Hi,
A basic API call to https://sandbox.api.visa.com/cybersource/v2/payments?apikey={{apikey}} fails with token validation error on Postman.
My pre-request script is :
var crypto = require("crypto-js"); var timestamp = Math.floor(Date.now() / 1000); // var obj = {};// This is empty body. Uncomment the following to get the complete body var obj = { "clientReferenceInformation": { "code": "TC50171_3" }, "processingInformation": { "commerceIndicator": "internet" }, "aggregatorInformation": { "subMerchant": { "cardAcceptorID": "1234567890", "country": "US", "phoneNumber": "650-432-0000", "address1": "900 Metro Center", "postalCode": "94404-2775", "locality": "Foster City", "name": "Visa Inc", "administrativeArea": "CA", "region": "PEN", "email": "test@cybs.com" }, "name": "V-Internatio", "aggregatorID": "123456789" }, "orderInformation": { "billTo": { "country": "US", "lastName": "VDP", "address2": "Address 2", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor", "administrativeArea": "MI", "firstName": "RTS", "phoneNumber": "999999999", "district": "MI", "buildingNumber": "123", "company": "Visa", "email": "test@cybs.com" }, "amountDetails": { "totalAmount": "102.21", "currency": "USD" } }, "paymentInformation": { "card": { "expirationYear": "2031", "number": "5555555555554444", "securityCode": "123", "expirationMonth": "12", "type": "002" } } } var postBody = JSON.stringify(obj); console.log(postBody); var resourcePath = 'v2/payments'; var queryParams = 'apikey=' + pm.environment.get("apikey"); console.log(queryParams); var sharedSecret = pm.environment.get("shared_key"); console.log(sharedSecret); var preHashString = timestamp + resourcePath + queryParams + postBody; var hashString = CryptoJS.HmacSHA256(preHashString, sharedSecret).toString(CryptoJS.enc.Hex); var xPayToken = 'xv2:' + timestamp + ':' + hashString; console.log(xPayToken); pm.environment.set("x_pay_token", xPayToken);
My headers are
x-pay-token:{{x_pay_token}} Content-Type:application/json
I do pass the api key from an environment variable and the x-pay-token gets generated in the pre-request script.
One thing to note -
When I try to generate the x-pay-token with an empty body, I do get a response from the server
{ "submitTimeUtc": "2019-02-25T16:08:03Z", "status": "INVALID_REQUEST", "reason": "MISSING_FIELD", "message": "Declined - The request is missing one or more fields", "details": [ { "field": "orderInformation.billTo.locality", "reason": "MISSING_FIELD" }, { "field": "recipientInformation.card.number", "reason": "MISSING_FIELD" }, { "field": "orderInformation.billTo.lastName", "reason": "MISSING_FIELD" }, { "field": "orderInformation.billTo.email", "reason": "MISSING_FIELD" }, { "field": "orderInformation.billTo.address1", "reason": "MISSING_FIELD" }, { "field": "orderInformation.billTo.country", "reason": "MISSING_FIELD" } ] }
This makes me think that my issue is with the post data body. The post data body is the same as provided in the API docs.
Please help.
Thanks,
Tom
Hi,
Thanks for your inquiry. We are currently looking into this. Will keep you posted soon.
Thanks,
Jai
Hi,
I ran into similar issues using the information provided by you. Please see below updated pre-request Script. This one works on my end.
