Re: Alias Resolve Token validation failed Error wi...

Sujit

Hello,

I am having an issue when trying to call the Alias Resolve API from Postman for testing as same I need to implement in my Project with VISA.

I did payload encryption as it is done on the example code, the same encrypted payload I am passing in the message body along with all required parameters in the Header, but getting following response.

{ "responseStatus": {"status": 401, "code": "9208", "severity": "ERROR", "message": "Token validation failed", "info": "" }}

Header Parameters -

{"alg": "RSA-OAEP-256", "enc": "A128GCM", "iat": 1728020139297 "kid": "38XXXXXXXXXXXXXXXXXXXXXX28"}

Body -

{"encData":"eyJl------------------------------------oYivvQ"}

API_Products

Hey @Sujit,

The error message "Token validation failed" with status code 401 indicates that there is an issue with your token or the way it is being validated. Here are a few steps to troubleshoot and resolve this issue:

1. Check API Key and Shared Secret: Ensure that you are using the correct API key and shared secret provided by Visa.

2. Header Parameters: Verify the header parameters, especially the `iat` (issued at) timestamp. The timestamp should be in milliseconds and should be current.

3. JWT Token: Ensure that your JWT token is correctly formatted and signed.

4. Encryption: Make sure the payload encryption is done correctly. You can cross-check with the example provided by Visa.

5. Certificate: Ensure that the certificate used for encryption and signing is the correct one provided by Visa.

Here is an example of how you might construct your request in Postman:

### Headers
```json
{
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_JWT_TOKEN",
"alg": "RSA-OAEP-256",
"enc": "A128GCM",
"iat": "YOUR_CURRENT_TIMESTAMP",
"kid": "YOUR_KEY_ID"
}
```

### Body
```json
{
"encData": "YOUR_ENCRYPTED_DATA"
}
```

Example Code Snippet for Generating JWT Token
Ensure that you are generating the JWT token correctly. Here is an example in Python:

```python
# START
import jwt
import time

# Replace with your actual values
api_key = 'YOUR_API_KEY'
shared_secret = 'YOUR_SHARED_SECRET'
key_id = 'YOUR_KEY_ID'

# Current timestamp in milliseconds
iat = int(time.time() * 1000)

# JWT payload
payload = {
"apiKey": api_key,
"iat": iat
}

# Encode the JWT token
token = jwt.encode(payload, shared_secret, algorithm='HS256', headers={"kid": key_id})

print(token)
# END
```

Important Points to Verify:
1. Timestamp (`iat`): Ensure it is current.
2. Shared Secret: Must be the correct one.
3. Algorithm and Headers: Ensure they match Visa's requirements.
4. Encoding and Encryption: Verify the correctness of payload encryption.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Sujit

Hi Diana,

Thanks for the feedback, I wanted to inform you that the issue has been resolved after making the change in the Header.

Earlier I was passing the key id as "kid=<<My Key ID>>", which I changed it to "keyID=<<My Key ID>>".

Now I am getting encrypted response, which I need to decrypt and validate.

But the problem here is, I am getting some error while decrypt the response.

Would you please check this error and suggest what could be the cause of this issue.

While executing [invoke] encountered [com.nimbusds.jose.JOSEException] : [Decryption error at com.nimbusds.jose.crypto.impl.RSA_OAEP_256.decryptCEK(RSA_OAEP_256.java:123)]
at com.tibco.plugin.java.JavaActivity.eval(Unknown Source)
at com.tibco.pe.plugin.Activity.eval(Unknown Source)
at com.tibco.pe.core.TaskImpl.eval(Unknown Source)
at com.tibco.pe.core.Job.a(Unknown Source)
at com.tibco.pe.core.Job.k(Unknown Source)
at com.tibco.pe.core.JobDispatcher$JobCourier.a(Unknown Source)
at com.tibco.pe.core.JobDispatcher$JobCourier.run(Unknown Source)

Thanks,

Sujit Kosta