Hello.
i need some help. I am calling Payment Process endpoint and i am getting an error code <"401 Unauthorized">. I am creating the x.pay-token like this:
timestamp: 1534795958
resource_path: v2/payments
query_string: apikey=XXXXXXXXXXXXXXXXXXXXX (API key)
request_body:
{
}
but the resource respond with error 401.
Could you tell me what is missing? or what am I doing wrong?
I am generating header like says the web page:
message = timestamp + resource_path + query_string + request_body
Ex: 1534795958 + v2/payments + apikey=XXXXXXXXXXXXXXXXXXXXX +
{"clientReferenceInformation":{"code":"TC50171_3"},......
Thanks.
Solved! Go to Solution
Hi @Bruce_29,
To further investigate, please provide the following information:
1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body
Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.
Hi @DianaTran-Yee
Here my result.
1. End Point : https://sandbox.api.visa.com/cybersource/v2/payments?apikey=36QJGPKJV2SPPTISJG0S21l0l2AtPu3oePrUqBHy...
2. Request Header
x-pay-token : xv2:1534795958:85516902e6073aa64bd40b2dc67b93c9ff972e5be34e708937d8930cc6ee7ab6
Content-Type : application/json
3. Request Body:
{
}
4. Response Header (include the x-correlation-id)
X-CORRELATION-ID →1534801669_206_77_l55c005_VDP_ARM
5. Response Body
Error code is (401 Unauthorized)
{
}
Thanks.
Same issue and for a merchant like me i am pretty bummed about it and tired because this is not the first time i am suffering from this issue. Please real help is needed and would be much appreciated if its done in due time.
Hi @Bruce_29,
The 401 Token Validation Failed error you're getting will be seen when the x-pay-token sent in the header is invalid.
A couple of things I'd like you to note while generating the token:
1. To start, please follow the API Key – Shared Secret (X-Pay-Token) guide to generate a valid token. https://developer.visa.com/pages/working-with-visa-apis/x-pay-token
2. APIkey in the url query param should be the same as the one used to generate xpayToken
3. “resourcePath” sent in the xpaytoken has to be as per the documentation (eg: v2/payments?apikey={apikey}).
4. Payload sent in the request payload should exactly match along with spaces to the “requestBody” value used in xpaytoken.
Also, could you check to see if you're passing a correct value for URI. For example, make sure it’s defined correctly in the beginning of your code, and use the same value for the URI in the middle of your code. In general, for cases like this (i.e. “helloworld works, but the API XX doesn’t”) I'd like to ask of you, if you could, to please extend your SOAPUI project, and make sure that you can call a particular API from SOAPUI project first.
I would suggest to try one more time. If the issue persists, please provide the following information:
1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body
Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.
Hi,
Is Your server time up to date?
VISA will validate the timestamp also, and if example you are generating this x-pay with a timestamp in the future Visa will deny.
Once I have had a problem because minutes in the future compared with oficial time which I think VISA is sincronized.
Sincerely,
Victor.
Hi @DianaTran_Yee
The issue persiste:
1. End Point : https://sandbox.api.visa.com/cybersource/v2/payments?apikey=36QJGPKJV2SPPTISJG0S21l0l2AtPu3oePrUqBHy...
2. Request Header: x-pay-token xv2:1534966731:2fe83af5628e0088c2ca66433a788d54f4907ca0cc9b9b5b0f047d60537926f1
Note: Actually i´m creating request header like this:
- timestamp: 1534966731
- resource_path: v2/payments?apikey=36QJGPKJV2SPPTISJG0S21l0l2AtPu3oePrUqBHyQYe5TUsko
- query_string: apikey=36QJGPKJV2SPPTISJG0S21l0l2AtPu3oePrUqBHyQYe5TUsko
- request_body: {"clientReferenceInformation":{"code":"TC50171_3"},"processingInformation":{"commerceIndicator":"internet"},"paymentInformation":{"card":{"number":"5555555555554444","expirationMonth":"12","expirationYear":"2031","type":"002","securityCode":"123"}},"orderInformation":{"amountDetails":{"totalAmount":"102.21","currency":"USD"},"billTo":{"firstName":"RTS","lastName":"VDP","company":"Visa","address1":"201 S. Division St.","address2":"Address 2","locality":"Ann Arbor","administrativeArea":"MI","postalCode":"48104-2201","country":"US","district":"MI","buildingNumber":"123","email":"test@cybs.com","phoneNumber":"999999999"}},"aggregatorInformation":{"aggregatorID":"123456789","name":"V-Internatio","subMerchant":{"cardAcceptorId":"123456789","name":"Visa Inc","region":"PEN","address1":"900 Metro Center","locality":"Foster City","administrativeArea":"CA","postalCode":"4404-2775","country":"US","email":"test@cybs.com","phoneNumber":"650-432-0000"}}}
Finally request header forms like this:
message = timestamp + resourcePath + queryString + requestBody
xpay token = xv2:"+ timestamp + ":" + SHA256HMAC(shared_secret, message)
3. Request Body: {"clientReferenceInformation":{"code":"TC50171_3"},"processingInformation":{"commerceIndicator":"internet"},"paymentInformation":{"card":{"number":"5555555555554444","expirationMonth":"12","expirationYear":"2031","type":"002","securityCode":"123"}},"orderInformation":{"amountDetails":{"totalAmount":"102.21","currency":"USD"},"billTo":{"firstName":"RTS","lastName":"VDP","company":"Visa","address1":"201 S. Division St.","address2":"Address 2","locality":"Ann Arbor","administrativeArea":"MI","postalCode":"48104-2201","country":"US","district":"MI","buildingNumber":"123","email":"test@cybs.com","phoneNumber":"999999999"}},"aggregatorInformation":{"aggregatorID":"123456789","name":"V-Internatio","subMerchant":{"cardAcceptorId":"123456789","name":"Visa Inc","region":"PEN","address1":"900 Metro Center","locality":"Foster City","administrativeArea":"CA","postalCode":"4404-2775","country":"US","email":"test@cybs.com","phoneNumber":"650-432-0000"}}}
4. Response Header (include the x-correlation-id):
X-CORRELATION-ID →1534966931_372_91_l55c001_VDP_ARM
Date →Wed, 22 Aug 2018 19:42:11 GMT
5. Response Body:
{
"responseStatus": {
"code": "9159",
"severity": "ERROR",
"info": "",
"status": 401,
"message": "Token validation failed"
}
}
Note: I am calling the Generator Key service with the same function and it responds me successfully.
Thanks.
Hi @Bruce_29,
Can you please call CyberSource Support directly at the phone number listed below? Please ask them to check the backend configurations. Please ask CyberSource if there is a permission setting that they could flip/change on your account that could resolve your problem. Please let us know how it goes.
CyberSource Support
800-709-7779
Hi. @DianaTran-Yee
I tried to communicate with Cybersource Support but the phone operator says "The service is unavailable". Do you have another phone number? I am from Mexico city, is there support here?
Thanks.