Hey @boav_rum,

So I tested with the request payload you provided and I got a successful 200 OK response. Your request payload is surely correct (please scroll down to see the correct Request, Response, and Response Header that gets 200 OK results).

The error 400 - 9124 Expected input credential was not present usually occurs when the credentials used are invalid. Can you please confirm if you are using valid credentials?

To access your project credentials, please login to your VDP account > My Account > Dashboard > project app > Credentials

Also, please double check the SSL settings and make sure the keystore has all the necessary certificates imported. To start, this error usually occurs when your certificates are not sent.
· Keystore is not setup. Certificates are not in the keystore:
○ For java keystore (jks) run keytool command and verify all the certificates have been imported on the keystore
· keytool -list -v -keystore keystore.jks

○ For a p12 execute the following openssl command:
· openssl pkcs12 -info -in keyStore.p12
· In SOAPUI check File->Settings->SSL Settings and make sure the KeyStore and KeyStore Password are populated in Soap UI

· Check SSL Info Tab in SOAP UI Response and verify you have a Local Certificate 1, Local Certificate 2 followed by Peer Certificate 1 and Peer Certificate 2

· In addition to that, if you are using SOAP UI, please make sure to select "Authenticate pre-emptively" under "Auth (Basic)" tab. Also, please double check in the request raw tab that the "Authentication Basic" is present.

· Check request header and make sure Authorization: Basic has been populated with the base64 encoded username and password:

Please follow the Working with Visa APIs guide and read the Two-Way SSL (Mutual Authentication) guide: https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl

Furthermore, please make sure you are using valid Test Data from your project app.

If the issue persists, please provide more information on the error you have received for further investigation. Please send the response request of the error received, screenshot and the Correlation ID. Please let us know if you have other questions.

Below are the steps to get the Correlation ID using a Google Chrome browser.
1>Open Chrome menu.
2>Click on More tools then Developer tools.
3>Check the box to Preserve Log for the Network Tab.
4>Then try to click on the add API link.
5>You can find the Correlation ID in the network log for add API call.

Additional Note:

Request:

{
"systemsTraceAuditNumber": "350421",
"destinationCurrencyCode": "840",
"cardAcceptor": {
"address": {
"country": "RU",
"zipCode": "94404",
"city": "Foster City",
"county": "San Mateo",
"state": "CA"
},
"idCode": "ABCD1234ABCD123",
"name": "ABCD",
"terminalId": "ABCD1234"
},
"markUpRate": "1",
"sourceAmount": "100",
"retrievalReferenceNumber": "201010101031",
"sourceCurrencyCode": "643"
}

Response:

{
"originalDestnAmtBeforeMarkUp": "1.65",
"markUpRateApplied": "1.0",
"conversionRate": "0.01650000",
"destinationAmount": "1.63"
}

Response Header:

Status Code: 200 OK
Server : nginx
Content-Type : application/json
Content-Length : 122
X-SERVED-BY : l55c012
X-CORRELATION-ID : 1561181131_570_840006861_l55c012_VDP_WS
X-Backside-Transport : OK OK,OK OK
X-APP-STATUS : 200
X-Global-Transaction-ID : de8c0d945d0dbbcb0a4c8ba9
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=2592000;includeSubdomains
Cache-Control : no-cache, no-store, must-revalidate
Pragma : no-cache
Expires : -1
Date : Sat, 22 Jun 2019 05:25:32 GMT
Connection : keep-alive

Hi @boav_rum,

Can you please provide me with your use case and what it is that you are trying to do? I'd really like to help you!

Hey,

So I have actually tried it with Postman and it works fine, setting up the certificates as shown: 

CRT file-> C:\Users\username\Desktop\cert.pem
Key file-> C:\Users\username\Desktop\privateKey.pem

And because I am getting an "Expected input credential was not present" rather than an "Incorrect credential" error leads me to think that the certificates are not being sent? 

However, I am pretty sure I have installed the certificate necessary. Please refer to the below picture of my cert store (its the one issued by VDPCA right?). 

Could you explain what "openssl pkcs12 -info -in myP12File.p12" does? I have done it but am still facing this error. Do I need to refer to it somewhere in the code? Additionally, I have tried deploying onto an Android phone so that I do not have to go through a proxy but I am facing the same error as well. You can take a look at the screenshot below. 

I aim to make use of the Forex RatesAPI to provide a convenience feature but for now, I am still simply trying out the API to get a hang of it. 

Please let me know if you need any more information!

Hi @boav_rum,

To add the DigiCert Global Root CA certificate, download it from your VDP Project. Refer to screenshot below.

Once downloaded, you will need to convert the DigiCert Global Root CA certificate from Binary format to Base64 format.

You can do this by using Windows Certificate Management:

Windows Certificate Management

1. Double-click on the DigiCertGlobalRootCA.crt file to open it into the certificate display.
2. Select the Details tab, then select the Copy to file button.
3. Click Next on the Certificate Wizard.
4. Select Base-64 encoded X.509 (.CER), then Next.
5. Select Browse (to locate a destination) and type in the filename DigiCertGlobalRootCA.
6. Click Save. You now have the file DigiCertGlobalRootCA.cer

Then, run the following keytool command to add it to your truststore.

