Re: error 401 code 9159' 'Token Validation Failed'

Keeo323

Hi I have tested hello world using the nodes code snippet and it worked.
I then when to test with another endpoint : https://sandbox.api.visa.com/visadirect/fundstransfer/v1/pushfundstransactions

this is the below code

var apiKey = 'TCW--------------irMBGDg';

var sharedSecret = 'xxxxx';

var resourcePath = 'fundstransfer/v1/pushfundstransactions'

var queryParams = 'apiKey='+apiKey;

let postBody = {

"surcharge": "11.2",

"senderAddress": "901 Metro Center Blvd",

"pointOfServiceData": {

"panEntryMode": "90",

"posConditionCode": "00",

"motoECIIndicator": "0"

},

"recipientPrimaryAccountNumber": "4104920120500001",

"colombiaNationalServiceData": {

"addValueTaxReturn": "10.00",

"taxAmountConsumption": "10.00",

"nationalNetReimbursementFeeBaseAmount": "20.00",

"addValueTaxAmount": "10.00",

"nationalNetMiscAmount": "10.00",

"countryCodeNationalService": "170",

"nationalChargebackReason": "11",

"emvTransactionIndicator": "1",

"nationalNetMiscAmountType": "A",

"costTransactionIndicator": "0",

"nationalReimbursementFee": "20.00"

},

"transactionIdentifier": "617020001849971",

"serviceProcessingType": {

"requestType": "01"

},

"acquiringBin": "408999",

"retrievalReferenceNumber": "412770451036",

"systemsTraceAuditNumber": "451018",

"senderName": "Mohammed Qasim",

"businessApplicationId": "AA",

"settlementServiceIndicator": "9",

"transactionCurrencyCode": "USD",

"recipientName": "rohan",

"sourceAmount": "123.12",

"senderCountryCode": "124",

"senderAccountNumber": "4104920120500002",

"amount": "124.05",

"localTransactionDateTime": "2024-07-17T12:00:00",

"purposeOfPayment": "purpose",

"cardAcceptor": {

"address": {

"country": "USA",

"zipCode": "94404",

"county": "San Mateo",

"state": "CA"

},

"idCode": "CA-IDCode-77765",

"name": "Visa Inc. USA-Foster City",

"terminalId": "TID-9999"

},

"senderReference": "",

"acquirerCountryCode": "840",

"sourceCurrencyCode": "840",

"senderCity": "Foster City",

"senderStateCode": "CA",

"merchantCategoryCode": "6012",

"sourceOfFundsCode": "05"

};

app.get('/', (req, res) => {

var timestamp = Math.floor(Date.now() / 1000);

var preHashString = timestamp + resourcePath + queryParams + postBody;

var hashString = crypto.createHmac('sha256', sharedSecret).update(preHashString).digest('Hex');;

var xPayToken = 'xv2:' + timestamp + ':' + hashString;

console.log(preHashString);

console.log(xPayToken);

var options = {

hostname: 'sandbox.api.visa.com',

port: 443,

uri: 'https://sandbox.api.visa.com/visadirect/fundstransfer/v1/pushfundstransactions?'+queryParams,

method: 'POST',

headers: {

'Content-Type': 'application/json',

'Accept': 'application/json',

'x-pay-token': xPayToken

},

body: postBody,

json: true

};

//console.log(options);

options.agent = new https.Agent(options);

request.post(options, (err, res, body) => {

if (err) {

return console.log(err);

}

console.log(`Status: ${res.statusCode}`);

console.log(res);

});

res.send('Hello World ');

});

app.listen(3050, function () {

console.log('Example app listening on port 3050.');

}

------------------------------------------------------------------------
and this is the below result of code when ran(sensitive secrets edited in response):

