Re: Forex API With Two Way SSL and MLE

Regular Visitor

Forex API With Two Way SSL and MLE


Hello I am having a problem with the forex api. I have included the url endpoint,
the request body, the encrypted mle request body, the request headers, and the response headers.

I wanted to note that i get the same response when i send a test request on the website that
has a body of the empty string : "".

Are there any reasons why i would get this? I believe that it has something to do with the
decryption of my MLE Body on visas side. It is parsing and decrypting this eyJjdHkiOiJhcHBsaWNhdGlvblwvanNvbjtjaGFyc2V0PV...
as the empty string.

I am using Two Way ssl and MLE.

I have tried the URL with and without the APIKEY included

Thank you

Full url Endpoint:
[INFO ] - 2023-09-05 21:09:22.355 - NetworkAPI.VisaAPI - full url:

Request body:
[DEBUG] - 2023-09-05 21:09:22.094 - NetworkAPI.RequestMessages.Forex - value written{"destinationCurrencyCode":840,"rateProductCode":"A","sourceAmount":"51.00","sourceCurrencyCode":840,"markupRate":"0.00","acquirerDetails":{"bin":408999,"settlement":{"currencyCode":840}}}
[DEBUG] - 2023-09-05 21:09:22.094 - NetworkAPI.ApiUtilities.VisaUtilities - plain text: "{\"destinationCurrencyCode\":840,\"rateProductCode\":\"A\",\"sourceAmount\":\"51.00\",\"sourceCurrencyCode\":840,\"markupRate\":\"0.00\",\"acquirerDetails\":{\"bin\":408999,\"settlement\":{\"currencyCode\":840}}}"

MLE Body:
[DEBUG] - 2023-09-05 21:09:22.345 - org.apache.http.wire - http-outgoing-16 << "{"encData":"eyJjdHkiOiJhcHBsaWNhdGlvblwvanNvbjtjaGFyc2V0PVVURi04IiwiZW5jIjoiQTEyOEdDTSIsImlhdCI6MTY5Mzk0ODE2MjMxNiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.V8JIy_R1ZJ3ERkCVabEkoZ8WK7YcWkoi8tHMPTMeGklqEo2GF5XIE0541WqDBIqsudQEh5ieVc4K6w56vswEVXpBXrCWSl8fc2j_dM1jdzKXdKtTvOVGLZOCbaPdZultQxB5FpXERCr0FRa_PG4dNMMWP18ua5wSSuuU23ay8I7l6TaiZ99bEyc6SEXHvYwmLuPiyUBInjpNqbR5Iwp5leUnyRJnmpoAHz-F1rrPmH2uic1q0khvlpxUy5ZBXYcpxvWjg2CHj3B7BeJGtbUjQ6KowcnVvOXQ3DfgxOrr17Ve6Mq3puGGYvc-DgkOJCas13QL9buCh9PUU2jZp-Zl4g.sdFErus1sr1RRbpm.XrtdCsCj1hN31r-ZL68riPYJfiiQddMPMabiVENDgW0jW4Q0L1YO9wfXT1pgEu9CynfP356pku7y1-ItJ11wTBTKkeQDbSnuELk0UI1CEzB_9UC7gyvXeQ.ruPg_IzheyOxdxriTk03zA"}"

Request Headers:
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: keyid 0aab5eb9-f9a0-46db-be12-42cc540d49e9
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: Content-Type application/json
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: Accept application/json
[DEBUG] - 2023-09-05 21:09:22.095 - NetworkAPI.VisaAPI - request header: Authorization Basic SUdBRk44WkNJTzRRV1ZUWkI5SzIyMXUtX0k0T1YyTGt2bDFiWTk2WG9vd3N6d3o5WTpoSmczQ2YzS2xMMklVdWc5Z0pxV0Q0QnExWnpH

Response Headers:
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Server:nginx
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Date:Tue, 05 Sep 2023 21:09:22 GMT
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Content-Type:application/json;charset=UTF-8
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Content-Length:647
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Connection:keep-alive
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-SERVED-BY:-8675d7f8p49
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-CORRELATION-ID:1693948162_259_1355295984_-8675d7f8p49_VDP_WS
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-ERROR-ORIGIN:9900
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-APP-STATUS:400
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - encrypted:true
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Content-Language:en-US
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Cache-Control:no-cache, no-store, must-revalidate
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-Frame-Options:SAMEORIGIN
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-XSS-Protection:0
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - X-Content-Type-Options:nosniff
[INFO ] - 2023-09-05 21:09:22.346 - NetworkAPI.ApiUtilities - Strict-Transport-Security:max-age=31536000;includeSubdomains
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - Pragma:no-cache
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - Expires:-1
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - Content-Security-Policy-Report-Only:default-src 'self' https://* https://*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://*;img-src 'self' https://* https://* https://*;style-src 'self' 'unsafe-inline' https://*;object-src https://* https://* data:;report-uri /logging/logCSPReport;
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - X-Content-Security-Policy-Report-Only:default-src 'self' https://* https://*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://*;img-src 'self' https://* https://* https://*;style-src 'self' 'unsafe-inline' https://*;object-src https://* https://* data:;report-uri /logging/logCSPReport;
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - X-WebKit-CSP-Report-Only:default-src 'self' https://* https://*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://*;img-src 'self' https://* https://* https://*;style-src 'self' 'unsafe-inline' https://*;object-src https://* https://* data:;report-uri /logging/logCSPReport;

