CyberSource Payment API -payments/v1/authorizations,Token validation failed,Code=9159

Regular Visitor

CyberSource Payment API -payments/v1/authorizations,Token validation failed,Code=9159


I use SoapUI  to test  CyberSource Payment API.

I got the error Code 9159."Token validation failed" . Could you help me ? 


===Groovy Script =====

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
def hmac(String secretKey, String data) {
Mac mac = Mac.getInstance("HmacSHA256")
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256")
byte[] digest = mac.doFinal(data.getBytes())
return digest
def APIKey = 'MyAPIKey"
def sharedSecret ="MysharedSecret"
def URI = "payments/v1/authorizations"
def QS = "apikey="+APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))
def payload = ""
def HMACDigest = hmac(sharedSecret, timeStampUTC + URI + QS + payload)
def encodedDigest = HMACDigest.encodeHex().toString()
def XPayToken = "xv2:"+ timeStampUTC + ":" + encodedDigest
testRunner.testCase.setPropertyValue("xpayToken", XPayToken)


Frequent Helper

Re: CyberSource Payment API -payments/v1/authorizations,Token validation failed,Code=9159

Hello Rey,


The error you are getting will be shown when the x-pay-token sent in the header is invalid.


Few things to note while generating token:

  1. Please follow getting started documentation to generate a valid token.
  2. APIkey in the url query param should be same as the one used to generate xpayToken
  3. “resourcePath” sent in the xpaytoken has to be as per the documentation (eg: for keys à payments/flex/v1/keys).
  4. Payload sent in the request payload should exactly match along with spaces to the “requestBody” value used in xpaytoken.



For Flex Keys resource we have to send xpaytoken{apikey}


for flex Tokens there will be no xpaytoken


Try this out and keep me updated!

Regular Visitor

Re: CyberSource Payment API -payments/v1/authorizations,Token validation failed,Code=9159

I still got the same problem When I use SoapUI.

I downloaded  Pyhton  sample code  to run nosetests. Token Valid is ok.(That mean  the value of Apikey, Shared Secret is correct).

Could you help me to view attach file(it it SoapUI screen),Groovy code ? 

Thanks !