path: '/visadirect/fundstransfer/v1/pushfundstransactions?apiKey=TCW--------------irMBGDg',
href: 'https://sandbox.api.visa.com/visadirect/fundstransfer/v1/pushfundstransactions?apiKey=TCW-----------...'
},
method: 'POST',
headers: {
'Content-Type': 'application/json',
Accept: 'application/json',
'x-pay-token': 'xv2:1721167116:77114500cb6d7727f0a9b17559781480542d45cd5b58a0e1857f66d41459cbeb',
'content-length': 1482
},
body: '{"surcharge":"11.2","senderAddress":"901 Metro Center Blvd","pointOfServiceData":{"panEntryMode":"90","posConditionCode":"00","motoECIIndicator":"0"},"recipientPrimaryAccountNumber":"4104920120500001","colombiaNationalServiceData":{"addValueTaxReturn":"10.00","taxAmountConsumption":"10.00","nationalNetReimbursementFeeBaseAmount":"20.00","addValueTaxAmount":"10.00","nationalNetMiscAmount":"10.00","countryCodeNationalService":"170","nationalChargebackReason":"11","emvTransactionIndicator":"1","nationalNetMiscAmountType":"A","costTransactionIndicator":"0","nationalReimbursementFee":"20.00"},"transactionIdentifier":"617020001849971","serviceProcessingType":{"requestType":"01"},"acquiringBin":"408999","retrievalReferenceNumber":"412770451036","systemsTraceAuditNumber":"451018","senderName":"Mohammed Qasim","businessApplicationId":"AA","settlementServiceIndicator":"9","transactionCurrencyCode":"USD","recipientName":"rohan","sourceAmount":"123.12","senderCountryCode":"124","senderAccountNumber":"4104920120500002","amount":"124.05","localTransactionDateTime":"2024-07-17T12:00:00","purposeOfPayment":"purpose","cardAcceptor":{"address":{"country":"USA","zipCode":"94404","county":"San Mateo","state":"CA"},"idCode":"CA-IDCode-77765","name":"Visa Inc. USA-Foster City","terminalId":"TID-9999"},"senderReference":"","acquirerCountryCode":"840","sourceCurrencyCode":"840","senderCity":"Foster City","senderStateCode":"CA","merchantCategoryCode":"6012","sourceOfFundsCode":"05"}',
agent: Agent {
_events: [Object: null prototype],
_eventsCount: 2,
_maxListeners: undefined,
defaultPort: 443,
protocol: 'https:',

body: {
responseStatus: {
status: 401,
code: '9201',
severity: 'ERROR',
message: 'Token Validation Failed',
info: ''
}
}

please assist as we are planning to integrate this with live system

jenn_kh

Hi @Keeo323, Thank you for reaching out. An agent is looking into this and will get back to you soon. Until then, if any community member knows a solution, please respond to this thread.

API_Products

Hi @Keeo323,

Please refer to the Visa Developer Error Codes page for cause/resolution to fix the problem. Below is the cause/resolution that I've copied/pasted from the URL page link (above).

AuthN Error Codes

HTTP STATUS

HTTP CODE

CAUSE/RESOLUTION

UNAUTHORIZED

401

Depending on the authentication/encryption mechanism being used, this could be due any of the following reasons. If you are unable to root-cause the same from the possible reasons below, please contact Visa Support at developer@visa.com with the details of the error message, and full http request, response details.

Two-Way SSL (Mutual Authentication):

Authorization Header missing in the request.
Authorization Header in invalid format. It either does not start with 'Basic' or the userId or password fields are blank.
UserId or Password or Subject DN on the certificate is invalid.
You could be presenting a wrong client certificate for that environment.

X-Pay Token:

x-pay-token is blank or not in valid format.
Timestamp field not in valid UTC timestamp format.
Version field is invalid.
Token's timestamp is more than 8 minutes off from the current time.
Token hash mismatch.
APIKey not present in request.
APIKey is not active.
APIKey not valid.
APIKey not active.
The request contains an older version of x-pay-token than supported by the API/project. Please upgrade to the latest supported version. Consult the VDP Getting Started Guide for the same.

JWE:

JWE Token format is invalid.
Kid not present in the token.
Token validation against Shared secret failed.
JWT Grant Type or Token value is either missing, empty or has multiple values.

JWS:

JWS token validation failed.
Kid extraction from header failed.
JWT Grant Type or Token value is either missing, empty or has multiple values.
Kid missing in JWS header.

JWS/JWE:

JWT prefix not in proper format.
JWT in Request Body not a well-formed JSON.
JWT does not contain grant type field or grant type field is blank.
JWT does not contain assertions field or assertions field is blank.
JWT token value does not start with the appropriate bearer_JWT prefix.
APIKey is not active.
APIKey not valid.
APIKey not active.

This could be due to any of the following scenarios in Message Level Encryption (JWE):

KeyId in request is invalid.
KeyId not present in the request (JWE Header/Request Header).
JWE payload element in request is not in the proper format.
JWE token does not have iat header or token has expired.

General:

Request has more than one authentication tokens which is not supported.
Incoming http request does not contain any of the required authentication tokens for this API.