Hi, @motty! Thank you for reaching out to the community. One of our agents will look into this and get back to you soon. Until then, if any community members have information that may help, please reply to this thread. 

Thank you @jenn_kh .

I have tried similar problems, but have not resolved them.

- https://community.developer.visa.com/t5/Sandbox-Test-Data/DER-length-more-than-4-bytes-111/td-p/1659...

And, I tried with python sample client, but not works.

Hi @motty,

I received a successful API sandbox result today. Please see below for the answer and run the test again.

End Point https://sandbox.api.visa.com/dcas/cardservices/v2/cards
Method POST
Request
{"primaryAccountNumber": "4144773222813351"}
Response
{
"receivedTimestamp": "2023-06-20T20:59:47.046Z",
"resource": {"cardId": "f71bc5f0-3c54-43c1-8ead-a92e01001fd2"},
"processingTimeinMs": 1
}
Response Header
Status Code: 200
Server : nginx
Date : Tue, 20 Jun 2023 20:59:47 GMT
Content-Type : application/json;charset=UTF-8
Content-Length : 132
Connection : keep-alive
X-SERVED-BY : -6b78b6f4g2g
X-CORRELATION-ID : 1687294786_974_629283450_-6b78b6f4g2g_VDP_WS
X-APP-STATUS : 200
X-Backside-Transport : OK OK,OK OK
Accept : application/json
Cache-Control : no-cache, no-store, must-revalidate
pragma : no-cache
Expires : -1
X-Content-Type-Options : nosniff
X-Frame-Options : DENY ,SAMEORIGIN
X-XSS-Protection : 1; mode=block ,0
X-Global-Transaction-ID : 18dcb9c4649213430725cfcd
Content-Language : en-US
Strict-Transport-Security : max-age=31536000;includeSubdomains
Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-WebKit-CSP-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains;always