"Personal Account Number cannot be decrypted" error

Solved! Go to solution
alex_at_payfurl
Regular Visitor
August 2023
August 2023

"Personal Account Number cannot be decrypted" error

Hi all,

I've got an error when calling Matched Eligible Installment Plans API

 

POST https://sandbox.api.visa.com/installments/v2/plans/match?apiKey=API_KEY
Content-Type: application/json
x-pay-token: xv2:1690949911:da8d3ef8de0a1df1175db21c8733b7fc439e3c7548d4ba61c05d1672873fb7c4
x-correlation-id: S5JAIEFUNBXH_SC

{
  "encAccountNumber": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6ImlIYXZpVF80YWUxRnVfNnAiLCJ0YWciOiJFcFFqZ2tNMHJodDBkT3p1LVRZSDdRIiwiZW5jIjoiQTI1NkdDTSIsImtpZCI6IkdVOTJSN0NCT1lWT01RQjdMN0ExMjFUa0NpN3E4aUEybThOVTBBNjBTVVhhbks1S0kifQ.f_qtPqBg5Juc7ZL2IjP40KKsh5rEbEJYCp4Y7CWNDqs.luzvvllDpOPn7cQj.FEImkKwqCznDeWevJ1m7JA.0aRmcTlE6U2e-ViWcpor7A",
  "transactionAmount": 50000,
  "transactionCurrency": "AUD"
}

 

Got the error:

 

{
  "errorResponse": {
    "status": 400,
    "reason": "invalidRequest",
    "message": "Request validation failed.",
    "details": [
      {
        "location": "encAccountNumber",
        "message": "Personal Account Number cannot be decrypted."
      }
    ]
  }
}

 

I'm using 4111222233334444 as a test card number (PAN). 

The helloworld endpoint works fine

Can someone please help me? 

Thanks in advance

0 Kudos
5
2,637
Reply
5 REPLIES 5
jenn_kh
Community Moderator
Community Moderator
August 2023
August 2023

Re: "Personal Account Number cannot be decrypted" error

Hi, @alex_at_payfurlThank you for reaching out! An agent is looking into this and will get back to you soon. If any community members know of a solution, please feel free to reply here. 

0 Kudos
4
2,582
Reply
alex_at_payfurl
Regular Visitor
August 2023
August 2023

Re: "Personal Account Number cannot be decrypted" error

Thank you, Jenn, for your response. I believe I have found the solution to the issue, and I'd like to share it here for anyone who might be looking for it. There were two main issues I encountered:

  1. Visa provides two different pairs of keys: one for X-Pay Token and another for Encryption. I had to use the second one to resolve the problem.

  2. To test the implementation, it is necessary to provide a testing PAN (Primary Account Number) issued by Visa. I assume that the test PAN needs to be installed into your dashboard or something like that.

I hope this information proves helpful for future seekers facing a similar problem.

3
2,580
Reply
API_Products
Visa Developer Support Specialist
Visa Developer Support Specialist
August 2023
August 2023

Re: "Personal Account Number cannot be decrypted" error

Hi @alex_at_payfurl,

 

Thanks for sharing your solution with us. We really appreciate this 😀 




Thanks,

Diana H.



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

0 Kudos
0
2,569
Reply
mukesh_gupta
New Contributor
a month ago
a month ago

Re: "Personal Account Number cannot be decrypted" error

What exactly solved this issue any idea? I'm using a separate secret for X-PAY Token and another for encryption.
0 Kudos
1
376
Reply
API_Products
Visa Developer Support Specialist
Visa Developer Support Specialist
a month ago
a month ago

Re: "Personal Account Number cannot be decrypted" error

Hey @mukesh_gupta,

 

The error message indicates that the `encAccountNumber` is not being decrypted properly, which likely means there is an issue with the encryption process of the Personal Account Number (PAN). Here are some steps to troubleshoot and resolve this issue:

 

Steps to Troubleshoot

1. Verify Encryption:
- Ensure that you are using the correct encryption algorithm and key as specified by Visa. The encryption method should be compatible with Visa's requirements.

2. Check Key Management:
- Make sure that the encryption key ID (`kid`) and any associated key material are correctly configured and being used.

3. Review API Documentation:
- Double-check the API documentation to ensure that all required parameters and headers are correctly set. Make sure that the `encAccountNumber` is being formatted and encrypted as per Visa's specifications.

4. Test with Known Good Data:
- If possible, use a known good test account number that is supplied by Visa for sandbox testing. This helps to isolate whether the issue is with the specific PAN you are using or with the encryption process.

 

Example of Proper Encryption

Ensure you are using the correct encryption libraries and methods. Here’s a conceptual example in Python to illustrate what the encryption process might look like:

```python
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.backends import default_backend
import base64

 

# START
def encrypt_pan(pan, key, iv):
backend = default_backend()
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)
encryptor = cipher.encryptor()

# PKCS7 padding
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(pan.encode()) + padder.finalize()

encrypted_pan = encryptor.update(padded_data) + encryptor.finalize()
return base64.b64encode(encrypted_pan).decode()

# Example usage
pan = '4111222233334444'
key = b'your_32_byte_key_here' # 32 bytes for AES-256
iv = b'your_16_byte_iv_here' # 16 bytes for AES

enc_pan = encrypt_pan(pan, key, iv)
print(f'Encrypted PAN: {enc_pan}')
# END
```

 

Ensure Correct Headers and API Key

Make sure that your request headers and API key are correctly set:

```http
POST https://sandbox.api.visa.com/installments/v2/plans/match?apiKey=YOUR_API_KEY
Content-Type: application/json
x-pay-token: YOUR_PAY_TOKEN
x-correlation-id: YOUR_CORRELATION_ID
```

 

By following these steps, you should be able to identify and resolve the issue with the `encAccountNumber` encryption.




Thanks,

Diana H.



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

0 Kudos
0
304
Reply