Hey @giswas,

To further investigate, please provide the following information:

1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body

Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.

Thanks

Here are the latest request and responses:

Request:

POST https://sandbox.api.visa.com/merchant-api-ic/client/apikeys?apikey=--removed-- HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
X-PAY-TOKEN: xv2:1563457646:63aeba62eb53449b03dadd7713abb4a022e554f1b3410b40c469ca29952a52e4
Content-Length: 90
Host: sandbox.api.visa.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

{"clientId":"a660a503-f74c-abdb-7a10-1dd309cb6e01","status":"ACTIVE","apiKeyLabel":"test"}

Response:

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/json;charset=UTF-8
Content-Length: 224
X-SERVED-BY: l73c012
X-CORRELATION-ID: 1563457648_828_341009599_l73c012_VDP_WS
X-APP-STATUS: 400
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2592000;includeSubdomains
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Security-Policy-Report-Only: default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-Content-Security-Policy-Report-Only: default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-WebKit-CSP-Report-Only: default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-Cnection: close
Date: Thu, 18 Jul 2019 13:47:28 GMT
Connection: close

{
"responseStatus" : {
"code" : 2211,
"message" : "Invalid Request",
"severity" : "ERROR",
"status" : "BAD_REQUEST",
"additionAttributes" : { },
"info" : "http://api.visa.com/docs/errors/2211"
}
}

Hey @giswas,

I'll take a look and get back to you soon!

Hey @giswas,

We looked into your account and notice 2 active API keys associated to your account. Following are the keys we see on our end, which you can also get by doing the Get Client API Keys API call. (please note I have intentionally not copy paste the entire key).

1. First one begins with --- 2ZZQTXRE1XH----uXXXX
2. Second one begins with- CGMVRW8C1JXCVO---- XXXX

Can you clarify what exactly are you trying to do and why are you creating a 3rd API key?

You are right about the keys. I guess for now, what i am trying to do is see how the API works. 

Is there a limitation on the API somehow ? I don't see how having multiple keys affects anything (I tried using the API key with single key also, same problem)

X-CORRELATION-ID: 1564420450_176_934918123_l73c015_VDP_WS

Hey @giswas,

I'll take a look and get back to you soon!

Hi,

Were you able to clarify what the issue is ? 

Thanks

Hey @giswas,

I'm currently investigating the VCO issue your experiencing and I'll get back to you soon.