Table of Content Direct Post Will Stop Working in Magento Unless You Patch It

Magento Issues Explained

Some of you know, some of you don’t, but the team has been hard at work overhauling their payment API system in order to move to better and more consistent tech.

authorize net api support magento

When previously Magento developers had to deal with completely divided, all-over-the-place APIs for each integration method, soon Authorize will offer everyone a brand new, consistent API set. Yay, future! That’s where you may need to adopt new approaches while maintaining the store’s maximum efficiency. For more details, plunge into our latest to learn how to minimize delays and errors during the payment process.


The new API will serve as an all-purpose API that can integrate all tools regardless of their type. And Authorize team views dumping MD5 hash for SHA-512 as another step towards this unification.

Table of Content

The Move Towards SHA-512

So the goal of the dev team is to move from MD5-based hash to an improved SHA-512 standard. Just so that you understand, MD5 is nowhere enough to offer a good level of security.

MD5 hash has been obsolete for an achingly long time for cryptographic use. It’s a good thing Authorize team decided to replace MD5 with something else. The message that users get is the same:

Action required: update direct post from md5 to sha-512

In 2019 Authorize has already made significant changes to their payment mechanisms. The upgrade towards SHA-512 will be done in two stages:

  • February 11 Authorize turned off the ability to change MD5-Hash settings in the Merchant Interface menu. Those Merchants who have this setting configured have already been emailed of the upcoming changes.

authorise net MD5-Hash_Settings

  • March 7 was when Authorize stopped populating the MD5 field. There are no new values right now, the field is always empty.
  • The end-of-service for MD5 was first announced for March 14, but in order to let everyone adapt to the upcoming changes, the team pushed this date to March 28.

UPD: Good news, Internet! decided to extend the deadline for MD5 hash disablement again. The final date is set to be June 28. Apparently, the payment processor team would like to give store owners even more time to prepare.

Bear in mind that there are a couple of payment methods Magento has. The one that’s about to change is the Direct Post. For Magento store owners on the following platforms this means that the method will stop working on June 28 if they use the native Authorize extension:

  • Magento Commerce up to 1.9.4
  • Magento Open Source up to 1.9.4
  • Magento Commerce 2.0.X, ≤2.1.16, ≤2.2.7, ≤2.3.0
  • Magento Open Source 2.0.X, ≤2.1.16, ≤2.2.7, ≤2.3.0
  • Magento Commerce (Cloud) 2.0.X, ≤2.1.16, ≤2.2.7, ≤2.3.0
  • Authorize.Net Direct Post

So if a Merchant doesn’t apply the patch in Magento Admin Config settings, Direct Post will stop accepting payments and remain broken. This is what happens if you only use the official Direct Post extension.

Depending on the implementation method, some third-party payment extensions that include payments will update automatically and continue to work as expected. And some won’t. You’ll have to ask their respective tech support specialists whether you have to update manually or not.

How to Patch Your Magento 1 or Magento 2 Installation

NOTE: When you update to Magento 2.3.1 or Magento 2.2.8, it will automatically fix your issues.Here’s what you need to do to update Direct Post on M1 before it stops working (works for all Magento 1+2 editions).

Magento 1 Installation Guide

Magento 2.x Installation Instructions

Guide For Magento Cloud

Use for Magento Commerce Cloud to install this patch.

  • Patch only during the build phase of the redeployment. Create a new branch inside the integration branch:
magento-cloud environment:branch <branch-name>
  • Copy the patch file to the /m2-hotfixes directory.
  • Push your changes:
git add -A && git commit -m "Apply patch" && git push origin <branch-name>
  • Once you make sure everything is okay, merge the new branch with the main installation.

After You Install the Fix

  • Go to to get a new signature keyNavigate to Account > Settings > API Credentials & Keys > New Signature Key. Select the key that you need and hit Submit.
  • Enter your PIN to confirm the changes.
  • Now go to your Magento Admin page. Find Stores > Configuration > Sales > Payment Methods > Direct Post. Enter the new SHA-512 key. Hit Save.

Magento 2:


For Magento 1:


That’s it. You are ready for June 28. Congratulations!Don’t have time to install Magento patches? Need a reliable team to help you out with technical issues? Address our to discuss the challenges together.

Related Articles

Magento 2 Security Guide: An Actionable Checklist (Updated for 2024)
Alex Husar
Alex Husar, Onilab CTO

Magento 2 Security Guide: An Actionable Checklist (Updated for 2024)

13 min
Feb 18, 2019
Magento Hosting Guide: Choosing the Best Provider in 2024
Alex Husar
Alex Husar, Onilab CTO

Magento Hosting Guide: Choosing the Best Provider in 2024

14 min
Jan 14, 2019
Why Your Magento 2 Admin Panel Is Slow and How to Speed It Up (Updated 2024)
Alex Husar
Alex Husar, Onilab CTO

Why Your Magento 2 Admin Panel Is Slow and How to Speed It Up (Updated 2024)

15 min
Jul 20, 2023

Let’s stay in touch

Subscribe to our newsletter to receive the latest news and updates.