Getting "code": "9159", "severity": "ERROR", "message": "Token Validation Failed",

bijujoseph
New Contributor

Getting "code": "9159", "severity": "ERROR", "message": "Token Validation Failed",

The below is groovy script
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import groovy.json.JsonOutput

def hmac(String secretKey, String data) {
Mac mac = Mac.getInstance("HmacSHA256")
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256")
mac.init(secretKeySpec)
byte[] digest = mac.doFinal(data.getBytes())
return digest
}


def APIKey = 'UDTEE5CUPLX6ZATVYVxxxxxxxxx-ef6J2CRKPj74vvxluo'
def sharedSecret = '/uw7HJN97vEW46wMQ+BaunfBJ@FJrfE+0u9rR6sr'
def URI = "/installments/v2/clients"
def QS = "apiKey="+APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))

def payload = '{' +
'"partnerMerchantReferenceID": "fbf114e6-8536-d537-69f0-1e18fb88b634",' +
'"city": "San Francisco",' +
'"address2": "2nd Block",' +
'"address1": "1 Main Street",' +
'"postalCode": 94301,' +
'"primaryContactLastName": "Smith",' +
'"primaryContactFirstName": "John",' +
'"primaryLegalName": "My Merchant",' +
'"stateProvinceCode": "CA",' +
'"phone": "4155551212",' +
'"countryCode": "US",' +
'"primaryWebsiteURL": "http:\\/\\/www.myMerchant.com",' +
'"primaryTradeName": "MyMerchant.com",' +
'"primaryContactEmail": "jsmith@mymerchant888.com"' +
'}'

def HMACDigest = hmac(sharedSecret, timeStampUTC + URI + QS + payload)
log.info(timeStampUTC + URI + QS + payload)
log.info(HMACDigest)
def encodedDigest = HMACDigest.encodeHex().toString()
log.info(encodedDigest)
def XPayToken = "xv2:"+ timeStampUTC + ":" + encodedDigest
testRunner.testCase.setPropertyValue("xpayToken", XPayToken)
log.info(XPayToken)

This is body 
{"partnerMerchantReferenceID":"fbf114e6-8536-d537-69f0-1e18fb88b634","city":"San Francisco","address2":"2nd Block","address1":"1 Main Street","postalCode":94301,"primaryContactLastName":"Smith","primaryContactFirstName":"John","primaryLegalName":"My Merchant","stateProvinceCode":"CA","phone":"4155551212","countryCode":"US","primaryWebsiteURL":"http://www.myMerchant.com","primaryTradeName":"MyMerchant.com","primaryContactEmail":"jsmith@mymerchant888.com"}

Below is logs from soapUI

Tue Apr 30 12:24:29 GST 2024:INFO:1714465469/installments/v2/clientsapiKey=UDTEE5CUPLX6ZAxxxxxxbvZ5Ca-ef6J2CRKPj74vvxluo{"partnerMerchantReferenceID": "fbf114e6-8536-d537-69f0-1e18fb88b634","city": "San Francisco","address2": "2nd Block","address1": "1 Main Street","postalCode": 94301,"primaryContactLastName": "Smith","primaryContactFirstName": "John","primaryLegalName": "My Merchant","stateProvinceCode": "CA","phone": "4155551212","countryCode": "US","primaryWebsiteURL": "http:\/\/www.myMerchant.com","primaryTradeName": "MyMerchant.com","primaryContactEmail": "jsmith@mymerchant888.com"}

Tue Apr 30 12:24:29 GST 2024:INFO:[B@3c2d239c

Tue Apr 30 12:24:29 GST 2024:INFO:7fee6e49e037fca30ccfcfca6c835fad7e206cbe43d0cbeed8204b580c12773d

Tue Apr 30 12:24:29 GST 2024:INFO:xv2:1714465469:7fee6e49e037fca30ccfcfca6c835fad7e206cbe43d0cbeed8204b580c12773d


Tue Apr 30 12:23:57 GST 2024: DEBUG: http-outgoing >>

POST /installments/v2/clients?apikey=UDTEE5xxxxxxxxxxxxxxKPj74vvxluo HTTP/1.1

Accept-Encoding: gzip,deflate

Content-Type: application/json

x-pay-token: xv2:1714465424:735febb7d336012423d66940fb7fa4bc4ac7eb694dddfc6bd59d1447758c2d9e

Content-Length: 458

Host: sandbox.api.visa.com

Connection: Keep-Alive

User-Agent: Apache-HttpClient/4.5.5 (Java/16.0.2)

