Token Validation Failed code 9159 for x-pay-token, payments/flex/v1/keys


Token Validation Failed code 9159 for x-pay-token, payments/flex/v1/keys

Hi All,

Can you please assist with the below POST to get the session key (cybersource flex). The code works if i point it to GET helloworld. I have followed your recommendations not to have \n and " " on the body, removed "cybersource/" from the request path, tried  both "apikey=" & "apiKey=". 


Error Response = {"responseStatus":{"status":401,"code":"9159","severity":"ERROR","message":"Token Validation Failed","info":""}}



String resourcePath = "payments/flex/v1/keys";
String queryString = "apikey=" + apiKey;
String requestBody = "{\"encryptionType\":\"RsaOaep256\"}";
url = new URL("" + queryString);

HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestProperty("Content-Type", "application/json;charset=UTF-8");
con.setRequestProperty("Accept", "application/json,application/octet-stream");

xPayToken = generateXpaytoken(resourcePath, queryString, requestBody, sharedSecret);

public static String generateXpaytoken(String resourcePath, String queryString, String requestBody, String sharedSecret) throws SignatureException {
String timestamp = timeStamp();
String beforeHash = timestamp + resourcePath + queryString + requestBody;
String hash = hmacSha256Digest(beforeHash, sharedSecret);
String token = "xv2:" + timestamp + ":" + hash;
return token;

private static String timeStamp() {
return String.valueOf(System.currentTimeMillis()/ 1000L);

private static String hmacSha256Digest(String data, String sharedSecret)
throws SignatureException {
return getDigest("HmacSHA256", sharedSecret, data, true);

private static String getDigest(String algorithm, String sharedSecret, String data, boolean toLower) throws SignatureException {
try {
Mac sha256HMAC = Mac.getInstance(algorithm);
SecretKeySpec secretKey = new SecretKeySpec(sharedSecret.getBytes(StandardCharsets.UTF_8), algorithm);

byte[] hashByte = sha256HMAC.doFinal(data.getBytes(StandardCharsets.UTF_8));
String hashString = toHex(hashByte);

return toLower ? hashString.toLowerCase() : hashString;
} catch (Exception e) {
throw new SignatureException(e);

private static String toHex(byte[] bytes) {
BigInteger bi = new BigInteger(1, bytes);
return String.format("%0" + (bytes.length << 1) + "X", bi);


kind regards

Community Manager

Re: Token Validation Failed code 9159 for x-pay-token, payments/flex/v1/keys

Hi @smol987 - looks like the same issue from a previous thread? 


Sharing in case this was different but Cybersource payments is no longer available on Visa Developer -  the only way to properly query the CyberSource Payments sandbox is to create a merchant account directly with CyberSource. (


Please let us know if we can help with anything else and someone will be happy to help.





Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Re: Token Validation Failed code 9159 for x-pay-token, payments/flex/v1/keys

Thanks for the info Ricardo. Regards