Foxy Forum Status

We're no longer responding to questions via our forum, but we will keep it up for historical reasons. If you can't find the answer you're looking for, please visit our knowledge base or contact us. If there's enough interest in the future, we may bring the forum back.

HMAC validation error

AkashAkash Member
in Help edited January 2014
Hi all,
I have just started converting things to support HMAC validation. I have enabled on the store domain too.
Few things I wanted to know :
1) Any link that explains type of errors/warnings foxycart returns in case of incorrect data passed to it.
2) Do my custom options need to be HMAC coded before I add items to cart?
3) I have gone through this article ,
I have a case , where I am using a custom option known as "productid" that has the value the HMAC option "code" has.
So i pass, "code" in HMAC way, and productid in plain format to cart, and I get the error as
<strong>Cart Validation Error</strong>: 1:productid_hash_present
Is it because the value is shared between "code" and "productid" ?

4) Do we need require HMAC validated query string even when we are updating or delete a record? Just because, we only change the quantity.

5) I am concerned about all the above things, because I am sending async request for all above requests, using Custom Cart , so I manipulate foxycart json response to fit into my data structure. And HMAC is making my life a bit complex now o_o.

Actual link :||7268b891bcb762f01ca3f98c6ad9af5ddf72943aef84f670fb62d35a4bc04ae8=HP%20LaserJet%20M1136%20Pro%2017&
  • winstonwinston FoxyCart Team

    I apologize for the delay in responding to this. I'll run down the best answers here:

    1) I don't know that we have the errors documented, but if you're having trouble diagnosing a specific one, we're happy to help

    2) The general idea of HMAC is it's binary - either it applies to all parts of the product, or to none. So you either encode custom options or you mark them open.

    3) That error is because the field is not signed, not because the values are the same.

    4) What do you mean by "updating or deleting" a record? Updating generally just means you're updating the quantity, which doesn't require signing, and deleting does not require signing.

    5) Could you clarify what you're trying to do with the async requests?
  • @winston

    First of all thanks for your detailed reply :-)

    After researching for few more hours , I got to know that I do not require to pass the signed request while "Updating" and "Deleting" items from cart.

    I felt that If i require signed data while updating and deleting, then I wont be able to do so, as I have my own Cart UI/Page that is populated with fc_json [manipulated for my custom cart.] , and I do everything with javascript , then I wont be able to created Signed HMAC data.

    And regarding the 2nd point, I hope that their could have been some option, where we can send some data that does not need to be HMAC signed, as we do not care if it gets changed, so why do we need to code/write something for them ;)

    Thanks again!

  • winstonwinston FoxyCart Team

    On the second, if you don't care if it gets changed then you definitely want to mark that as an "open" field. It's still HMAC signed, but the value itself is not signed. Check out more info here:
Sign In or Register to comment.