Response encrypted data:
[INFO ] - 2023-09-05 21:09:22.347 - NetworkAPI.ApiUtilities - ResponseBody: {
"encData" : "eyJjdHkiOiJhcHBsaWNhdGlvblwvanNvbjtjaGFyc2V0PVVURi04IiwiZW5jIjoiQTEyOEdDTSIsImlhdCI6MTY5Mzk0ODE2MjMxNiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.V8JIy_R1ZJ3ERkCVabEkoZ8WK7YcWkoi8tHMPTMeGklqEo2GF5XIE0541WqDBIqsudQEh5ieVc4K6w56vswEVXpBXrCWSl8fc2j_dM1jdzKXdKtTvOVGLZOCbaPdZultQxB5FpXERCr0FRa_PG4dNMMWP18ua5wSSuuU23ay8I7l6TaiZ99bEyc6SEXHvYwmLuPiyUBInjpNqbR5Iwp5leUnyRJnmpoAHz-F1rrPmH2uic1q0khvlpxUy5ZBXYcpxvWjg2CHj3B7BeJGtbUjQ6KowcnVvOXQ3DfgxOrr17Ve6Mq3puGGYvc-DgkOJCas13QL9buCh9PUU2jZp-Zl4g.sdFErus1sr1RRbpm.XrtdCsCj1hN31r-ZL68riPYJfiiQddMPMabiVENDgW0jW4Q0L1YO9wfXT1pgEu9CynfP356pku7y1-ItJ11wTBTKkeQDbSnuELk0UI1CEzB_9UC7gyvXeQ.ruPg_IzheyOxdxriTk03zA"

Response decrypted:
[INFO ] - 2023-09-05 21:09:22.354 - NetworkAPI.VisaAPI - decrypted response: {"errorResponse":{"status":400,"reason":"3003","message":"Invalid Schema","details":[]}}


Visa Developer Support Specialist

Re: Forex API With Two Way SSL and MLE

Hi @nickkreissler,


I received a successful request/response payload during my sandbox test today. The successful request/response payload I received is below.  I didn't use the API key. I didn't enable MLE either. Please try your test again and share your result with us.


End Point
Method POST
"initiatingPartyId": 1002,
"rateProductCode": "BANK",
"destinationCurrencyCode": "USD",
"sourceCurrencyCode": "EUR",
"quoteIdRequired": true
"rateProductCode": "BANK",
"destinationCurrencyCode": "USD",
"quoteIdExpiryDateTime": "2023-09-07T20:00:37.555Z",
"sourceCurrencyCode": "EUR",
"conversionRate": 1.1373100002,
"quoteId": 1071847921
Response Header
Status Code: 200
Server : nginx
Date : Thu, 07 Sep 2023 19:50:37 GMT
Content-Type : application/json;charset=UTF-8
Content-Length : 187
Connection : keep-alive
X-SERVED-BY : -8675d7f8-64
X-CORRELATION-ID : 1694116237_323_1400525015_-8675d7f8-64_VDP_WS
Content-Language : en-US
Cache-Control : no-cache, no-store, must-revalidate
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 0
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains
Pragma : no-cache
Expires : -1
Content-Security-Policy-Report-Only : default-src 'self' https://* https://*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://*;img-src 'self' https://* https://* https://*;style-src 'self' 'unsafe-inline' https://*;object-src https://* https://* data:;report-uri /logging/logCSPReport;
X-Content-Security-Policy-Report-Only : default-src 'self' https://* https://*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://*;img-src 'self' https://* https://* https://*;style-src 'self' 'unsafe-inline' https://*;object-src https://* https://* data:;report-uri /logging/logCSPReport;
X-WebKit-CSP-Report-Only : default-src 'self' https://* https://*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://*;img-src 'self' https://* https://* https://*;style-src 'self' 'unsafe-inline' https://*;object-src https://* https://* data:;report-uri /logging/logCSPReport;
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains;always




Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Visa Developer Support Specialist

Re: Forex API With Two Way SSL and MLE

Hi @nickkreissler,


Is the error fixed? If so, please let me know so I can take you off my contact list. 



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Visa Developer Support Specialist

Re: Forex API With Two Way SSL and MLE

Hi @nickkreissler,


I'll take you off my contact list since I haven't received a reply from you. You can reach out to us at the community forum if you have questions. 



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.