C:\Users\dtranyee\Documents\Test Project\20190621 Foreign Exchange Rates test1>keytool -import -alias DigiCertGlobalCA -file DigiCertGlobalRootCA.crt -storetype JKS -keystore clientkeystore.jks

After you hit "Enter" you will see the Command Prompt have the following output:

Enter keystore password:
Owner: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: 83be056904246b1a1756ac95991c74a
Valid from: Thu Nov 09 16:00:00 PST 2006 until: Sun Nov 09 16:00:00 PST 2031
Certificate fingerprints:
MD5: 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
SHA1: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
SHA256: 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f.......
0010: B2 3D D1 55 .=.U
]
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]

#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f.......
0010: B2 3D D1 55 .=.U
]
]

Trust this certificate? [no]: yes
Certificate was added to keystore

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore clientkeystore.jks -destkeystore clientkeystore.jks -deststoretype pkcs12".

C:\Users\dtranyee\Documents\Test Project\20190621 Foreign Exchange Rates test1>

Next, to add the root certificate to your clientkeystore.jks file (Note: I named my .jks filename to be "clientkeystore.jks" and it's in the same folder as my public and private key. After downloading the VDPCA-SBX.pem file I put it in the same folder) place the VDPCA-SBX.pem file into your project app folder where the public and private key are (please refer to screenshot below for my project folder).

Using the Command Prompt, I ran the command below to add the VDP CA Root Public Certificate to the keystore:

keytool -import -alias ejbca -keystore clientkeystore.jks -file VDPCA-SBX.pem -storepass abcdef

After running the command above, this is what I will see in my command prompt.

Command Prompt Output:

C:\Users\dtranyee\Documents\Test Project\20190621 Foreign Exchange Rates test1>keytool -import -alias ejbca -keystore clientkeystore.jks -file VDPCA-SBX.pem -storepass abcdef
Owner: C=US, O=VDPVISACA, CN=VDPCA
Issuer: C=US, O=VDPVISACA, CN=VDPCA
Serial number: 2d1ed295f96ad97a
Valid from: Thu Jul 23 21:27:37 PDT 2015 until: Sun Jul 20 21:27:37 PDT 2025
Certificate fingerprints:
MD5: 86:73:94:83:49:00:9D:82:CF:A0:BD:FE:F2:E3:95:F3
SHA1: A9:30:33:1C:EC:50:7C:71:60:51:4E:03:FF:9E:C1:CA:E6:FE:EC:C4
SHA256: 8D:65:FA:35:59:FD:C3:43:F0:E6:F0:DF:AB:03:DE:49:F3:76:14:20:22:69:C4:B2:56:1A:AC:24:07:7B:C1:F6
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AF DD 6E B6 A0 4B 9C 79 B9 16 08 62 E6 23 31 10 ..n..K.y...b.#1.
0010: A7 82 EB A1 ....
]
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]

#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AF DD 6E B6 A0 4B 9C 79 B9 16 08 62 E6 23 31 10 ..n..K.y...b.#1.
0010: A7 82 EB A1 ....
]
]

Trust this certificate? [no]: yes
Certificate was added to keystore

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore clientkeystore.jks -destkeystore clientkeystore.jks -deststoretype pkcs12".

C:\Users\dtranyee\Documents\Test Project\20190621 Foreign Exchange Rates test1>

Then afterwards, you can try to test with SoapUI for Foreign Exchange Rates and you will get a successful 200 OK response (refer to SoapUI Foreign Exchange Rates screenshot below. I got a 200 OK response. Multiple screenshots of SoapUi show that I'm scrolling right to see the successful Response).

For instructions on how to setup SoapUI for Two-Way (Mutual SSL) please go here - https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl

You can also see the successful response in SoapUI XML format:

Hope that helps and hope you're having a happy day!

I followed your guide but i am not getting anything in the test data step. What could have gone wrong here?

Potato streams firestick

Thanks a lot for such a brief explanation of the topic i was too stucked on the same issue now thanks to you got it completely.

Hi @mantis07,

When you say that you are not getting anything in the test data step, can you please explain what it is that you do not understand?

I'll provide more clarification in this forum thread for you, to further your understanding of the Test Data topic.

When you create a test App in our sandbox you will receive test data in your App. The test data for your Visa Developer application is available in the Dashboard under test data in the left navigation, this will ensure that you are using valid data that has been provisioned for specific scenarios. You will basically have a table per API that is split into the Request and Response sections and the values on the Request section are meant to be populated in the payload with the intention of obtaining results specified in the Response section.
 
Sandbox data is limited to what is provided in the Test Data tables and is not integrated to the Visa Network and you cannot test real data in sandbox.

Hi @Christopher1238,

Thanks for letting us know that my explanation has helped resolve your issue. I'm always happy to hear such things and to know, yet, another end user was helped by my comments today. 

Feel free to submit other questions or comments to the forum.  Thanks!

Hey,

Apologies for the late reply. I have created and added the CA (DigiCertGlobalRootCA.cer) and Visa (VDPCA-SBX.pem) certificates to the clientkeystore.jks file but would like to just ask: where do I make use of the private and public keys of my project now? Do I need to import them to the keystore as well?

Thanks