Visa Developer Community

Highlighted
Helper

Token validation Failed for VPP API

Hi,
I am able to complete the two way-ssl authentication for the hello world API. 
However when trying out the refund API(https://sandbox.api.visa.com/acs/v1/payments/refunds), I am getting the following error:

{"responseStatus": {
   "status": 401,
   "code": "9210",
   "severity": "ERROR",
   "message": "Token validation failed",
   "info": ""
}}

I am encrypting the body with the server_encryption public key, downloaded from the key tab. 
Request

POST <a href="https://sandbox.api.visa.com/acs/v1/payments/refunds" target="_blank">https://sandbox.api.visa.com/acs/v1/payments/refunds</a> HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Authorization: Basic RFdJTENLOTFCRTU3SFFKWTQ3TUoyMURvZDJYQXJKUk9ESHJXQ1lvQ0ZlY3VEUnZPczpjNHBBNDJndWxuQkhqZ3R3NENrOFhFMW9OMHY=
Accept: application/json
keyId: 8121367b-cf74-410a-9325-ae979d778dd8
Content-Length: 911
Host: sandbox.api.visa.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

{"encData":"eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNTYzMTY4MjcyMTU0LCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiI3MzdjYjE2Ni00ZWQ1LTRhMzktODljMy1lZDY0NDM1NDc4YWMifQ.fUbu4rH4Z8bfqkXJelxB3h-1gsHZpCouhMzMqnNT9UxUMQK9416tPh7_AN6UlPB0ElW5WBIUPoWXPEy33mqrJJWJVlL9JVoSpHxey03-T8swq3EsPpYeWVIVzjdJCXsm0nmvz6Sxjk1Gpl98UAcZWCji1Id_0twEgn-SdRFO_odkVAyNP2sa8cjOIXoiTUCwSEW7CDvkSE3tYgokYCtIbwW7EqAxBJ8WFaa792WFoDRg0Ww07BcM1xk2F-Iauq4ezSsbnvB6Mfs1qAz6j8oDLBwCGzzBUZYSsa7jMA7_xsfZLMhdWTIa9PwmirwVmXkQfVambDD1C_e64zKz5C5RsQ.jVA3jZBy3sjOjJar.4xXsS7WoMjB5IBbN7cT5pk7VqL1IEsfRGpoMf2ixNGKU2wKueiCVBuKQ33ABO1rHKYz4WhT3RBQJ0T9_sJydfFdjj2WxhIjFNm6HgF_qwhPepY1uvmsBtOWUbtVj8cS_H2zCJ3aLi-CPwXhXB_GJqVBKGridUkK006XAlXzzJujYbTHq2PahqsME5kA0-kjgJu2mUgYc3ZR-hahoPS8jfU0oFtO0U54x9CNLMPfH-0Yr2A270_JU3L5LxXrCZUl9DUcM_KjflOyDwnov0xR4PFWiYOz1wzs3xbiCZ0o8cRcdbQQ7zi8yKhdJCd-wQdAh2UboMviObUiZYCt-mR6oFpoKL0IeeKJcEf3bOMmYKzchXfsXZ8myr0o.7vY6URXhzdte1Gzo-3bX5Q"}

Please help me resolve this issue. 


9 REPLIES 9
Highlighted
Visa Dev Moderator

Re: Token validation Failed for VPP API

Hey @kranti-rzp,

 

To further investigate, please provide the following information:

1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body

Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Thanks,
Diana

Highlighted
Helper

Re: Token validation Failed for VPP API

Hey Diana,

 

I am facing the issue across APIs in VPP.

The end points being:

https://sandbox.api.visa.com/acs/v1/authorizations
https://sandbox.api.visa.com/acs/v1/payments/refunds

For the Authorization API, the curl request is:

 

