If you’re using WooCommerce’s Authorize.net DPM (Direct Post Method) plug-in for handing off credit card transactions to Authorize.net’s payment gateway you may run into the following error:
The first test is to check that your API Login ID and Transaction key are correct. (Follow the setup instruction here.)
Unfortunately, the documentation on the above-linked page says that if you’re receiving the above error, “Your API login or transaction key is incorrect. Check them.”
Well, I DID, and it still ain’t working, thank you very much!
Update: The plug-in documentation now includes a note about Error Code 97.
This plug-in would be MUCH improved if it actually returned error codes when something goes wrong. Authorize.Net has a nice list of Error codes and what they mean.
Update: The plug-in authors have told me they will include error codes in a future release.
Long story short, after many hours down the rabbit hole, I discovered that my server’s clock was the cause of the problem.
I chanced upon Authorize.Net’s “Response Code 97 Tool” and discovered that the difference in time between my server and Authorize.net’s servers was 26136 seconds off. That’s 7.26 hours off!
Per the Response Code 97 Tool documentation:
Response Code 97 indicates that the transaction fingerprint created to authenticate a Simple Integration Method (SIM) transaction has expired. This error is received when the timestamp value submitted in x_fp_timestamp is either 15 minutes ahead, or 15 minutes behind in Greenwich Mean Time (GMT) (this is the equivalent of 900 seconds ahead or 900 seconds behind in Coordinated Universal Time, or UTC).
The Response Code 97 troubleshooting tool validates whether the value you submitted to Authorize.Net for x_fp_timestamp is a valid timestamp. Valid timestamps must be formatted in UTC, which is the number of seconds since 12 AM, January 1, 1970.
To troubleshoot a Response Code 97, check the following:
- Verify that the time on the Web server that hosts the SIM script is configured correctly to the GMT time zone. You can also modify the SIM script to format UTC.
- If you are having consistent problems with your timestamp, make sure that the Web server that hosts your SIM script employs a Network Time Protocol (NTP) to regularly update the time.
- Be sure to account for daylight savings time.
In order to check the value of x_fp_timestamp being sent from your checkout page to Authorize.Net, view the source code on the last checkout screen (the screen which displays the credit card fields).
Search for the string “x_fp_timestamp” and copy the value.
Copy this value (which is in Unix time) and paste it into the Response Code 97 Tool.
If the difference is more than (+ or -) 900 seconds, then your transaction will be rejected.
Sure enough, as soon as I adjusted my server’s time the problem was solved. No more errors!
I hope this helps someone else. Let me know in the comments!