Hi ,
I am trying for encrypt the FLE and trying to make the request for universal card enrollment create Customer .
there is no doc information where i can get weather there is issue in my header sending "Key ID" or in my encryption and what is keyid and secrets to encrypt my data .
I am sending my request using this header . I also tried header name as well .
request.Headers.Add("kid", "<Key-Id Here>");
From here i am getting the key-id which i am using here .
I dont know about the shared secret here . I tried the Shared secret which i get from the X-Pay-Token and i also tried the server encryption Certificate from Encryption/Decryption but same error for both cases .
How i am encrypting this in c# code is below .
public string EncryptFLE(string message)
{
// Step 1: Get Plain Text Payload
string plainTextPayload = message;
// Step 2: Construct JOSE Header Object
var joseHeader = new
{
alg = "RSA-OAEP-256",
enc = "A128GCM",
kid = "<key-id here>",
iat = DateTimeOffset.Now.ToUnixTimeMilliseconds()
};
// Step 3: Convert JOSE Header to JSON string
string joseHeaderJson = JsonConvert.SerializeObject(joseHeader);
// Step 4: Construct JWE Object
var jweObject = new
{
header = joseHeaderJson,
payload = plainTextPayload
};
// Step 5: Convert JWE Object to JSON string
string jweObjectJson = JsonConvert.SerializeObject(jweObject);
// Step 6: Get Key (Server Encryption Certificate) as an X.509 certificate
string fleServerPublicCertificate = "D:\\cert.pem";
X509Certificate2 certificate = new X509Certificate2(fleServerPublicCertificate);
// Step 7: Encrypt the JWE Object using the MLE Public Key
string encryptedJwe = EncryptJwe(jweObjectJson, certificate);
// Step 9: Return the Encrypted String
return encryptedJwe;
}
After the Request I made received below error .
{"errorResponse":{"status":400,"reason":"invalidParameter","message":"Invalid input parameter(s)","details":[{"location":"encMobileNumber","message":"Failed to parse/decrypt the value provided."},{"location":"encEmailAddress","message":"Failed to parse/decrypt the value provided."},{"location":"encAddress","message":"Failed to parse/decrypt the value provided."}]}}
I also tried many Solutions from community as well . but Error still persist.
Solved! Go to Solution
Thank you for reaching out, @amodarling ! An agent is looking for a solution for you and will get back with you shortly! If any community members know a solution, please feel free to respond in this thread. - Cathy
Can anyone please tell me which keys need for the encryption of Field level encryption ,
as per document Encrypt the value in the fields using “Key ID” and "shared secret"
I also used these two but same error . so i need the detail which key i need to use for the field level encryption .
Regards .
Hi @amodarling,
Please refer to the answer I posted in this forum post here: https://community.developer.visa.com/t5/Implementation-API-Sample-Code/Field-Level-Encryption-univer...
After clicking the link above, you'll want to refer to the attached Encryption Certificate and KID for encrypting the card object. Card Object details can be retrieved from the API Reference page.
Please also refer to the test data, along with the certificate that is attached to the forum post in the URL link above.
Hi @amodarling,
Please try this KID.
Q2AY3V5E3ICNBUU66D8K11hBmzqdXSvTiNzZ-YnpozWRXTo50 |
KID – To be used in JWE Header |
Here's some additional info: https://developer.visa.com/capabilities/visa-in-app-provisioning/docs-authentication
Hi @amodarling,
For further troubleshooting of the error, please provide the following information:
1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body
Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.
Hello @DianaVisaPM
Endpoint :- "https://sandbox.api.visa.com/universal/core/customers?apikey=<Api key>"
x-pay-token: xv2:1689583323:4d891100cc9be38747848940fe19f0fe06bb9d6bf147d7993825462267a1f05a
kid: 3447d14e-58d3-428d-9ab4-233af71db6a4
ex-correlation-id: OKMNN8SLWIAO_SC
traceparent: 00-aa50e9b420ee525da29d1edda36f0296-d1d272379268b3a8-00
{"lastName":"Narayanan","firstName":"Shankara Child","encMobileNumber":"WRtSYhap8FrW4n15gPuaZ06J9JcfW1NnP4dQQZ+pihvOwZmp1bGe","locale":"en_US","encEmailAddress":"Fshdlfwyg7p042DFMNN0q3n9PXDvDxl7jutMPvJszXvFb4gOLGpytSoGIX6Lxc4p","encAddress":"tiKTAwB2LBNI/5sQeP2jycyNM+8G16IPkGl6GHqucg=="}
Server: nginx
Date: Mon, 17 Jul 2023 08:43:14 GMT
Connection: keep-alive
X-SERVED-BY: -5d6d7f4
X-CORRELATION-ID: 1689583393_969_670553379_-5d6d7f4_VDP_WS
X-ERROR-ORIGIN: 9900
X-APP-STATUS: 400
Cache-Control: no-store, must-revalidate, no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubdomains
Pragma: no-cache
Content-Security-Policy-Report-Only: default-src 'self' <OTher strings here >
{"errorResponse":{"status":400,"reason":"invalidParameter","message":"Invalid input parameter(s)","details":[{"location":"encMobileNumber","message":"Failed to parse/decrypt the value provided."},{"location":"encEmailAddress","message":"Failed to parse/decrypt the value provided."},{"location":"encAddress","message":"Failed to parse/decrypt the value provided."}]}}
Hi @amodarling,
Using the VDC Playground tool, I ran a sandbox test and received a successful request/response payload. You can view my request/response payload below and refer to the steps and screenshot about where I got the API Key (refer to screenshot).
