Visa Developer Community

Highlighted
Dabbler

Token vaildation failed (code 9159) for x-pay-token value

I'm getting the "Token validation failed" error when I submit a request to the Visa Payments (CyberSource) API and can't tell what's off in my code:

 

	Boolean testMode = true;
	String endPoint = testMode?'https://sandbox.api.visa.com/cybersource/payments/v1/sales?apikey='+apiKey:'https://api.visa.com/cybersource/payments/v1/sales?apikey='+apiKey;

	Http objhttp = new Http();
	HttpRequest req = new HttpRequest();
	HttpResponse res = new HttpResponse();

         req.setMethod('GET'); 
         req.setEndpoint(endpoint);

         String queryString = 'apikey='+apiKey;
	 String URI = 'payments/v1/sales';

         DateTime dateTimeNow = dateTime.now();
         String unixTime = ''+dateTimeNow.getTime()/1000; 
         String timeStampUTC = unixTime;
	String payload = '{\"encryptionType\":\"WebCryptoAPI\"}';
	System.debug('=====> timestamp, uri, query string, payload = '+timeStampUTC+URI+queryString+payload);
	Blob hmacData = Crypto.generateMac('HmacSHA256', Blob.valueOf(timeStampUTC+URI+queryString+payload), Blob.valueOf(sharedSecret));
	String encodedDigest = EncodingUtil.base64Encode(hmacData);

         xPayToken = 'xv2:'+ timeStampUTC + ':'+ encodedDigest;
         System.debug('=====> xPayToken = '+xPayToken);
         req.setHeader('x-pay-token', xPayToken);
         req.setHeader('Content-Type','application/json');
         req.setTimeout(120000);

		 System.debug('=====> request body: '+reqBody);
	   	 req.setBody(reqBody);

          try {

	              	res = objhttp.send(req);
			System.debug('=====> http response: '+res.getBody());
				
          }
          catch(System.CalloutException e) {
              System.debug('Callout error: '+ e);

          }

 

I've checked the timestamp value to make sure it's the current time (UTC), the apiKey and shared secret match those in the sandbox, and the Hmac digest seems to be in order (at least code samples on the Salesforce developer forums for this type of header value).

 

The debug output includes:

 

=====> timestamp, uri, query string, payload = 1500065746payments/v1/salesapikey=...hidden...{"encryptionType":"WebCryptoAPI"}

 

=====> xPayToken = xv2:1500065746:69fTj20b36apeCz3KAOWKOr889w/m+tCgazRDiTeM3M=

 

=====> http response: {"responseStatus":{"code":"9159","severity":"ERROR","message":"Token validation failed","info":"","status":401}}

 

Could someone kindly point out what I'm doing wrong?

 

 

3 REPLIES
Valued Supporter

Re: Token vaildation failed (code 9159) for x-pay-token value

Few things to note while generating token:

  1. Please follow getting started documentation to generate a valid token.
  2. APIkey in the url query param should be same as the one used to generate xpayToken
  3. “resourcePath” sent in the xpaytoken has to be as per the documentation (eg: for keys à payments/flex/v1/keys).
  4. Payload sent in the request payload should exactly match along with spaces to the “requestBody” value used in xpaytoken.

 

Note:

For Flex Keys resource we have to send xpaytoken

https://sandbox.api.visa.com/cybersource/payments/flex/v1/keys?apikey={apikey}

 

for flex Tokens there will be no xpaytoken

https://sandbox.api.visa.com/cybersource/payments/flex/v1/tokens

 

Try this out and keep me updated!

 

Thanks

Sanobar

Dabbler

Re: Token vaildation failed (code 9159) for x-pay-token value

Hi Sanobar - 

 

Thanks for your response.  It turns out I was calculating the HMAC value wrong.

 

Cheers,

Ron

Newbie

Re: Token vaildation failed (code 9159) for x-pay-token value

Hello Ron

may you please share with me how you calculated HMAC value, i have been struggling with this x-pay-token generator. Im using java and i have used thier sample here, still its not allowing me.

please you can respond to my email at : daphneynare@gmail.com