curl -X POST \
https://sandbox.api.visa.com/acs/v1/payments/authorizations \
-H 'Accept: application/json' \
-H 'Authorization: Basic NVIwVjEzQlExRUkwWVFRWE5KQ0IyMUN3eUhjU0g4MmJmUktneHROZTZVRkhGLXV0ODowcGtMc3VrQXdY' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json' \
-H 'Host: sandbox.api.visa.com' \
-H 'Postman-Token: 72b3907b-2663-4bc6-be31-6e289bbb72f1,c37de1f1-1a46-4e3e-82cb-792c361f98a3' \
-H 'User-Agent: PostmanRuntime/7.15.0' \
-H 'accept-encoding: gzip, deflate' \
-H 'cache-control: no-cache' \
-H 'content-length: 1064' \
-H 'keyId: bdee29f0-32e9-44f7-a36d-a3308a6cb0ca' \
-d '{"encData":"eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNTYzMTg0MjIxMTY2LCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiJiZGVlMjlmMC0zMmU5LTQ0ZjctYTM2ZC1hMzMwOGE2Y2IwY2EifQ.uDW_8vKqHm7lFuZw-o-FG6zJ5rh4E0UzFyLXZXUn3MG4tmGTRlcKEb0DtScQY9xdVHyR5U9y1eJT0Z8hTf7i5GhD9P98iwt0K5QfyOZhK_Ghd-OhKCbH26vYhT52hAPZqwer9KpsjCqRqkYC950BqHvoDIpkkZJpyBu0nU_shjJ-x3wuI9KcsFUtLMb4JxcJAgkTay4hsvLoNqVCb8ybcqVFGsrZWnQEujR-CVSGG4Idpk-0NZDv4c_9GkiFNKQOeEHWu5Yx4O_ZVuw3MXkIFb8_RDvSPbv9JWgSBrg32HQIsTrQfGPy6UyEC7ub3T_-aJTogsPfzEQ7s7cq4MjCSQ.gxC3qNqWZA3-41BJ.HDQfIpYHAWZbHG-dN8HhubOtUYN8OnOYSQgevsroiyW6BSVxLabgxBFSNGWug-ttN-4ZJSM28jgEbn_DKgAbyIPsm0Ydfde4Rkx11dLksB5r0La_SPLd1DlXcmqgZxjZoEwHoPVNwV-y_A-7mHtbWReVNfi8-TGkK4okec4K7XghWp2PPHMz66UcafH8mVcaRvCv6Q-Fr9PcTK6F44yepMmm71UDoGlRYAUHQVE8hpytaQOiY0yZu1xWe0waY4UgXS7WPRVC121EJJQbPUc6mmaxSeR4gtlzAY5vIER8EvRNFMxhNiOC_E-oc-4ATZ2P5H8DZj46_HTxBtuuQLNlFsRla3rTxbh9ltbO3crBY--OtCLC3YY94O78A5EMeB-VQ4_x0fJs_T2t9E32LNGSxuQPmF9T6S3qcmmajWEpw77f4wNrkbCBz0LyLUtMIV9kfA0w8b6usRGiEC0Q_toqR0m1feYkivZClDAnZIWAlSVHuD_ZAB34CPNhaTatjfxGPsXnA2zlbzfbR8VJ.7Y52x8jzlR_yAXXYH0fiNQ"}'

 

Tried this in Postman, and have also added the certificates. Two way SSL handshake is successful, have been able to get response in the Hello World application.

However, the encrypted data seems to have some issue.

Highlighted
Helper

Re: Token validation Failed for VPP API

Hi Diana,

 

I tried it over SoapUI.

 

X-CORRELATION-ID: 1563254410_042_96_l73c033_VDP_ARM

 

Response body:

 

{"responseStatus": {
"status": 401,
"code": "9210",
"severity": "ERROR",
"message": "Token validation failed",
"info": ""
}}

Highlighted
Helper

Re: Token validation Failed for VPP API

Hi,
I was able to resolve this issue. I was not passing the "keyId" in the header of the JWE object. 
Also the encrypted data has a short life span, so it needs to be immediately tested out after its creation.

This issue can now be closed.

Tags (1)
Highlighted
Visa Dev Moderator

Re: Token validation Failed for VPP API

Hey @kranti-rzp,

 

Thanks for letting us know how you resolved the issue and thanks for confirming that we can close this issue out as resolved! It's great to hear your making progress and of your successful test results!

 

 



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Thanks,
Diana

Highlighted
Helper

Re: Token validation Failed for VPP API

Hi,

I'm getting the same issue, here is my raw request, can you please check and identify what am I doing wrong.

