Jump to content

Authorizenet (authnet) Error 99


Recommended Posts

This is very important. Look at the following carefully:

raw_fingerprint: - LOGIN CODE ^151205-183841-14691449362323^1449362323^21.41^

Did the raw_fingerprint value actually contain a space after the (real) LOGIN CODE? Or is the space after LOGIN CODE a typo made by you when you were editing out the real Login Key when composing the above post?

If there really is a space after the (real) Login Key between the Key and the first caret ('^'), then you may have a rogue hidden character, a trailing space, in CubeCart's Authorize control panel setting for the Account ID (really the Login Key). That happens mostly when one copies from a web page and pastes in a text field, as opposed to entering a value manually.

Link to comment
Share on other sites

There is a space there.

I removed the space.Tested and still got the 99 error. I'm thinking of going back to the Authnet website and generating a new transaction key and loading it in place of the current one.

After the test here is the error info.

Today, 08:07     [Unknown ()] raw_fingerprint: - ***********^151206-080701-69941449410823^1449410823^351.70^
    Today, 08:07     [Unknown ()] txn_key (ignore the carets): - ^****************^
    Today, 08:07     [Unknown ()] encode method: - hash_hmac
    Today, 08:07     [Unknown ()] x_login: - ***********
    Today, 08:07     [Unknown ()] x_fp_sequence: - 151206-080701-69941449410823
    Today, 08:07     [Unknown ()] x_fp_timestamp: - 1449410823
    Today, 08:07     [Unknown ()] x_amount: - 351.70
    Today, 08:07     [Unknown ()] x_tran_key: - ****************
    Today, 08:07     [Unknown ()] x_fp_hash: - e7907fae6857e38df4b92ebff4ec4e1c

I did notice in the raw_fingerprint, while it does have:

  • x_login
  • x_fp_sequence
  • fp_timestamp
  • x_amount

it does not appear to have the txn_key (x_tran_key) info.

Unless the error code is cutting off at a certain number of spaces. So before generating a new transaction code, is there a way to double check that the x_tran_key is being picked up in the fingerprint?


I am using the Authorize.net Payment Gateway version 1.1.1

CubeCart 6.0.8


Link to comment
Share on other sites

The transaction key (txn_key) is used to encode the fingerprint. It is not included in the fingerprint nor sent separately.

In constructing the fingerprint, the four data items are put in a specific sequence and separated by carets (with a trailing caret and with an optional currency code).

Authorize.net uses the same four data items sent along with the fingerprint, constructs the sequence the same way, and uses your txn_key that it has on file that matches your Login Key to create its own fingerprint. If the fingerprints match, that is, if the data is exactly the same, constructed the same way, and encoded the same way with the same txn_key, then all is good.

Only CubeCart and Authorize.net knows the txn_key. The web page sent to the customer, and the form submission on that page, will never include it.


Link to comment
Share on other sites

I did another test.

I created a cubecart cart on a different host, using a different domain.

I installed the USPS module and Authorize.net module.

did a test order with the test product, and got the 99 error.

I then tried using the Authorize.net module 1.1.0 rather than 1.1.1

Got the 99 error again.

The URL to the old cart is


Is your store using the current version of CC?

Is it using the current version of Authnet 1.1.1


Out of total frustration, I switched to AIM and it worked perfectly. The order was processed, charge showed in Authnet.

I don't understand why it works with AIM and not with SIM.

Link to comment
Share on other sites

Here's a weird one--

I created a test file:

$module = array('acNo' => "123",'txnkey' => "456");
$basket = array('total' => "123.45");
$fp_sequence 	= '2'; // '123456-123456-1234'.'1449433599';
$fp_timestamp 	= '1449433599';
$fingerprint 	= _getFingerprint($module['acNo'],$module['txnkey'],$basket['total'], $fp_sequence, $fp_timestamp);

echo '<br />module: '; print_r($module); echo '<br />basket:'; print_r($basket);
echo '<br />x_fp_sequence: '; print_r($fp_sequence);
echo '<br />x_fp_timestamp: '; print_r($fp_timestamp);
echo '<br />x_fp_hash: '; print_r($fingerprint);
function _getFingerprint($api_login_id, $transaction_key, $amount, $fp_sequence, $fp_timestamp) {
echo '<br />raw_fingerprint: '; print_r($api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^");
echo '<br />txn_key (ignore the carets): '; print_r("^".$transaction_key."^");
    if (function_exists('hash_hmac')) {
echo '<br />encode method: '; print_r('hash_hmac');
      return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key); 
echo '<br />encode method: '; print_r('bin2hex_mhash');
      return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));

This uses incredibly simple values for the test.
Raw Fingerprint: 123^2^1449433599^123.45^
Key: 456
The hash returned is: 6de7b34a688454ea16625224e8bb936e

I then used an online hash generator at http://www.freeformatter.com/hmac-generator.html

It returned the same hash.

I then used the Authorize Error Checker at https://developer.authorize.net/api/reference/responseCode99.html

It returned a different hash.

So, I'm thinking there is something wrong with Authorize.net.

Link to comment
Share on other sites

Interesting. Have you double checked your cart and tried to process an order from Authnet?

Should we both contact Authnet with what happened with your test and tell them they are screwed up?

The processing for me is working when I use AIM, it is giving me the 99 code when I use SIM.

I would much prefer to use SIM as I think it is safer for me security wise, and the ability to check decline codes etc.

Link to comment
Share on other sites

New Info

I just had another long conversation with Authnet suport

One of the possible reasons for the error is I had not set a hash code on the authnet site.

I did that while on the line with authnet support.

The question now is, where do I put the code for the MD5 Hash setting in the authnet module?

Also, the support person told me the SIM should be sending the info to


as opposed to



Link to comment
Share on other sites

There is no such instruction in the Developer's docs that says a hash code must be set in the merchant account's settings panel. And I do not recall doing that for the times I created an Authorize.net account.

I can log into my Authorize.net account and look around -- what did Authnet support say to do?

The documentation says secure is "legacy" but still operational. And so it is with the store I manage.

Link to comment
Share on other sites

The tech I spoke with suggested that may be the reason. And when we looked at the fingerprint we saw there was no Hash being sent over in it.

She said she personally prefers to use AIM as there is more flexibility, though with SIM it is easier for Authnet support to find info as it stays on their site rather than being processed on an AIM site.

On my site, AIM is working but SIM is not.

Link to comment
Share on other sites

"when we looked at the fingerprint we saw there was no Hash being sent over in it"

The fingerprint is a hash. Actually, among the form data sent to Authnet, there is a hidden input, "x_fp_hash" and it's value is a 32-character string of letters.

Was the tech able to see that the 32-character string of letters was not there?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...