to use it. Please consult the documentation for your scripting language or development framework, for details on how to convert long hexadecimal strings to binary.
Please check your integration method's API documentation for information on using the Signature Key.

Was this article helpful?

Articles Recommended for You