 

 

POST https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Authorization: Basic Uzg5S0NXMUFBQzlOWkxHWFpBQlYyMS1wdXdod01IMGs4UVNOeWR5ZXVueWlzOTdDczp4SVpBeFBBc25taWZjMjU1MnVPV3cyQUdXMWlyQWM5
Accept: application/json,application/octet-stream
X-CORRELATION-ID: 09465302022020_042_96_l73c033_VDP_ARM
keyId: 9decd3b4-7b48-47a3-8433-74d1f5484a06
Content-Length: 1570
Host: sandbox.api.visa.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

{"encData":"eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNTgzMTY4MDYwNzU1LCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiI5ZGVjZDNiNC03YjQ4LTQ3YTMtODQzMy03NGQxZjU0ODRhMDYifQ.eKIRaQUZ98qIdT69Bx79bKvRMI3nOYzF5yx3acHawANxCWLgEIAYY_F5K6bENL2Or_O8F3QcvFmDJP3UuO2DokCtZ6H4XMnYHAyObC54d45d0o94JK_lMh851KrLC0-m9KFo56a5rqS7IwDupfKf7w1vn5uEQeIeEet6Kv18rG8jT1vZdbv5sDJP2yA9O2w8L4f0p8188RtrgiO5zXNJ3gW0F1kmFjwPm_y4Hl8zYUwZ0muATMJ7ATjkJoCLJdTIVqOxdpVQ2yhL_dl7kWtd9-4VLFTpEFyVPehQwH5EdhCxcB3eX2qCi_cMuhDsWyKoVh2ClCViGefeSBzJ1URuWg.-XBEKSsUL2uN3KkQ.yuoOPPeFJIqAq1UxpazwkJndQgzlG_-okWP56JFjI4CEClzgL4fF1PfTUweLyx1145Yx1S2bSVnkZFjXPZ_OCqtHo0EHVq9AWZdA30oxr-VozzgeenO6bDHFIX4R64Yging9_RiF954CPsr_41VzVpJWGKY5RrCOPlDjZHxHbi1UosPEGfFHrt3rqlOp9Q_Xzy9f5Zn4im19cA84-SmazOmIIxpOvRVKv283NotmLcl1NYG3kYy_lY_RgRCk4Mgca-aUv8vbWctBPlJyPPA_S_9doLY2nSCyYtike_UJYFPbRXKkk8V3-nKxLxpgtvN8AU09fHrR7lEn8lvLDXzKi5_cW_QHHwN4jmFuIdbPIQXJbECDlYorgBFVaP5m88MVNc1Bxlhdou7Mrj18IgmP67aHXQhFdgLQsk4D20M4k9R-T5CQcrQyFK88-3fGv8RdVGI408DXUWeEi5rBEyK4JhpZA8wz4Y1e687LFJ0RNrZqGCNX9JdLIQW7HurDMsT-hOxg3qd981SjgjicEWP-kDtFTS_RI1DIAW6IEAoXqcCTq3s8bhkhCk42WcTLoLXY1opId1Q18aCOZdYnYH1RT9XLX5Wj6VAJxZzbBBcaYPkiI1CwZLbcsgoZpLUJ93COpfsjva29lQCi6Qy_lMSC8SM0dq20GWAJE0lZWBMt0x4TqcH7n5iWEAWpbDVUPa7eTNMwptzXI2RkQbIOe9osFagAd0TDWk4dt2NrzDbLdSc_o4GRqYXCUnDxpx6SrLgA-YuYqKp7O9Fzq1PcKhmcTrz980v9VQVXDYuvSUoONalUxGuvOLwvm0Y5Busb6GNOQW_49AirfoejolEudHQlOniGGPWr0zZLqHQeD9FgKApzxGa7YXfCRoccN5BB2ZnLcwAse3QgL6GnR-fnTv-8VaA8Ypg06u9LIRfuU5H8d2xbcywAYPu4UwzXmCZXTuzVyaHVjOhYE5l4kK0sJUuhn82ruNS3S8xJa0woZs-F3rwe6CZyMCXsvRN4L7JVOnV1mE8QWLH5SQ.I99-isaatt077d2OCikj_w"}

 

 

Response: 

 

HTTP/1.1 401 Unauthorized
Server: nginx
Content-Type: application/json;charset=UTF-8
Content-Length: 112
X-SERVED-BY: l73c013
X-CORRELATION-ID: 1583081270_627_748839424_l73c013_VDP_WS
X-APP-STATUS: 401
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2592000;includeSubdomains
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Date: Sun, 01 Mar 2020 16:47:50 GMT
Connection: close

{"responseStatus":{"status":401,"code":"9210","severity":"ERROR","message":"Token validation failed","info":""}}

Highlighted
Visa Dev Moderator

Re: Token validation Failed for VPP API

Hey @Anees,

 

I'm happy to help you resolve the issue. Can you please let us know if you're using VDC Playground for your sandbox testing? We recommend you to use VDC Playground to test.  

