Re: Forex API With Two Way SSL and MLE

nickkreissler

Hello I am having a problem with the forex api. I have included the url endpoint,
the request body, the encrypted mle request body, the request headers, and the response headers.

I wanted to note that i get the same response when i send a test request on the website that
has a body of the empty string : "".

Are there any reasons why i would get this? I believe that it has something to do with the
decryption of my MLE Body on visas side. It is parsing and decrypting this eyJjdHkiOiJhcHBsaWNhdGlvblwvanNvbjtjaGFyc2V0PV...
as the empty string.

I am using Two Way ssl and MLE.

I have tried the URL with and without the APIKEY included

Thank you

Full url Endpoint:
[INFO ] - 2023-09-05 21:09:22.355 - NetworkAPI.VisaAPI - full url: https://sandbox.api.visa.com/forexrates/v2/foreignexchangerates?apiKey=U7C3U0PAOEZ2X8X4BQ5L21eKWC24N...

Request body:
[DEBUG] - 2023-09-05 21:09:22.094 - NetworkAPI.RequestMessages.Forex - value written{"destinationCurrencyCode":840,"rateProductCode":"A","sourceAmount":"51.00","sourceCurrencyCode":840,"markupRate":"0.00","acquirerDetails":{"bin":408999,"settlement":{"currencyCode":840}}}
[DEBUG] - 2023-09-05 21:09:22.094 - NetworkAPI.ApiUtilities.VisaUtilities - plain text: "{\"destinationCurrencyCode\":840,\"rateProductCode\":\"A\",\"sourceAmount\":\"51.00\",\"sourceCurrencyCode\":840,\"markupRate\":\"0.00\",\"acquirerDetails\":{\"bin\":408999,\"settlement\":{\"currencyCode\":840}}}"

MLE Body:
[DEBUG] - 2023-09-05 21:09:22.345 - org.apache.http.wire - http-outgoing-16 << "{"encData":"eyJjdHkiOiJhcHBsaWNhdGlvblwvanNvbjtjaGFyc2V0PVVURi04IiwiZW5jIjoiQTEyOEdDTSIsImlhdCI6MTY5Mzk0ODE2MjMxNiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.V8JIy_R1ZJ3ERkCVabEkoZ8WK7YcWkoi8tHMPTMeGklqEo2GF5XIE0541WqDBIqsudQEh5ieVc4K6w56vswEVXpBXrCWSl8fc2j_dM1jdzKXdKtTvOVGLZOCbaPdZultQxB5FpXERCr0FRa_PG4dNMMWP18ua5wSSuuU23ay8I7l6TaiZ99bEyc6SEXHvYwmLuPiyUBInjpNqbR5Iwp5leUnyRJnmpoAHz-F1rrPmH2uic1q0khvlpxUy5ZBXYcpxvWjg2CHj3B7BeJGtbUjQ6KowcnVvOXQ3DfgxOrr17Ve6Mq3puGGYvc-DgkOJCas13QL9buCh9PUU2jZp-Zl4g.sdFErus1sr1RRbpm.XrtdCsCj1hN31r-ZL68riPYJfiiQddMPMabiVENDgW0jW4Q0L1YO9wfXT1pgEu9CynfP356pku7y1-ItJ11wTBTKkeQDbSnuELk0UI1CEzB_9UC7gyvXeQ.ruPg_IzheyOxdxriTk03zA"}"

Request Headers:
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: keyid 0aab5eb9-f9a0-46db-be12-42cc540d49e9
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: Content-Type application/json
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: Accept application/json
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: Authorization Basic SUdBRk44WkNJTzRRV1ZUWkI5SzIyMXUtX0k0T1YyTGt2bDFiWTk2WG9vd3N6d3o5WTpoSmczQ2YzS2xMMklVdWc5Z0pxV0Q0QnExWnpH

