Cybersouce Token Validation issue

tomzapple
Helper

Cybersouce Token Validation issue

Hi,

 

A basic API call to https://sandbox.api.visa.com/cybersource/v2/payments?apikey={{apikey}} fails with token validation error on Postman.

 

My pre-request script is :

var crypto = require("crypto-js");
var timestamp = Math.floor(Date.now() / 1000);

// var obj = {};// This is empty body. Uncomment the following to get the complete body

 var obj = {
"clientReferenceInformation": {
"code": "TC50171_3"
},
"processingInformation": {
"commerceIndicator": "internet"
},
"aggregatorInformation": {
"subMerchant": {
"cardAcceptorID": "1234567890",
"country": "US",
"phoneNumber": "650-432-0000",
"address1": "900 Metro Center",
"postalCode": "94404-2775",
"locality": "Foster City",
"name": "Visa Inc",
"administrativeArea": "CA",
"region": "PEN",
"email": "test@cybs.com"
},
"name": "V-Internatio",
"aggregatorID": "123456789"
},
"orderInformation": {
"billTo": {
"country": "US",
"lastName": "VDP",
"address2": "Address 2",
"address1": "201 S. Division St.",
"postalCode": "48104-2201",
"locality": "Ann Arbor",
"administrativeArea": "MI",
"firstName": "RTS",
"phoneNumber": "999999999",
"district": "MI",
"buildingNumber": "123",
"company": "Visa",
"email": "test@cybs.com"
},
"amountDetails": {
"totalAmount": "102.21",
"currency": "USD"
}
},
"paymentInformation": {
"card": {
"expirationYear": "2031",
"number": "5555555555554444",
"securityCode": "123",
"expirationMonth": "12",
"type": "002"
}
}
}

var postBody = JSON.stringify(obj);
console.log(postBody);
var resourcePath = 'v2/payments';
var queryParams = 'apikey=' + pm.environment.get("apikey");
console.log(queryParams);
var sharedSecret = pm.environment.get("shared_key");
console.log(sharedSecret);
var preHashString = timestamp + resourcePath + queryParams + postBody;
var hashString = CryptoJS.HmacSHA256(preHashString, sharedSecret).toString(CryptoJS.enc.Hex);

var xPayToken = 'xv2:' + timestamp + ':' + hashString;

console.log(xPayToken);

pm.environment.set("x_pay_token", xPayToken);

My headers are 

x-pay-token:{{x_pay_token}}
Content-Type:application/json

I do pass the api key from an environment variable and the x-pay-token gets generated in the pre-request script.

One thing to note -

When I try to generate the x-pay-token with an empty body, I do get a response from the server 

 

{
    "submitTimeUtc": "2019-02-25T16:08:03Z",
    "status": "INVALID_REQUEST",
    "reason": "MISSING_FIELD",
    "message": "Declined - The request is missing one or more fields",
    "details": [
        {
            "field": "orderInformation.billTo.locality",
            "reason": "MISSING_FIELD"
        },
        {
            "field": "recipientInformation.card.number",
            "reason": "MISSING_FIELD"
        },
        {
            "field": "orderInformation.billTo.lastName",
            "reason": "MISSING_FIELD"
        },
        {
            "field": "orderInformation.billTo.email",
            "reason": "MISSING_FIELD"
        },
        {
            "field": "orderInformation.billTo.address1",
            "reason": "MISSING_FIELD"
        },
        {
            "field": "orderInformation.billTo.country",
            "reason": "MISSING_FIELD"
        }
    ]
}

This makes me think that my issue is with the post data body. The post data body is the same as provided in the API docs.

Please help.

 

Thanks,

Tom

 

14 REPLIES 14
jvenkata
Community Moderator

Re: Cybersouce Token Validation issue

Hi,

 

Thanks for your inquiry. We are currently looking into this. Will keep you posted soon.

 

Thanks,

Jai

jvenkata
Community Moderator

Re: Cybersouce Token Validation issue

Hi,

 

I ran into similar issues using the information provided by you. Please see below updated pre-request Script. This one works on my end.

