I'm trying to reach https://sandbox.api.visa.com/vcpe/v2/pan/enrollment but I'm getting a 400 error with the message "Invalid input found, please correct the input data". I'm able to reach the helloworld endpoint so my certs should be correct. I'm also using MLE for my payload.
Request Header:
Array
(
[0] => HTTP/1.1 400
[Server] => nginx
[Date] => Sun, 10 Mar 2024 20:25:16 GMT
[Content-Type] => application/json
[Content-Length] => 141
[Connection] => keep-alive
[X-SERVED-BY] => -5b54b9f6-8z9
[X-CORRELATION-ID] => 1710102316_720_1021519755_-5b54b9f6-8z9_VDP_WS
[x-vdp-normalized-url] => /vcpe/v2/pan/enrollment
[X-Frame-Options] => SAMEORIGIN
[X-XSS-Protection] => 0
[X-Content-Type-Options] => nosniff
[Strict-Transport-Security] => max-age=31536000;includeSubdomains
[Cache-Control] => no-cache, no-store, must-revalidate
[Pragma] => no-cache
[Expires] => -1
[X-APP-STATUS] => 400
)Response Body:
{
"responseStatus": {
"code": "9501",
"severity": "ERROR",
"message": "Invalid input found, please correct the input data",
"info": "",
"status": "400"
}
}
This is my php code:
<?php
include_once __DIR__ . '/../vendor/autoload.php';
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Encryption\Algorithm\ContentEncryption\A128GCM;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP256;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\Compression\Deflate;
use Jose\Component\Encryption\JWEBuilder;
use Jose\Component\Encryption\JWEDecrypter;
use Jose\Component\Encryption\JWELoader;
use Jose\Component\Encryption\Serializer\CompactSerializer;
use Jose\Component\Encryption\Serializer\JWESerializerManager;
use Jose\Component\KeyManagement\JWKFactory;
$username = '<MY USERNAME>';
$password = '<MY PASSWORD>';
$client_cert = '../private/client-certificate.cer';
$private_key = '../private/dune-private-key.cer';
$mleClientPrivateKeyPath = '../private/mle-private.cer';
$mleClientPublicCertificatePath = '../private/mle-client_cert_e95167294fec.cer';
$mleServerPublicCertificatePath = '../private/mle-server_cert_e95167294fec.cer';
$keyId = '<MY MLE KEY ID>';
/**
* This method will encrypt the payload and create a JWE token
*
* @param $payload
* @param $keyId
* @param $mleServerPublicCertificatePath
* @return false|string
*/
function encryptPayload($payload, $keyId, $mleServerPublicCertificatePath)
{
// The key encryption algorithm manager with the RSA-OAEP-256 algorithm.
$keyEncryptionAlgorithmManager = new AlgorithmManager([new RSAOAEP256(),]);
// The content encryption algorithm manager with the A128GCM algorithm.
$contentEncryptionAlgorithmManager = new AlgorithmManager([new A128GCM(),]);
// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([new Deflate(),]);
// We instantiate our JWE Builder.
$jweBuilder = new JWEBuilder($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionMethodManager);
// Our key.
$jwk = JWKFactory::createFromCertificateFile($mleServerPublicCertificatePath);
$milliseconds = round(microtime(true) * 1000);
$jwe = $jweBuilder
->create() // We want to create a new JWE
->withPayload($payload) // We set the payload
->withSharedProtectedHeader([
'alg' => 'RSA-OAEP-256', // Key Encryption Algorithm
'enc' => 'A128GCM', // Content Encryption Algorithm
'iat' => $milliseconds, // Current Time Stamp in milliseconds
'kid' => $keyId
])
->addRecipient($jwk) // We add a recipient (a shared key or public key).
->build(); // We build it
$serializer = new CompactSerializer();
$token = $serializer->serialize($jwe, 0);
return json_encode(['encData' => $token], JSON_PRETTY_PRINT);
}
/**
* This method will decrypt the given JWE token.
*
* @param $encryptedPayload - JWE Token
* @param $mleClientPrivateKeyPath
* @return string|null
*/
function decryptJwe($encryptedPayload, $mleClientPrivateKeyPath)
{
// The key encryption algorithm manager with the RSA-OAEP-256 algorithm.
$keyEncryptionAlgorithmManager = new AlgorithmManager([new RSAOAEP256(),]);
// The content encryption algorithm manager with the A128GCM algorithm.
$contentEncryptionAlgorithmManager = new AlgorithmManager([new A128GCM(),]);
// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([new Deflate(),]);
// We instantiate our JWE Decrypter.
$jweDecrypter = new JWEDecrypter($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionMethodManager);
// Our key.
