Re: Token Validation Failed

atiq

just trying to get success message from helloworld api end point using soapui

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
def hmac(String secretKey, String data) {
Mac mac = Mac.getInstance("HmacSHA256")
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256")
mac.init(secretKeySpec)
byte[] digest = mac.doFinal(data.getBytes())
return digest
}
def APIKey = '8G3YFI9UBO3G8LDP0GWU21_oiPkzkZtlDIGbmEAv_T7cnSo0M'
def sharedSecret = 'E3G-F6r9iI4YcA}2Ob$JHFcCwI7e3f+FNEqlMfGo'
def URI = "helloworld"
def QS = "apikey="+APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))
def payload = ""
def HMACDigest = hmac(sharedSecret, timeStampUTC + URI + QS + payload)
def encodedDigest = HMACDigest.encodeHex().toString()
def XPayToken = "xv2:"+ timeStampUTC + ":" + encodedDigest
testRunner.testCase.setPropertyValue("xpayToken", XPayToken)
log.info(XPayToken)

Output from SoapUI

{"responseStatus": {
"status": 401,
"code": "9159",
"severity": "ERROR",
"message": "Token Validation Failed",
"info": ""
}}

API_Products

Hey @atiq,

I'd be happy to help resolve your issue. To move forward, please provide us with the following information:

1. Endpoint
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body

Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

atiq

1. End point https://sandbox.api.visa.com/vdp/helloworld?apikey=8G3YFI9UBO3G8LDP0GWU21_oiPkzkZtlDIGbmEAv_T7cnSo0M

2. Request Header => x-pay-token => value provided ${#TestCase#xpayToken}

3. Request Body is empty

4.

x-vdp-normalized-url

/vdp/helloworld

Server

nginx

X-Content-Type-Options

nosniff

X-CORRELATION-ID

1577349182_029_740834977_l73c018_VDP_WS

Connection

keep-alive

X-SERVED-BY

l73c018

x-vdp-authn-api-visa-id

HELLOWORLD

Content-Type

application/json;charset=UTF-8

Expires

-1

Strict-Transport-Security

max-age=2592000;includeSubdomains

5 response body

{"responseStatus": {
"status": 401,
"code": "9101",
"severity": "ERROR",
"message": "Token Validation Failed",
"info": ""
}}

API_Products

Hey @atiq,

Can you please let us know the API that you are interested in using for your project?

Are you using the VDC Playground for your sandbox testing? We recommend you to use the VDC Playground tool for your testing. Please download the VDC Playground tool by logging into your Visa Developer account > Dashboard > Project > Assets

Download VDP Playground from the Assets section and Run it (refer to screenshot below).

You can find the guide on Getting Started with VDC Playground from this blog post here - https://developer.visa.com/pages/visa-developer-center-playground

You can also learn more about common Visa Developer error codes and how to resolve them here - https://developer.visa.com/pages/visa-developer-error-codes

After you try sandbox testing with VDC Playground, please share your test results with us.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

API_Products

Hey @atiq,

I just ran a test using the VDC Playground tool and I was able to get a successful response using x-pay token. If you are on a VPN then you will have to enter in your own Proxy information (e.g. Host and Port). If you are not on a VPN, then do not enable Proxy and do not enter in the Proxy Host and Port. Please refer to screenshot below.

Response:

{
"message": "helloworld",
"timestamp": "2019-12-27T23:45:27"
}

Response Header:

Status Code: 200 OK
Server : nginx
Content-Type : application/json;charset=UTF-8
Content-Length : 58
X-SERVED-BY : l55c018
X-CORRELATION-ID : 1577490327_568_280006958_l55c018_VDP_WS
X-APP-STATUS : 200
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=2592000;includeSubdomains
Cache-Control : no-cache, no-store, must-revalidate
Pragma : no-cache
Expires : Thu, 01 Jan 1970 00:00:00 GMT ,-1
Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-WebKit-CSP-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
Date : Fri, 27 Dec 2019 23:45:27 GMT
Connection : keep-alive

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

API_Products

Hey @atiq,

To follow up, please make sure to use your own credentials for your project. For example, I used my own project's credentials (refer to screenshot below). So you will have your own separate credentials for each project that you create from your Dashboard.

20191227 Credentials for x-pay token.png

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

atiq

i have checked with playground for hello world and it's look fine there an i'm using Pull Funds api

https://sandbox.api.visa.com/visadirect/fundstransfer/v1/pullfundstransactions

in post request i'm sending below data.

uri: `${process.env.VISA_API_URL}fundstransfer/v1/pullfundstransactions`,

key: fs.readFileSync(

path.resolve("../../nodejs/eco-pay/src/certs/key.pem"),

),

cert: fs.readFileSync(

path.resolve("../../nodejs/eco-pay/src/certs/cert.pem"),

),

headers: {

"Content-Type": "application/json",

Accept: "application/json",

Authorization: "Basic " + Buffer.from("1W9GYLXNRYJ4458E89AX21ai-j2sZ5GdRUx_T6EXmGr3pLqeA" +":" +"85jiqeNBS2P9uMhw1uxMmvzp96yX9s",).toString("base64");,},

and in Error side after sending request here is log of the request

headers:

{ 'Content-Type': 'application/json',

Accept: 'application/json',

Authorization:

'Basic MVc5R1lMWE5SWUo0NDU4RTg5QVgyMWFpLWoyc1o1R2RSVXhfVDZFWG1HcjNwTHFlQTo4NWppcWVOQlMyUDl1TWh3MXV4TW12enA5NnlYOXM=',

'content-length': 504 },

body:

'{"acquirerCountryCode":"840","acquiringBin":"408999","amount":"20.00","cardAcceptor":{"address":{"country":"USA","county":"081","state":"CA"},"idCode":"ABCD1234ABCD123","name":"Visa Inc. USA-Foster City","terminalId":"ABCD1234"},"localTransactionDateTime":" 2011-12-30T21:32:52","retrievalReferenceNumber":245884598225,"senderCardExpiryDate":"2015-10","senderCurrencyCode":"USD","senderPrimaryAccountNumber":"4895142232120006","systemsTraceAuditNumber":"WXyQOfmboaxQ","visaMerchantIdentifier":"73625198"}',

getting this response

{ status: 401,

code: '9209',

severity: 'ERROR',

message: 'Token validation failed',

info: '' }

API_Products

Hey @atiq,

Please refer to this forum post for steps on how to achieve a successful test result - https://community.developer.visa.com/t5/Getting-Started-with-Visa/quot-status-quot-401-quot-code-quo...

On that forum post above, I have already provided steps on how to make a successful API call. Please let us know if this helps resolve your issue.