 

var crypto = require("crypto-js");

//var obj = {};// This is empty body. Uncomment the following to get the complete body

var payload = '{ "clientReferenceInformation":   {   "code":   "TC50171_3"   },  "processingInformation":   {   "commerceIndicator":   "internet"   },"aggregatorInformation": { "subMerchant":  { "cardAcceptorID": "1234567890", "country": "US",  "phoneNumber": "650-432-0000", "address1":"900 Metro  Center", "postalCode":  "94404-2775", "locality": "Foster  City", "name": "Visa  Inc", "administrativeArea":  "CA", "region":"PEN", "email": "test@cybs.com"  }, "name": "V-Internatio", "aggregatorID":  "123456789" }, "orderInformation": {  "billTo": { "country":"US", "lastName": "VDP", "address2": "Address 2", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor","administrativeArea": "MI", "firstName": "RTS", "phoneNumber": "999999999", "district": "MI", "buildingNumber": "123", "company": "Visa","email":  "test@cybs.com" },  "amountDetails":  { "totalAmount":  "102.21",  "currency": "USD"  } },  "paymentInformation":  { "card":  {"expirationYear":  "2031",  "number":   "5555555555554444",  "securityCode":  "123",  "expirationMonth":  "12",  "type":   "002"  }  }  }';
//var postBody = obj;
console.log(payload);
var resourcePath = 'v2/payments';
var APIKey = 'YOUR_API_KEY';
var queryParams = 'apikey='+APIKey;
console.log(queryParams);
var sharedSecret = 'YOUR_SHARED_SECRET';
var timestamp = Math.floor(Date.now() / 1000);
console.log(sharedSecret);
var preHashString = timestamp + resourcePath + queryParams + payload;
var hashString = CryptoJS.HmacSHA256(preHashString, sharedSecret).toString(CryptoJS.enc.Hex);
var xPayToken = 'xv2:' + timestamp + ':' + hashString;

console.log(xPayToken);

pm.environment.set("x_pay_token", xPayToken);

Please see below request body

{ "clientReferenceInformation": { "code": "TC50171_3" }, "processingInformation": { "commerceIndicator": "internet" },"aggregatorInformation": { "subMerchant": { "cardAcceptorID": "1234567890", "country": "US", "phoneNumber": "650-432-0000", "address1":"900 Metro Center", "postalCode": "94404-2775", "locality": "Foster City", "name": "Visa Inc", "administrativeArea": "CA", "region":"PEN", "email": "test@cybs.com" }, "name": "V-Internatio", "aggregatorID": "123456789" }, "orderInformation": { "billTo": { "country":"US", "lastName": "VDP", "address2": "Address 2", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor","administrativeArea": "MI", "firstName": "RTS", "phoneNumber": "999999999", "district": "MI", "buildingNumber": "123", "company": "Visa","email": "test@cybs.com" }, "amountDetails": { "totalAmount": "102.21", "currency": "USD" } }, "paymentInformation": { "card": {"expirationYear": "2031", "number": "5555555555554444", "securityCode": "123", "expirationMonth": "12", "type": "002" } } }

 

Please let me know if you are still facing any issues.

 

Thanks,

Jai

tomzapple
Helper

Re: Cybersouce Token Validation issue

Thank you for reaching out to me, however I still am facing similar issues.

 

Copying pre-request script and the request body from your response above and pasting it in Postman, I still got the token validation error. I feel it has to do with the clipboard copying of json content and pasting it on to postman (I use an OSX Version 10.14.2).

 

However after copying just the pre-request script and copying the payload from within the script as illustrated below

Screen Shot 2019-02-25 at 9.33.53 PM.png 

, I start getting a 502 error and the response is as follows

 

{
    "submitTimeUtc": "2019-02-26T03:37:27Z",
    "status": "SERVER_ERROR",
    "reason": "SYSTEM_ERROR",
    "message": "Error - General system failure."
}

The response headers are as follows 

Server →Apache
X-SERVED-BY →l55c010
X-CORRELATION-ID →1551152246_555_95_l55c010_VDP_ARM
X-Cnection →close
x-response-time →364ms
v-c-correlation-id →b58625d6-ffc3-4481-9b9d-8f9a04ba0c7d
X-APP-STATUS →502
X-Frame-Options →SAMEORIGIN
X-XSS-Protection →1; mode=block
X-Content-Type-Options →nosniff
Strict-Transport-Security →max-age=2592000;includeSubdomains
Cache-Control →no-cache, no-store, must-revalidate
Pragma →no-cache
Expires →-1
Content-Type →application/json
Content-Length →132
Date →Tue, 26 Feb 2019 03:37:27 GMT
Connection →close
Set-Cookie →bm_sv=B4A58D18EAFB417FE8D2B1FB18974744~Akh/zlCdFeSIrMO+NBYm8/H+NcGqGq+HW8e+LnK8pay/jTvfldqodXBfRZgUHp4NBS5V3j/7h7AHEaKMEiJqP9HlgNGoRczRqeHfK4usm6cinIAbfEZTK5mQ2IeoV39uq1F6SUI6gbmHBoDCa+2j03+ThXF10aqJTvP2Phai/C4=; Domain=.api.visa.com; Path=/; Max-Age=5819; HttpOnly

Please help.

