Re: Cannot connect to Offers API

gavnewalkar

Hi All,

I'm trying to run the following:

    public static void main(String[] args) throws Exception {
        ApiClient apiClient = new ApiClient();

        // Configure HTTP basic authorization: basicAuth
        apiClient.setUsername("xxxx"); // From project dashboard -> credentials
        apiClient.setPassword("xxxx"); // From project dashboard -> credentials
        apiClient.setKeystorePath("xxxx"); // Path to .p12 file after following getting started guide
        apiClient.setKeystorePassword("xxxx"); // Password for .p12 file
        apiClient.setPrivateKeyPassword("xxxx"); // Password for .p12 file

        VopOffersApi apiInstance = new VopOffersApi(apiClient);

        String communityCode = Arrays.asList("communityCode_example").get(0); // Community Code : mandatory

        Integer offerId = Arrays.asList(56).get(0); // Offer Id : optional

        String status = Arrays.asList("status_example").get(0); // Status : optional

        OfferCommunitygetResponse result = apiInstance. getofferCommunity(communityCode, offerId, status);
        System.out.println(result);
    }

I get the following error:

"Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://sandbox.api.visa.com/vop/v1/offers/community": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

... followed by a huge stacktrace.

Note: I do not use a proxy server.

Note: I successfully followed the getting started guide and could connect to https://sandbox.api.visa.com/vdp/helloworld via postman.

API_Products

Hey @gavnewalkar,

We observe that you you are experiencing connectivity issues related to improper use of certs.

So, this is the format for the key generation that we personally use:

These commands to generate a keystore and create a csr from it to submit a csr for an app/project

• keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore test.jks -storepass passwordHere -keypass passwordHere -dname "CN=cnHere, OU=occupationHere, O=orgHere, L=locationHere, ST=stateHere, C=countryHere"
• keytool -certreq -alias client -keystore test.jks -storepass passwordHere -keypass passwordHere -file test.csr

These commands to bind the 3 certs from the credentials page to your keystore

• keytool -import -alias DigiCertGlobalCA -keystore test.jks -file DigiCertGlobalRootCA.crt -storepass passwordHere -keypass passwordHere
• keytool -import -alias ejbca -keystore test.jks -file VDPCA-SBX.pem -storepass passwordHere -keypass passwordHere
• keytool -import -alias client -keystore test.jks -file cert.pem -storepass passwordHere -keypass passwordHere!

If you have more information about credentials, keep us in the loop.

Updating credentials on line 87:
       // Configure HTTP basic authorization: basicAuth
apiClient.setUsername("YOUR USERNAME");
apiClient.setPassword("YOUR PASSWORD");
apiClient.setKeystorePath("YOUR KEYSTORE PATH");
apiClient.setKeystorePassword("YOUR KEYSTORE PASSWORD");
apiClient.setPrivateKeyPassword("YOUR PRIVATEKEY PASSWORD");

// To set proxy uncomment the below lines
       // apiClient.setProxyHostName("proxy.address@example.com");
       // apiClient.setProxyPortNumber(0000);

The proxy information may not be required and should only be edited only if connection issues result from the apiClient tests.

Please let us know if your issue is resolved or if the issue persists.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

gavnewalkar

Hi Diana,

Thank you for those instructions. I'm getting an error in the last step. Here's what I did:

1 - Delete my project and create a brand new one.

2 - Download my private key as instructed.

3 - Goto the project's Credentials section and download the project's cert.pem, the VDPCA-SBX.pem file and the DigiCertGlobalRootCA.crt file.