{"partnerMerchantReferenceID":"fbf114e6-8536-d537-69f0-1e18fb88b634","city":"San Francisco","address2":"2nd Block","address1":"1 Main Street","postalCode":94301,"primaryContactLastName":"Smith","primaryContactFirstName":"John","primaryLegalName":"My Merchant","stateProvinceCode":"CA","phone":"4155551212","countryCode":"US","primaryWebsiteURL":"http://www.myMerchant.com","primaryTradeName":"MyMerchant.com","primaryContactEmail":"jsmith@mymerchant888.com"}

Tue Apr 30 12:23:57 GST 2024: DEBUG: http-incoming <<

HTTP/1.1 401

Server: nginx

Date: Tue, 30 Apr 2024 08:23:57 GMT

Content-Type: application/json

Content-Length: 112

Connection: keep-alive

X-SERVED-BY: -776c6b4-6d2

X-CORRELATION-ID: 1714465437_578_1493591987_-776c6b4-6d2_VDP_WS

x-vdp-normalized-url: /installments/v2/clients

X-APP-STATUS: 401

x-vdp-authn-api-visa-id: IPS.102

X-ERROR-ORIGIN: 9100

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 0

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubdomains

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: -1

Content-Security-Policy-Report-Only: default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;

X-Content-Security-Policy-Report-Only: default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;

X-WebKit-CSP-Report-Only: default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;

{"responseStatus":{"status":401,"code":"9159","severity":"ERROR","message":"Token Validation Failed","info":""}}

I am working on client onboarding api in visa installment transaction service. and getting the error mentioned above. Please help



2 REPLIES 2
jenn_kh
Community Moderator

Re: Getting "code": "9159", "severity": "ERROR", &quot

Hi @bijujosephThank you for reaching out. An agent is looking into this and will get back to you soon. Until then, if any community member knows a solution, feel free to reply to this thread.

API_Products
Visa Developer Support Specialist

Re: Getting "code": "9159", "severity": "ERROR", &quot

Hi @bijujoseph,

 

Please refer to the Visa Developer Error Codes page for cause/resolution. I've also included the cause/resolution below.

HTTP STATUS HTTP CODE CAUSE/RESOLUTION
UNAUTHORIZED 401

Depending on the authentication/encryption mechanism being used, this could be due any of the following reasons. If you are unable to root-cause the same from the possible reasons below, please contact Visa Support at developer@visa.com with the details of the error message, and full http request, response details.

Two-Way SSL (Mutual Authentication):

  • Authorization Header missing in the request.
  • Authorization Header in invalid format. It either does not start with 'Basic' or the userId or password fields are blank.
  • UserId or Password or Subject DN on the certificate is invalid.
  • You could be presenting a wrong client certificate for that environment.
     

X-Pay Token:

  • x-pay-token is blank or not in valid format.
  • Timestamp field not in valid UTC timestamp format.
  • Version field is invalid.
  • Token's timestamp is more than 8 minutes off from the current time.
  • Token hash mismatch.
  • APIKey not present in request.
  • APIKey is not active.
  • APIKey not valid.
  • APIKey not active.
  • The request contains an older version of x-pay-token than supported by the API/project. Please upgrade to the latest supported version. Consult the VDP Getting Started Guide for the same.
     

JWE: 

  • JWE Token format is invalid.
  • Kid not present in the token.
  • Token validation against Shared secret failed.
  • JWT Grant Type or Token value is either missing, empty or has multiple values.
     

JWS:

  • JWS token validation failed.
  • Kid extraction from header failed.
  • JWT Grant Type or Token value is either missing, empty or has multiple values.
  • Kid missing in JWS header.


JWS/JWE:

  • JWT prefix not in proper format.
  • JWT in Request Body not a well-formed JSON.
  • JWT does not contain grant type field or grant type field is blank.
  • JWT does not contain assertions field or assertions field is blank.
  • JWT token value does not start with the appropriate bearer_JWT prefix.
  • APIKey is not active.
  • APIKey not valid.
  • APIKey not active.
     

This could be due to any of the following scenarios in Message Level Encryption (JWE):

  • KeyId in request is invalid.
  • KeyId not present in the request (JWE Header/Request Header).
  • JWE payload element in request is not in the proper format.
  • JWE token does not have iat header or token has expired.
     

General:

  • Request has more than one authentication tokens which is not supported.
  • Incoming http request does not contain any of the required authentication tokens for this API.

 




Thanks,

Diana H.



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.