Thanks,

Wagner753
Newbie

Re: Cybersouce Token Validation issue

CyberSource Token Management Service replaces sensitive payment data in your environment with a unique identifier or token that cannot be mathematically reversed, enabling you to run payment operations without handling raw payment data vidmate

jvenkata
Community Moderator

Re: Cybersouce Token Validation issue

Hi,

 

We dont see token validation issues this time. However I do see the below error messages in our logs. Seems to be postman issue. Can you please check the version of your postman  ?

 

Error logs

header [postman-token] is not valid header in the request

Untrusted Cookies found in the request, which are [ak_bmsc, bm_sv]

 

Further I just tried again, Cybersource service is up and running in sandbox and got a valid response.

 

Please check above and try again and let me know.

 

Thank you !

 

Jai

tomzapple
Helper

Re: Cybersouce Token Validation issue

Hi Jai,

I still have no luck on this. My Postman version is Version 6.7.4 (6.7.4). You are right the token validation issues have resolved, instead i get the following error again.

{
"submitTimeUtc": "2019-02-26T23:42:43Z",
"status": "SERVER_ERROR",
"reason": "SYSTEM_ERROR",
"message": "Error - General system failure."
}

Meanwhile, i also have implemented code in NodeJS I get the same faliure respose as above. So this may not be a Postman issue. 

 

Please help.

Tom.

jvenkata
Community Moderator

Re: Cybersouce Token Validation issue

Hi Tom,

 

Sorry to know that you are still stuck.

 

Please refer to the below Cybsersource Node JS sample code snippet and try using this. This works fine on my end. Hope it works for you too.

 

/*    CYBERSOURCE PAYEMENT
---------------------------------*/
'use strict';
var request = require("request");
var payload = {
		"clientReferenceInformation": {
			"code": "TC50171_3"
		},
		"processingInformation": {
			"commerceIndicator": "internet"
		},
			"aggregatorInformation": {
			"subMerchant": {
			"cardAcceptorID": "1234567890",
			"country": "US",
			"phoneNumber": "650-432-0000",
			"address1": "900 Metro Center",
			"postalCode": "94404-2775",
			"locality": "Foster City",
			"name": "Visa Inc",
			"administrativeArea": "CA",
			"region": "PEN",
			"email": "test@cybs.com"
		},
			"name": "V-Internatio",
			"aggregatorID": "123456789"
		},
		"orderInformation": {
		"billTo": {
			"country": "US",
			"lastName": "VDP",
			"address2": "Address 2",
			"address1": "201 S. Division St.",
			"postalCode": "48104-2201",
			"locality": "Ann Arbor",
			"administrativeArea": "MI",
			"firstName": "RTS",
			"phoneNumber": "999999999",
			"district": "MI",
			"buildingNumber": "123",
			"company": "Visa",
			"email": "test@cybs.com"
		},
		"amountDetails": {
			"totalAmount": "102.21",
			"currency": "USD"
		}
		},
		"paymentInformation": {
		"card": {
			"expirationYear": "2031",
			"number": "5555555555554444",
			"securityCode": "123",
			"expirationMonth": "12",
			"type": "002"
		}
	}
};

var APIKey="YOUR_API_KEY";
var sharedSecret="YOUR_SHARED_SECRET";
var resourcePath = "v2/payments";
var queryParams = 'apikey=' + APIKey;
var timestamp = Math.floor(Date.now() / 1000);
var preHashString = timestamp + resourcePath + queryParams + JSON.stringify(payload);
var crypto = require("crypto");
var hashString = crypto.createHmac("sha256", sharedSecret).update(preHashString).digest().toString('hex');
var xPayToken = "xv2:" + timestamp + ":" + hashString;
var queryParameters = {};
queryParameters["apikey"] = APIKey;
var headers = {};
headers['Content-Type'] = 'application/json';
headers['x-pay-token'] = xPayToken;

var req = {
    method: "POST",
    url: "https://sandbox.api.visa.com/cybersource/v2/payments",
    qs: queryParameters,
    headers: headers,
    body: JSON.stringify(payload),
    proxy: "YOUR_PROXY_URL"
}


console.log(req);
request(req, function (error, response, body) {
    //console.log(error);
    console.log(response);
    //console.log(body);
});

Thanks,
Jai

tomzapple
Helper

Re: Cybersouce Token Validation issue

Hi Jai, 

Thank you for reaching back again on this.

I still get the same response while running your JS code at my side by just replacing my api_key and shared_secret which is as follows

 

{"submitTimeUtc":"2019-02-27T23:18:35Z","status":"SERVER_ERROR","reason":"SYSTEM_ERROR","message":"Error - General system failure."}

The only other change to the code would be not using the proxy URL in the request object.

 

Please help.

Thanks, 

Thomson.

jvenkata
Community Moderator

Re: Cybersouce Token Validation issue

Hi Tom,

 

Can you please share the x-correlation-id from the response header for the Node JS request ?

 

Thanks,

Jai