We have a WordPress plugin with an Authorize.NET AIM/ARB integration. It's pretty old. We setup subscriptions with ARB, process the initial payment with AIM, and then listen for Silent Posts to know when subscription rebills occur.
Authorize.NET Silent Posts can have an SHA2 Hash to check integrity, using a Signature Key. We support this. Everything has been working fine for years. Then recently, I fielded a complaint that rebills weren't being logged, and I traced this to the absence of the SHA2 hash in the Silent Posts. This is happening both on my dev site using sandbox, and in at least one production instance.
My understanding is that once a Signature Key has been generated on an Auth.NET account, the x_SHA2_Hash parameter should be populated for all Silent Posts. I had generated a key, and in years past everything worked fine, but at this point, no Silent Post contained a value for x_SHA2_Hash.
I regenerated my Signature Key in sandbox, this caused x_SHA2_Hash to be populated in the Silent Post for initial payments, but not for rebills, even on newly-created subscriptions. So I have a few questions:
Can anyone with ARB subscriptions and a Signature Key configured confirm that the Silent Posts are still returning a value for the x_SHA2_Hash parameter on their accounts?
Is anyone aware of a change to expected behavior of Silent Posts since 2019?
Is expected behavior different in sandbox and production?
Anything I need to do, either in the Auth.NET account, or in the XML I send to create the ARB subscription, to reenable the SHA2 hash in Silent Posts for rebills?