April 19, 2015

April 19, 2015
In this article, we are going to discuss about How to integrate and setup the Authorize.net Direct post method in Magento. Authorize.net's Direct Post Method of payment gateway integration is a great option for Magento sites because it allows for a seamless customer experience while simplifying PCI compliance by keeping all sensitive credit card information off of the Magento server. Configuring Magento for use with Direct Post Method (DPM) is supposed to be quick and easy and it can be as long as you aware of a few less than obvious steps.

Step 1 :

Make sure that your Authorize.net account is a "Card Not Present" (CNP) account. You can confirm whether or not your Authorize.net account is setup for CNP transactions by logging in to the Merchant Account Admin and verifying that you have CNP features like Recurring Billing and Fraud Detection Suite listed in the Tools section.

If you do not see these options or you get errors like "Transactions of this market type cannot be processed on this system" when attempting to authorize payments, the issue is most likely that the account is setup for card present transactions only. If you are using a test account the easiest solution is to just create a new account and make sure to select Card Not Present.

Step 2 :

Make sure to set an MD5-Hash. DPM uses an MD5-Hash as a sort of secret key that is set in in the auth.net merchant admin and the Magento admin to help secure comminication between your magento store and auth.net. If during checkout, after entering credit card information and clicking "Place Order", you get a pop-up alert saying "Response hash validation failed. Transaction declined." the problem is most likely that this is not set.

Step 3 :

Set an MD5-Hash in the Authorize.net merchant admin under Settings > Security Settings > General Security Settings > MD5-Hash. Then enter that same value in the Magento Admin under System > Configuration > Payment Methods > Authorize.net Direct Post > Merchant MD5.

Step 4 :

Make sure that your server's time is set correctly. DPM makes use of a timestamp as a security measure and to help synchronize requests. If the server's time is incorrect you may receive a pop up stating "Gateway error: This transaction cannot be accepted." This is a generic error message. To get more specific error information you can go into app/code/core/Mage/Authorizenet/Model/Directpost.php and either log or dump $response in function process() by doing something like var_dump($reponse); die(); to output the response from auth.net.

If you get a response code 3 with a response reason code of 97 the timestamp value submitted in x_fp_timestamp is either 15 minutes ahead, or 15 minutes behind in Greenwich Mean Time (GMT) (this is the equivalent of 900 seconds ahead or 900 seconds behind in Coordinated Universal Time, or UTC).  You can test your timestamps accuracy using this tool http://developer.authorize.net/tools/responsecode97/ .

On linux you can get the server time using the date command. If it is incorrect consider setting up Network Protocol Time by doing soething like this: http://alienlayer.com/install-and-configure-ntp-to-synchronize-the-system-clock-on-centos/

Step 5 :

Make sure to set the Gateway URL correctly. For test accounts Test Mode should be set to NO and the Gateway URL should be set to https://test.authorize.net/gateway/transact.dll. For Live accounts this should be chagned to https://secure.authorize.net/gateway/transact.dll

Other than that the configuration is pretty straightforward. In the Magento Admin the Authoize.net Direct Post configuration should look something like this:

I hope this helps get you up and running with this very simple and secure payment method. Please feel free to drop any questions in the comments.


  1. Hi,
    I have set md5-hash both at authorize.net and magento backend however still get transaction declined error.