 

We recommend you to use the VDC Playground tool for your testing. Can you please download this tool from your project dashboard > Assets section and test from there?

20190801 Assets tab.png

You can find the guide on Getting Started with VDC Playground from this blog post here - https://developer.visa.com/pages/visa-developer-center-playground

 

I also just ran a sandbox test and I was able to get a successful 200 OK test result. Please see my request/response payloads below and refer too the screenshot.

 

Request

 

{
"amount": "124.05",
"localTransactionDateTime": "2020-03-02T19:17:54",
"secondaryId": "123TEST",
"recipientPrimaryAccountNumber": "4123640062698797",
"cardAcceptor": {
"address": {
"country": "IN",
"city": "KOLKATA"
},
"idCode": "CA-IDCode-77765",
"name": "Visa Inc. USA-Foster City"
},
"senderReference": "",
"acquirerCountryCode": "356",
"acquiringBin": "408972",
"retrievalReferenceNumber": "412770451035",
"purchaseIdentifier": {
"referenceNumber": "REF_123456789123456789123",
"type": "0"
},
"systemsTraceAuditNumber": "451035",
"senderName": "Jasper",
"businessApplicationId": "MP",
"settlementServiceIndicator": "9",
"merchantCategoryCode": "5812",
"transactionCurrencyCode": "356",
"senderAccountNumber": "4027290077881587"
}

 

 

Response

 

{
"transmissionDateTime": "2020-03-02T19:18:22.000Z",
"approvalCode": "21324K",
"settlementFlags": {
"settlementServiceFlag": "9",
"givUpdatedFlag": "false",
"settlementResponsibilityFlag": "true",
"givPreviouslyUpdatedFlag": "true"
},
"merchantCategoryCode": 5812,
"transactionIdentifier": 100690038274993,
"cardAcceptor": {
"address": {
"country": "IN",
"city": "mVisa City"
},
"idCode": "MvisaMerchant-1",
"name": "mVisa Merchant",
"terminalId": "MER-ID00"
},
"actionCode": "00",
"retrievalReferenceNumber": "412770451035",
"purchaseIdentifier": {
"referenceNumber": "REF_123456789123456789123",
"type": "0"
},
"merchantVerificationValue": "0A45AF98FC",
"responseCode": "5"
}

 

 

Response Header

 

Status Code: 200 OK
Server : nginx
Content-Type : application/json;charset=UTF-8
Content-Length : 627
X-SERVED-BY : l73c013
X-CORRELATION-ID : 1583176702_158_943378539_l73c013_VDP_WS
X-APP-STATUS : 200
X-APP-STATUS : 200
X-Backside-Transport : OK OK,OK OK
X-Global-Transaction-ID : 69536f0d5e5d5bfe26c190e5
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=2592000;includeSubdomains
Cache-Control : no-cache, no-store, must-revalidate
Pragma : no-cache
Expires : -1
Content-Language : en-US
Date : Mon, 02 Mar 2020 19:18:22 GMT
Connection : keep-alive

 

20200302 VD mVisa merchantpushpayments 200OK.png

 

 



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Thanks,
Diana

Highlighted
Regular Visitor

Re: Token validation Failed for VPP API

Hi Diana,

Actually I'm implementing Message Level Encryption and got this {"responseStatus":{"status":401,"code":"9210","severity":"ERROR","message":"Token validation failed","info":""}} when call the service . I encrypt the json message using java and then put the encrypted message in soap ui .

 

POST https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Authorization: Basic Uzg5S0NXMUFBQzlOWkxHWFpBQlYyMS1wdXdod01IMGs4UVNOeWR5ZXVueWlzOTdDczp4SVpBeFBBc25taWZjMjU1MnVPV3cyQUdXMWlyQWM5
Accept: application/json,application/octet-stream
X-CORRELATION-ID: 09465302022020_042_96_l73c033_VDP_ARM
keyId: 9decd3b4-7b48-47a3-8433-74d1f5484a06
Content-Length: 1570
Host: sandbox.api.visa.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