$jwk = JWKFactory::createFromKeyFile($mleClientPrivateKeyPath);
$encryptedPayload = json_decode($encryptedPayload, true);
$token = $encryptedPayload['encData'];
$serializerManager = new JWESerializerManager([new CompactSerializer(),]);
$jwe = $serializerManager->unserialize($token);
$success = $jweDecrypter->decryptUsingKey($jwe, $jwk, 0);
if ($success) {
$jweLoader = new JWELoader(
$serializerManager,
$jweDecrypter,
null
);
$jwe = $jweLoader->loadAndDecryptWithKey($token, $jwk, $recipient);
return $jwe->getPayload();
} else {
throw new \RuntimeException('Error Decrypting JWE');
}
}
function invokeAPI($url, $method, $username, $password, $keyId, $clientCertPath, $clientPrivateKey, $mleClientPrivateKeyPath, $payload = '')
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 2);
if ($method == 'POST') {
curl_setopt($curl, CURLOPT_POST, 1);
}
if ($payload != '') {
curl_setopt($curl, CURLOPT_POSTFIELDS, $payload);
}
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Accept: application/json',
'keyId: ' . $keyId
));
curl_setopt($curl, CURLOPT_PORT, 443);
curl_setopt($curl, CURLOPT_VERBOSE, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 2);
curl_setopt($curl, CURLOPT_SSLVERSION, 1);
curl_setopt($curl, CURLOPT_SSLCERT, $clientCertPath);
curl_setopt($curl, CURLOPT_SSLKEY, $clientPrivateKey);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, $username . ":" . $password);
//enable headers
curl_setopt($curl, CURLOPT_HEADER, 1);
curl_setopt($curl, CURLOPT_URL, $url);
$response = curl_exec($curl);
$response_info = curl_getinfo($curl);
// close curl resource to free up system resources
$http_header_size = curl_getinfo($curl, CURLINFO_HEADER_SIZE);
curl_close($curl);
$http_header = httpParseHeaders(substr($response, 0, $http_header_size));
// Print all headers as array
echo "<pre>";
print_r($http_header);
echo "</pre>";
if ($response_info['http_code'] === 0) {
$curl_error_message = curl_error($curl);
// curl_exec can sometimes fail but still return a blank message from curl_error().
if (!empty($curl_error_message)) {
$error_message = "<br/><br/>API call to $url failed: $curl_error_message";
} else {
$error_message = "<br/><br/>API call to $url failed, but for an unknown reason. " .
"This could happen if you are disconnected from the network.";
}
echo $error_message;
} elseif ($response_info['http_code'] >= 200 && $response_info['http_code'] <= 299) {
echo "<br/><br/>Your call returned with a success code - " . $response_info['http_code'] . "";
} else {
echo "<br/><br/>[HTTP Status: " . $response_info['http_code'] . "]\n[" . $response . "]";
echo "<br/><br/>Error connecting to the API ($url)";
}
return substr($response, $http_header_size);
}
function httpParseHeaders($raw_headers)
{
$headers = [];
$key = '';
foreach (explode("\n", $raw_headers) as $h) {
$h = explode(':', $h, 2);
if (isset($h[1])) {
if (!isset($headers[$h[0]])) {
$headers[$h[0]] = trim($h[1]);
} elseif (is_array($headers[$h[0]])) {
$headers[$h[0]] = array_merge($headers[$h[0]], [trim($h[1])]);
} else {
$headers[$h[0]] = array_merge([$headers[$h[0]]], [trim($h[1])]);
}
$key = $h[0];
} else {
if (substr($h[0], 0, 1) === "\t") {
$headers[$key] .= "\r\n\t" . trim($h[0]);
} elseif (!$key) {
$headers[0] = trim($h[0]);
}
trim($h[0]);
}
}
return $headers;
}
$payload = '{
"operationType": "UPDATE",
"enrollmentInfo": {
"cardholderInfo": {
"primaryAccountNumber": "9132"
},
"accountLevelInfo": {
"customerContactInfo": {
"email": "user@example.com",
"action": "ADD",
"address": {
"zip": "04009",
"city": "Buffalo",
"line1": "389 North Mango Avenue",
"state": "OR"
},
"lastName": "Cody",
"firstName": "Payne",
"prefMethodOfContact": "E"
}
}
},
"updateReferenceID": "0000001"
}
';
$encryptedData = encryptPayload($payload, $keyId, $mleServerPublicCertificatePath);
$body = invokeAPI('https://sandbox.api.visa.com/vcpe/v2/pan/enrollment', 'POST', $username, $password, $keyId, $client_cert, $private_key, $mleClientPrivateKeyPath, $encryptedData);
$responsePayload = decryptJwe($body, $mleClientPrivateKeyPath);
echo 'Response Payload:' . "<br>";
$enrollResponse = json_decode($responsePayload, 1);
print_r($enrollResponse);
X-CORRELATION-ID: 1710102316_720_1021519755_-5b54b9f6-8z9_VDP_WS