Steps to get the API Key
End Point https://sandbox.api.visa.com/universal/core/cards?apikey=VPIB1APOUYXZN99PWYRH21bkBF61nYhdWGMW5cNqV-R...
Method POST
Request
{"encCard": "eyJraWQiOiJHM0xHV05IWk9WTVNYOFVKQ1lISDEzZDhnaHRGQi1Mc3NGNnBBc0pSZFFtekFBWnZNIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.dv_nF7AWjLw0jxIXfgKw8KQ8S_tUC6fn1gEgta-hEUYK7eDbOZ3XK0_xqkoh3J2fqIYFbkbF4IKoQbQBVOHvLLQA4aFsgCYJCYqwGQE7-NO2FafhhhQsVmU8uzWFtYTbNUt7kKATfc5z4MFEzBpNNr0oKpxv9_ApLaxjvuw63w7JKStftgZbcvMckNyviCmhm0WyCqzmS3rRre3D70i7bmLvPtiu8wKrhmMKviLQf7kfdHYGJGgv_WgR_HZR6mH-FjpFFK_UKTlh1kfTDtEl6DvorUuWO4kLmK979QgeqRtyiaWRcqE6rJya1z8mz2zBfLrQbnPgbedJP3gtpNAyMw.0awVuLh5SLjMH_A6.-oML7_exAQlFBWakbWxLVmT7FytdZYWP0iiVCEQWw5CGF1lYQvmGqzJd_v77U5NL1sVaR-8puxCs7a74XMM8ZQUal4e-D6WoupJEMvjLg8C-1UEOnEkd-VYJYdMfPt4WzxxBHZzB4oihgZ72N9pMEdjcrbThdEotO1h8mrys1jmW9EhLZzOHdGnBtaxZ-7epSWHeuvVFShpnDtnwjMZ3lWZ8qAAkmHsu_cXbtS_gOIZwnD_Qyj8azsiJ92_Mipc7eKxruZBha3LsiYGOT-iRR_8Wj1AMDAkgt7rIYWLtkH1HRQkcsY2Pomm3BIEf1IMA6RxETNJmAuG9jnhdvy2RpqWtKGBoYYeCGJoQDkQtDnQ2Hv4xhRMFb983c4t8FR1tByvygv9q1OGwlZm83jloS2MHkNfe61o0g3x7U6la8NJdNnXUs2Ts2l6qk9PhqFwyhIavl8c094nErqTIj64l7sb9ZbaDSEKw0ERu0LikQ2cb3ZztGw8qMmmJQk6jPRyGqcMyU4ExPBPJnZ8W0D8EXcF9Ip0z1x5sgT02FlsJVekb2ozLUuHw7yFLe09FEBOxDtwJxYHapjeYrGH97-7CEoqVCwPPa9s0w7tWZG_8NO2Uv2IgiD3pq9y4PJsu2zRqqazuOBniHmgDTSPMNp1fWspcIcdpAnPaU2WVFxnpMugKds35Fom7LJ52U6SIKYM8B2zAzKxwicjb6QY9Yp9DbkQsN1TqCT1mIKvJ9QrImLA510X00PV65cdHOT37iSSkHPOwvPGm8XcBvQiJunppTTZ2sjG_uuCGoGFM0F1OW8uZ-8F2fGBwKr1919DOc4F0_Pj3qaSRHwvXtTL7iKe4RcmLWKUD311tJAISuq2amT9gFvGu_k-hd9ihDnjxhvh-Q7Ac8TA3fRtj.G-EksEyNvqY5s_tKdq8pGg"}
Response
{
"paymentAccountReference": "V1234567890124514234413926268",
"last4": "6268",
"vCardID": "v-123-510b1b5b-4412-44c4-a4bc-b9fa59a43802",
"expirationDate": {
"month": "10",
"year": "2020"
}
}
Response Header
Status Code: 201
Server : nginx
Date : Thu, 27 Jul 2023 01:18:52 GMT
Content-Type : application/json;charset=UTF-8
Content-Length : 175
Connection : keep-alive
X-SERVED-BY : -5d6d7f4p
X-CORRELATION-ID : 1690420731_886_1714654174_-5d6d7f4p_VDP_WS
X-APP-STATUS : 201
Cache-Control : no-cache, no-store, must-revalidate
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 0
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains
Pragma : no-cache
Expires : -1
Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-WebKit-CSP-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains;always