{"encData":"eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNTgzMTY4MDYwNzU1LCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiI5ZGVjZDNiNC03YjQ4LTQ3YTMtODQzMy03NGQxZjU0ODRhMDYifQ.eKIRaQUZ98qIdT69Bx79bKvRMI3nOYzF5yx3acHawANxCWLgEIAYY_F5K6bENL2Or_O8F3QcvFmDJP3UuO2DokCtZ6H4XMnYHAyObC54d45d0o94JK_lMh851KrLC0-m9KFo56a5rqS7IwDupfKf7w1vn5uEQeIeEet6Kv18rG8jT1vZdbv5sDJP2yA9O2w8L4f0p8188RtrgiO5zXNJ3gW0F1kmFjwPm_y4Hl8zYUwZ0muATMJ7ATjkJoCLJdTIVqOxdpVQ2yhL_dl7kWtd9-4VLFTpEFyVPehQwH5EdhCxcB3eX2qCi_cMuhDsWyKoVh2ClCViGefeSBzJ1URuWg.-XBEKSsUL2uN3KkQ.yuoOPPeFJIqAq1UxpazwkJndQgzlG_-okWP56JFjI4CEClzgL4fF1PfTUweLyx1145Yx1S2bSVnkZFjXPZ_OCqtHo0EHVq9AWZdA30oxr-VozzgeenO6bDHFIX4R64Yging9_RiF954CPsr_41VzVpJWGKY5RrCOPlDjZHxHbi1UosPEGfFHrt3rqlOp9Q_Xzy9f5Zn4im19cA84-SmazOmIIxpOvRVKv283NotmLcl1NYG3kYy_lY_RgRCk4Mgca-aUv8vbWctBPlJyPPA_S_9doLY2nSCyYtike_UJYFPbRXKkk8V3-nKxLxpgtvN8AU09fHrR7lEn8lvLDXzKi5_cW_QHHwN4jmFuIdbPIQXJbECDlYorgBFVaP5m88MVNc1Bxlhdou7Mrj18IgmP67aHXQhFdgLQsk4D20M4k9R-T5CQcrQyFK88-3fGv8RdVGI408DXUWeEi5rBEyK4JhpZA8wz4Y1e687LFJ0RNrZqGCNX9JdLIQW7HurDMsT-hOxg3qd981SjgjicEWP-kDtFTS_RI1DIAW6IEAoXqcCTq3s8bhkhCk42WcTLoLXY1opId1Q18aCOZdYnYH1RT9XLX5Wj6VAJxZzbBBcaYPkiI1CwZLbcsgoZpLUJ93COpfsjva29lQCi6Qy_lMSC8SM0dq20GWAJE0lZWBMt0x4TqcH7n5iWEAWpbDVUPa7eTNMwptzXI2RkQbIOe9osFagAd0TDWk4dt2NrzDbLdSc_o4GRqYXCUnDxpx6SrLgA-YuYqKp7O9Fzq1PcKhmcTrz980v9VQVXDYuvSUoONalUxGuvOLwvm0Y5Busb6GNOQW_49AirfoejolEudHQlOniGGPWr0zZLqHQeD9FgKApzxGa7YXfCRoccN5BB2ZnLcwAse3QgL6GnR-fnTv-8VaA8Ypg06u9LIRfuU5H8d2xbcywAYPu4UwzXmCZXTuzVyaHVjOhYE5l4kK0sJUuhn82ruNS3S8xJa0woZs-F3rwe6CZyMCXsvRN4L7JVOnV1mE8QWLH5SQ.I99-isaatt077d2OCikj_w"}

 

 

Response: 

 

HTTP/1.1 401 Unauthorized
Server: nginx
Content-Type: application/json;charset=UTF-8
Content-Length: 112
X-SERVED-BY: l73c013
X-CORRELATION-ID: 1583081270_627_748839424_l73c013_VDP_WS
X-APP-STATUS: 401
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2592000;includeSubdomains
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Date: Sun, 01 Mar 2020 16:47:50 GMT
Connection: close

{"responseStatus":{"status":401,"code":"9210","severity":"ERROR","message":"Token validation failed","info":""}}

 

 

 

 

 

 

Highlighted
Visa Dev Moderator

Re: Token validation Failed for VPP API

Hey @Aneesce,

 

Are you using test data? When you create a test App in our sandbox you will receive test data in your App. The test data for your Visa Developer application is available in the Dashboard under test data in the left navigation, this will ensure that you are using valid data that has been provisioned for specific scenarios. You will basically have a table per API that is split into the Request and Response sections and the values on the Request section are meant to be populated in the payload with the intention of obtaining results specified in the Response section.
 
Sandbox data is limited to what is provided in the Test Data tables and is not integrated to the Visa Network and you cannot test real data in sandbox.  

 

20190905 Test Data.png

 

Please use the same request payload that gave a successful result, which I had provided to you, and use your project app's test data. Please share your results with us and let us know if the issue is resolved.

 



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Thanks,
Diana