4 - I ran the following:

keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore test.jks -storepass passwordHere -keypass passwordHere -dname "CN=cnHere, OU=occupationHere, O=orgHere, L=locationHere, ST=stateHere, C=countryHere"
keytool -certreq -alias client -keystore test.jks -storepass passwordHere -keypass passwordHere -file test.csr
keytool -import -alias DigiCertGlobalCA -keystore test.jks -file DigiCertGlobalRootCA.crt -storepass passwordHere -keypass passwordHere
keytool -import -alias ejbca -keystore test.jks -file VDPCA-SBX.pem -storepass passwordHere -keypass passwordHere
keytool -import -alias client -keystore test.jks -file cert.pem -storepass passwordHere -keypass passwordHere

The last command (with "-alias client") fails with this message:

$ keytool -import -alias client -keystore test.jks -file cert.pem -storepass passwordHere -keypass passwordHere
keytool error: java.lang.Exception: Public keys in reply and keystore don't match

API_Products

Hey @gavnewalkar,

We recommend you to use the VDC Playground tool for your testing. Can you please download this tool and test from there? You'll be able to download this tool from your Project > Asset tab.

You can find the guide on Getting Started with VDC Playground from this blog post here - https://developer.visa.com/pages/visa-developer-center-playground

Using VDC Playground to sandbox test should resolve your issue. Please share your test results with us and let us know if I can help with anything else.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

gavnewalkar

Hi DianaTran-Yee,

I downloaded the VDC playground, launched the application, and followed the instructions here: https://developer.visa.com/pages/visa-developer-center-playground

I searched for the only GET query I can find: https://sandbox.api.visa.com/vop/v1/merchants/groups?communityCode=123m

This seemed to work. I got a 200 with a JSON response!!

Note that I'm looking here to find URLs: https://developer.visa.com/capabilities/vop/reference

How do I now translate this success into the actual offers_api application? This was the code from my original question, which is part of com.visa.developer.sample.offers_api.VisaExample (java code). I'm just trying to get that main method working.

I'm guessing that I need to change these lines somehow to simulate my success with the Playground:

apiClient.setUsername("GBFxxx");
apiClient.setPassword("P1Oxxx");
apiClient.setKeystorePath("???"); <-- what goes here?
apiClient.setKeystorePassword("???");
apiClient.setPrivateKeyPassword("???");

I would like to know what do to just be able to use the public and private key values that the Playground used via Manual SSL.

Should there be some sort of apiClient.setPublicKey() and apiClient.setPrivateKey() ?

API_Products

Hey @gavnewalkar,

Your jks file goes there. You can refer to this link to help resolve the issue - https://community.developer.visa.com/t5/Connection-Security-Errors/Always-getting-quot-Expected-inpu...

Please make sure that your certs are in proper use. If you have already created a jks file using VDC playground then you can use the path for that jks file.

If you haven't created a jks file, this is the format for the key generation that we personally use for keytool:

These commands to generate a keystore and create a csr from it to submit a csr for an app/project

• keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore test.jks -storepass passwordHere -keypass passwordHere -dname "CN=cnHere, OU=occupationHere, O=orgHere, L=locationHere, ST=stateHere, C=countryHere"
• keytool -certreq -alias client -keystore test.jks -storepass passwordHere -keypass passwordHere -file test.csr

These commands to bind the 3 certs from the credentials page to your keystore

• keytool -import -alias DigiCertGlobalCA -keystore test.jks -file DigiCertGlobalRootCA.crt -storepass passwordHere -keypass passwordHere
• keytool -import -alias ejbca -keystore test.jks -file VDPCA-SBX.pem -storepass passwordHere -keypass passwordHere
• keytool -import -alias client -keystore test.jks -file cert.pem -storepass passwordHere -keypass passwordHere!

Please try this and share your test results with us.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

ninja

You can test whether your keys are valid using ScratchPad. Try these steps.

1. Go to Scratchpad (https://webservices.amazon.com/scratchpad/index.html).
2. From the left sidebar, navigate to “Select operation” -> “SEARCH” -> “ItemSearch”
3. Fill the form.
a) In the “Common parameters” section, fill the followings,
– Marketplace: webservices.amazon.<your locale>
– Associate Tag: your associate tag issued by Amazon Associates
– Access Key ID: the one issued by Amazon Associates
– Secret Access Key: the one issued by Amazon Associates
b) In the “Request parameters” section, fill the followings,
– Searchindex: All
– Keywords: WordPress
– ResponseGroup: Images, ItemAttributes, Offers (keep this untouched)
4. Press the “Run request” button.

If successful, products should be listed at the bottom part of the page. Let me know what you get.

mcdvoice