var crypto = require("crypto-js"); //var obj = {};// This is empty body. Uncomment the following to get the complete body var payload = '{ "clientReferenceInformation": { "code": "TC50171_3" }, "processingInformation": { "commerceIndicator": "internet" },"aggregatorInformation": { "subMerchant": { "cardAcceptorID": "1234567890", "country": "US", "phoneNumber": "650-432-0000", "address1":"900 Metro Center", "postalCode": "94404-2775", "locality": "Foster City", "name": "Visa Inc", "administrativeArea": "CA", "region":"PEN", "email": "test@cybs.com" }, "name": "V-Internatio", "aggregatorID": "123456789" }, "orderInformation": { "billTo": { "country":"US", "lastName": "VDP", "address2": "Address 2", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor","administrativeArea": "MI", "firstName": "RTS", "phoneNumber": "999999999", "district": "MI", "buildingNumber": "123", "company": "Visa","email": "test@cybs.com" }, "amountDetails": { "totalAmount": "102.21", "currency": "USD" } }, "paymentInformation": { "card": {"expirationYear": "2031", "number": "5555555555554444", "securityCode": "123", "expirationMonth": "12", "type": "002" } } }'; //var postBody = obj; console.log(payload); var resourcePath = 'v2/payments'; var APIKey = 'YOUR_API_KEY'; var queryParams = 'apikey='+APIKey; console.log(queryParams); var sharedSecret = 'YOUR_SHARED_SECRET'; var timestamp = Math.floor(Date.now() / 1000); console.log(sharedSecret); var preHashString = timestamp + resourcePath + queryParams + payload; var hashString = CryptoJS.HmacSHA256(preHashString, sharedSecret).toString(CryptoJS.enc.Hex); var xPayToken = 'xv2:' + timestamp + ':' + hashString; console.log(xPayToken); pm.environment.set("x_pay_token", xPayToken);
Please see below request body
{ "clientReferenceInformation": { "code": "TC50171_3" }, "processingInformation": { "commerceIndicator": "internet" },"aggregatorInformation": { "subMerchant": { "cardAcceptorID": "1234567890", "country": "US", "phoneNumber": "650-432-0000", "address1":"900 Metro Center", "postalCode": "94404-2775", "locality": "Foster City", "name": "Visa Inc", "administrativeArea": "CA", "region":"PEN", "email": "test@cybs.com" }, "name": "V-Internatio", "aggregatorID": "123456789" }, "orderInformation": { "billTo": { "country":"US", "lastName": "VDP", "address2": "Address 2", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor","administrativeArea": "MI", "firstName": "RTS", "phoneNumber": "999999999", "district": "MI", "buildingNumber": "123", "company": "Visa","email": "test@cybs.com" }, "amountDetails": { "totalAmount": "102.21", "currency": "USD" } }, "paymentInformation": { "card": {"expirationYear": "2031", "number": "5555555555554444", "securityCode": "123", "expirationMonth": "12", "type": "002" } } }
Please let me know if you are still facing any issues.
Thanks,
Jai
Thank you for reaching out to me, however I still am facing similar issues.
Copying pre-request script and the request body from your response above and pasting it in Postman, I still got the token validation error. I feel it has to do with the clipboard copying of json content and pasting it on to postman (I use an OSX Version 10.14.2).
However after copying just the pre-request script and copying the payload from within the script as illustrated below
, I start getting a 502 error and the response is as follows
{ "submitTimeUtc": "2019-02-26T03:37:27Z", "status": "SERVER_ERROR", "reason": "SYSTEM_ERROR", "message": "Error - General system failure." }
The response headers are as follows
Server →Apache X-SERVED-BY →l55c010 X-CORRELATION-ID →1551152246_555_95_l55c010_VDP_ARM X-Cnection →close x-response-time →364ms v-c-correlation-id →b58625d6-ffc3-4481-9b9d-8f9a04ba0c7d X-APP-STATUS →502 X-Frame-Options →SAMEORIGIN X-XSS-Protection →1; mode=block X-Content-Type-Options →nosniff Strict-Transport-Security →max-age=2592000;includeSubdomains Cache-Control →no-cache, no-store, must-revalidate Pragma →no-cache Expires →-1 Content-Type →application/json Content-Length →132 Date →Tue, 26 Feb 2019 03:37:27 GMT Connection →close Set-Cookie →bm_sv=B4A58D18EAFB417FE8D2B1FB18974744~Akh/zlCdFeSIrMO+NBYm8/H+NcGqGq+HW8e+LnK8pay/jTvfldqodXBfRZgUHp4NBS5V3j/7h7AHEaKMEiJqP9HlgNGoRczRqeHfK4usm6cinIAbfEZTK5mQ2IeoV39uq1F6SUI6gbmHBoDCa+2j03+ThXF10aqJTvP2Phai/C4=; Domain=.api.visa.com; Path=/; Max-Age=5819; HttpOnly
Please help.
