Magento Question posted in
The official documentation can be found here.

Magento 2.3.1 Authorize.net Payment Method – The authenticity of the gateway response could not be verified

When you place an order using Authorized.Tet as a payment method on Magento 2.3.1
this error shows up

“The authenticity of the gateway response could not be verified”

Can someone enlighten me what this error is all about and help me fix this error?

V1/guest-carts/fYSiT09cTjrNy2T14YzaXPXDlDMjMUUL/payment-information 400 (bad request)


{message: "The authenticity of the gateway response could not be verified.",…}
message: "The authenticity of the gateway response could not be verified."
trace: "#0 /home/eaglesc3/public_html/vendor/magento/framework/Interception/Interceptor.php(58): MagentoCheckoutModelGuestPaymentInformationManagement->savePaymentInformationAndPlaceOrder('fYSiT09cTjrNy2T...', 'roeland@alwayso...', Object(MagentoQuoteModelQuotePaymentInterceptor), Object(MagentoQuoteModelQuoteAddress))
#1 /home/eaglesc3/public_html/vendor/magento/framework/Interception/Interceptor.php(138): MagentoCheckoutModelGuestPaymentInformationManagementInterceptor->___callParent('savePaymentInfo...', Array)
#2 /home/eaglesc3/public_html/vendor/magento/framework/Interception/Interceptor.php(153): MagentoCheckoutModelGuestPaymentInformationManagementInterceptor->MagentoFrameworkInterception{closure}('fYSiT09cTjrNy2T...', 'roeland@alwayso...', Object(MagentoQuoteModelQuotePaymentInterceptor), Object(MagentoQuoteModelQuoteAddress))
#3 /home/eaglesc3/public_html/generated/code/Magento/Checkout/Model/GuestPaymentInformationManagement/Interceptor.php(26): MagentoCheckoutModelGuestPaymentInformationManagementInterceptor->___callPlugins('savePaymentInfo...', Array, Array)
#4 [internal function]: MagentoCheckoutModelGuestPaymentInformationManagementInterceptor->savePaymentInformationAndPlaceOrder('fYSiT09cTjrNy2T...', 'roeland@alwayso...', Object(MagentoQuoteModelQuotePaymentInterceptor), Object(MagentoQuoteModelQuoteAddress))
#5 /home/eaglesc3/public_html/vendor/magento/module-webapi/Controller/Rest/SynchronousRequestProcessor.php(95): call_user_func_array(Array, Array)
#6 /home/eaglesc3/public_html/vendor/magento/module-webapi/Controller/Rest.php(188): MagentoWebapiControllerRestSynchronousRequestProcessor->process(Object(MagentoFrameworkWebapiRestRequestProxy))
#7 /home/eaglesc3/public_html/vendor/magento/framework/Interception/Interceptor.php(58): MagentoWebapiControllerRest->dispatch(Object(MagentoFrameworkAppRequestHttp))
#8 /home/eaglesc3/public_html/vendor/magento/framework/Interception/Interceptor.php(138): MagentoWebapiControllerRestInterceptor->___callParent('dispatch', Array)
#9 /home/eaglesc3/public_html/vendor/magento/framework/Interception/Interceptor.php(153): MagentoWebapiControllerRestInterceptor->MagentoFrameworkInterception{closure}(Object(MagentoFrameworkAppRequestHttp))
#10 /home/eaglesc3/public_html/generated/code/Magento/Webapi/Controller/Rest/Interceptor.php(26): MagentoWebapiControllerRestInterceptor->___callPlugins('dispatch', Array, Array)
#11 /home/eaglesc3/public_html/vendor/magento/framework/App/Http.php(136): MagentoWebapiControllerRestInterceptor->dispatch(Object(MagentoFrameworkAppRequestHttp))
#12 /home/eaglesc3/public_html/generated/code/Magento/Framework/App/Http/Interceptor.php(24): MagentoFrameworkAppHttp->launch()
#13 /home/eaglesc3/public_html/vendor/magento/framework/App/Bootstrap.php(258): MagentoFrameworkAppHttpInterceptor->launch()
#14 /home/eaglesc3/public_html/index.php(92): MagentoFrameworkAppBootstrap->run(Object(MagentoFrameworkAppHttpInterceptor))
#15 {main}"
Tags:

3

Answers


  1. 0

    Looking at the source code this error seems to center around the hash used to verify the response. The transactionResponse->transHashSha2 and transactionResponse->transHash both appear to be either empty or the hash itself isn’t valid.

    Your version of Magento seems to support this change and indicates what you need to do to resolve this. Since you are using a version of Magento that supports this change you probably have to make a change to your Authorize.Net account. Make sure you:

    1. Get a new Authorize.Net signature key
      1. Log into the Merchant Interface at https://account.authorize.net.
      2. Click Account from the main toolbar.
      3. Click Settings in the main left-side menu.
      4. Click API Credentials & Keys.
      5. Select New Signature Key. Review the options available.
      6. Click Submit to continue.
      7. Request and enter PIN for verification.
      8. Your new Signature Key is displayed. Copy this key to add to your Magento Admin configuration.
    2. Update your Magento configuration
      1. Log into the Magento Admin.
      2. On the Admin sidebar, click Stores. Then under Settings, click Configuration.
      3. In the panel, click Sales then Payment Methods.
      4. Expand the Authorize.net Direct Post section.
      5. In the Signature Key enter the SHA-512 Signature Key.
      6. Click Save Config.
    Login or Signup to reply.
  2. 0

    We had exactly the same issue migrating from Magento1 to Magento2.3.1 specifically for the authorize.net conversion.

    I made the mistake of going to authorize.net and creating a new signature BEFORE creating a new transaction key.

    After much reading (and some help from https://www.solvature.us/) we discovered that the order of creation is just as important as the new creation of keys.

    First create a new transaction key (remember, this may affect active integrations so be careful). Second, create the new signature.

    Hope this helps.

    Login or Signup to reply.
  3. 0

    Just worked through this same issue on 2.3.3. I ran into it after generating new keys for our development server using authorize.net’s sandbox. Thought I might have generated the keys in the wrong order (per the answer by glsAdmin) but the generation times were in proper order. I debugged the transaction response and the necessary data was there (transHashSha2 was populated). So, what was wrong?

    In my case it was resolved by regenerating the keys and checking the boxes “Disable Old Transaction Key Immediately” and “Disable Old Signature Key Immediately” when generating the new keys on Authorize.net.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search