Re: Card on file API


Card on file API



I am getting the following error from the card on file API:

{"responseStatus": {
"status": 401,
"code": "9208",
"severity": "ERROR",
"message": "Token validation failed",
"info": ""


This seems to mean that the x-pay-token is incorrect.  However, the API for card-on-file makes no mention of requireing the x-pay-token.


I am doing Basic Authentication, mutual-ssl and message level encryption.  Do I also have to do x-pay-token?



Visa Developer Support Specialist

Re: Card on file API

Hi @devin,


The 401 Token Validation Failed error you're getting will be seen when the x-pay-token sent in the header is invalid.


A couple of things I'd like you to note while generating the token:


1. To start, please follow the Working with Visa APIs > Authentication > X-Pay Token guide to generate a valid token.


2. APIkey in the url query param should be the same as the one used to generate xpayToken


3. “resourcePath” sent in the xpaytoken has to be as per the documentation (eg: v2/payments?apikey={apikey}).


4. Payload sent in the request payload should exactly match along with spaces to the “requestBody” value used in xpaytoken.


Can you please provide the request payload of this API call? It's possible that you're missing a field or have an inaccurate format. I'd like to see screenshot attachments of the error provided, if possible.


Also, could you check to see if you're passing a correct value for URI. For example, make sure it’s defined correctly in the beginning of your code, and use the same value for the URI in the middle of your code. In general, for cases like this (i.e. “helloworld works, but the API XX doesn’t”) I'd like to ask of you, if you could, to please extend your SOAPUI project, and make sure that you can call a particular API from SOAPUI project first.





Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.


Re: Card on file API



I am not sending any x-pay-token at all because the Card on file API doesn't list it as a required header.  I am doing mutual ssl, Basic Authentication and message level encryption.  Does it really require x-pay-token as well!


I also don't seem to have a shared secret in my credentials.  I will see if I can create this.



I checked my account and there is no API key or shared secret.  how to I get these?


Re: Card on file API



It turns out it is not a x-pay-token issue.  This is not required for this API.  The token is related to the message level encryption that is required for this API.  However, the problem is that the code sample for the message level encryption is incorrect on the Visa help.  It encrypts the data with the public key but you are supposed to encrypt the data with a CEK and then encrypt the CEK with the public key. 




Re: Card on file API

Not sure if I understand your question. If you are asking if you have to pay to use these APIs, I am not sure. I am guessing yes. I am doing this for my company so I don't know about costs.