Thanks,
CyberSource Token Management Service replaces sensitive payment data in your environment with a unique identifier or token that cannot be mathematically reversed, enabling you to run payment operations without handling raw payment data vidmate
Hi,
We dont see token validation issues this time. However I do see the below error messages in our logs. Seems to be postman issue. Can you please check the version of your postman ?
Error logs
header [postman-token] is not valid header in the request
Untrusted Cookies found in the request, which are [ak_bmsc, bm_sv]
Further I just tried again, Cybersource service is up and running in sandbox and got a valid response.
Please check above and try again and let me know.
Thank you !
Jai
Hi Jai,
I still have no luck on this. My Postman version is Version 6.7.4 (6.7.4). You are right the token validation issues have resolved, instead i get the following error again.
{ "submitTimeUtc": "2019-02-26T23:42:43Z", "status": "SERVER_ERROR", "reason": "SYSTEM_ERROR", "message": "Error - General system failure." }
Meanwhile, i also have implemented code in NodeJS I get the same faliure respose as above. So this may not be a Postman issue.
Please help.
Tom.
Hi Tom,
Sorry to know that you are still stuck.
Please refer to the below Cybsersource Node JS sample code snippet and try using this. This works fine on my end. Hope it works for you too.
/* CYBERSOURCE PAYEMENT ---------------------------------*/ 'use strict'; var request = require("request"); var payload = { "clientReferenceInformation": { "code": "TC50171_3" }, "processingInformation": { "commerceIndicator": "internet" }, "aggregatorInformation": { "subMerchant": { "cardAcceptorID": "1234567890", "country": "US", "phoneNumber": "650-432-0000", "address1": "900 Metro Center", "postalCode": "94404-2775", "locality": "Foster City", "name": "Visa Inc", "administrativeArea": "CA", "region": "PEN", "email": "test@cybs.com" }, "name": "V-Internatio", "aggregatorID": "123456789" }, "orderInformation": { "billTo": { "country": "US", "lastName": "VDP", "address2": "Address 2", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor", "administrativeArea": "MI", "firstName": "RTS", "phoneNumber": "999999999", "district": "MI", "buildingNumber": "123", "company": "Visa", "email": "test@cybs.com" }, "amountDetails": { "totalAmount": "102.21", "currency": "USD" } }, "paymentInformation": { "card": { "expirationYear": "2031", "number": "5555555555554444", "securityCode": "123", "expirationMonth": "12", "type": "002" } } }; var APIKey="YOUR_API_KEY"; var sharedSecret="YOUR_SHARED_SECRET"; var resourcePath = "v2/payments"; var queryParams = 'apikey=' + APIKey; var timestamp = Math.floor(Date.now() / 1000); var preHashString = timestamp + resourcePath + queryParams + JSON.stringify(payload); var crypto = require("crypto"); var hashString = crypto.createHmac("sha256", sharedSecret).update(preHashString).digest().toString('hex'); var xPayToken = "xv2:" + timestamp + ":" + hashString; var queryParameters = {}; queryParameters["apikey"] = APIKey; var headers = {}; headers['Content-Type'] = 'application/json'; headers['x-pay-token'] = xPayToken; var req = { method: "POST", url: "https://sandbox.api.visa.com/cybersource/v2/payments", qs: queryParameters, headers: headers, body: JSON.stringify(payload), proxy: "YOUR_PROXY_URL" } console.log(req); request(req, function (error, response, body) { //console.log(error); console.log(response); //console.log(body); });
Thanks,
Jai
Hi Jai,
Thank you for reaching back again on this.
I still get the same response while running your JS code at my side by just replacing my api_key and shared_secret which is as follows
{"submitTimeUtc":"2019-02-27T23:18:35Z","status":"SERVER_ERROR","reason":"SYSTEM_ERROR","message":"Error - General system failure."}
The only other change to the code would be not using the proxy URL in the request object.
Please help.
Thanks,
Thomson.
Hi Tom,
Can you please share the x-correlation-id from the response header for the Node JS request ?
Thanks,
Jai