Response Headers:
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Server:nginx
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Date:Tue, 05 Sep 2023 21:09:22 GMT
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Content-Type:application/json;charset=UTF-8
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Content-Length:647
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Connection:keep-alive
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-SERVED-BY:-8675d7f8p49
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-CORRELATION-ID:1693948162_259_1355295984_-8675d7f8p49_VDP_WS
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-ERROR-ORIGIN:9900
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-APP-STATUS:400
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - encrypted:true
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Content-Language:en-US
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Cache-Control:no-cache, no-store, must-revalidate
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-Frame-Options:SAMEORIGIN
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-XSS-Protection:0
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-Content-Type-Options:nosniff
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Strict-Transport-Security:max-age=31536000;includeSubdomains
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - Pragma:no-cache
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - Expires:-1
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - Content-Security-Policy-Report-Only:default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - X-Content-Security-Policy-Report-Only:default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - X-WebKit-CSP-Report-Only:default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;

Response encrypted data:
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - ResponseBody: {
"encData" : "eyJjdHkiOiJhcHBsaWNhdGlvblwvanNvbjtjaGFyc2V0PVVURi04IiwiZW5jIjoiQTEyOEdDTSIsImlhdCI6MTY5Mzk0ODE2MjMxNiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.V8JIy_R1ZJ3ERkCVabEkoZ8WK7YcWkoi8tHMPTMeGklqEo2GF5XIE0541WqDBIqsudQEh5ieVc4K6w56vswEVXpBXrCWSl8fc2j_dM1jdzKXdKtTvOVGLZOCbaPdZultQxB5FpXERCr0FRa_PG4dNMMWP18ua5wSSuuU23ay8I7l6TaiZ99bEyc6SEXHvYwmLuPiyUBInjpNqbR5Iwp5leUnyRJnmpoAHz-F1rrPmH2uic1q0khvlpxUy5ZBXYcpxvWjg2CHj3B7BeJGtbUjQ6KowcnVvOXQ3DfgxOrr17Ve6Mq3puGGYvc-DgkOJCas13QL9buCh9PUU2jZp-Zl4g.sdFErus1sr1RRbpm.XrtdCsCj1hN31r-ZL68riPYJfiiQddMPMabiVENDgW0jW4Q0L1YO9wfXT1pgEu9CynfP356pku7y1-ItJ11wTBTKkeQDbSnuELk0UI1CEzB_9UC7gyvXeQ.ruPg_IzheyOxdxriTk03zA"
}

Response decrypted:
[INFO ] - 2023-09-05 21:09:22.354 - NetworkAPI.VisaAPI - decrypted response: {"errorResponse":{"status":400,"reason":"3003","message":"Invalid Schema","details":[]}}

API_Products

Hi @nickkreissler,

I received a successful request/response payload during my sandbox test today. The successful request/response payload I received is below. I didn't use the API key. I didn't enable MLE either. Please try your test again and share your result with us.

End Point https://sandbox.api.visa.com/forexrates/v2/foreignexchangerates
Method POST
Request
{
"initiatingPartyId": 1002,
"rateProductCode": "BANK",
"destinationCurrencyCode": "USD",
"sourceCurrencyCode": "EUR",
"quoteIdRequired": true
}
Response
{
"rateProductCode": "BANK",
"destinationCurrencyCode": "USD",
"quoteIdExpiryDateTime": "2023-09-07T20:00:37.555Z",
"sourceCurrencyCode": "EUR",
"conversionRate": 1.1373100002,
"quoteId": 1071847921
}
Response Header
Status Code: 200
Server : nginx
Date : Thu, 07 Sep 2023 19:50:37 GMT
Content-Type : application/json;charset=UTF-8
Content-Length : 187
Connection : keep-alive
X-SERVED-BY : -8675d7f8-64
X-CORRELATION-ID : 1694116237_323_1400525015_-8675d7f8-64_VDP_WS
X-APP-STATUS : 200
Content-Language : en-US
Cache-Control : no-cache, no-store, must-revalidate
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 0
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains
Pragma : no-cache
Expires : -1
Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-WebKit-CSP-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains;always

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

API_Products

Hi @nickkreissler,

Is the error fixed? If so, please let me know so I can take you off my contact list.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

API_Products

Hi @nickkreissler,

I'll take you off my contact list since I haven't received a reply from you. You can reach out to us at the community forum if you have questions.