Hey @fsimon,

I'm happy to help you resolve the issue! To continue, please provide the following information:

1. Endpoint
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body

Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.

I am using postman not soap

1. Endpoint:  https://sandbox.api.visa.com/vts/panEnrollments?apikey=JNW93DZXG8F09UXIT7UJ21nrxMlZGk0yJqL4V2RRgx9Ah.... Request Header

Content-type: application/json

Accept: application/json

X-PAY-TOKEN: xv2: 1575912459: 385fdd80e2f525323bc3069d3f84f241b3a25ddccdc83553bc1d8d748fca910e

3. Request Body:

{

   "channelSecurityContext":{

      "channelInfo":{

         "encryptionScheme":"RSA_PKI"

      },

      "deviceCerts":[

         {

            "certFormat":"X509",

            "certUsage":"CONFIDENTIALITY",

            "certValue":""

         },

         {

            "certFormat":"X509",

            "certUsage":"INTEGRITY",

            "certValue":""

         },

         {

            "certFormat":"X509",

            "certUsage":"DEVICE_ROOT",

            "certValue":"..."

         }

      ],

      "vtsCerts":[

         {

            "certUsage":"CONFIDENTIALITY",

            "vCertificateID":"f1606e98"

         },

         {

            "certUsage":"INTEGRITY",

            "vCertificateID":"bf617210"

         }

      ]

   },

   "locale":"en_US",

   "clientDeviceID":"deviceID1468874324",

   "passcode":{

      "type":"OTP",

      "value":"134578"

   },

   "clientWalletAccountID":"clientID1468874324",

   "panSource":"ONFILE",

   "platformType":"iOS",

   "encPaymentInstrument":"...",

   "clientAppID":"fitpay",

   "consumerEntryMode":"KEYENTERED"

}

Hey @fsimon,

To follow up, Visa Token Services (VTS) is a restricted product. You (the merchant) will need to work with your Technical Account Manager to have your issue resolved. Or you can also send an email to developer@visa.com and someone will connect you to the Visa Token Service expert team to have your request reviewed.

Hey @fsimon,

To follow up, we did not find an account associated to the apikey that you have provided to us in the forum, therefore, we will not be able to advise anything at this time. Please note that, "Token Validation Failed" error is something that arises when forming the timestamp + resourcepath + querystring+requestbody is incorrect.

x-pay-token: xv2: + UTC_Timestamp + : + HMAC-SHA256_hash(shared_secret, (UTC_Timestamp + resource_path + query_string + request_body))

Here is a sample Pre-request script for you to create x-pay-token in Postman.

var apiKey="Your apiKey";

var secretKey = "Your Shared Secret";

var URI= "vts/panenrollments";

var QS="apiKey="+apiKey;

var timeInSeconds = parseInt((new Date()).getTime() / 1000);

console.log("timeInSeconds " + timeInSeconds);

var request=JSON.parse(JSON.stringify(request.data));

var beforeHash = timeInSeconds + URI + QS+request

var hash = CryptoJS.HmacSHA256(beforeHash, secretKey);

var hashInBase64 = CryptoJS.enc.Hex.stringify(hash);

hashInBase64="xv2:" + timeInSeconds + ":" + hashInBase64;

postman.setGlobalVariable("xpayToken", hashInBase64);

Please let me know if this works for you.

Hey @vathanoo,

Thanks for providing this pre-request script to create x-pay-token in Postman. 🙂