Hi @hafedh,

Can you please let me know what API you are using that you are getting an error with? To further investigate, please provide the following information:

1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body

Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.

Hi @hafedh,

I also received your query by email so I answered your question there, as well. However, I'll post the same answer so that we can share  with the developer community too.

VPP API requires MLE, the 400 error is probably caused by you not using the MLE encryption key. Here's the MLE documentation and sample code, please follow this guide - https://developer.visa.com/pages/encryption_guide#generating_encryptiondecryption_keys_sandbox

The only way to test the VPP API with MLE is using code. You can't use SoapUI or Postman interface to test VPP API with MLE.

Hello Diana,

Please note that is generated with our connector to VISA API and posted with Postman.

The MLE is not misused, otherwise the server would answered with:
{
"status": "INTERNAL_SERVER_ERROR",
"code": "NPPS007",
"message": "An unknown error occurred"
}
and VISA Response wont be decrypted.

While the JWE Token is decrypted, it is supposed that the encryption is done in accordance with the MLE specification.

Please find the detailed log (JWE & HTTP) generated by our API connector:

--------- JWE Encoding --------- [VisaEncryption Key]
Header (Json): {"alg":"RSA-OAEP-256","enc":"A128GCM","kid":"a2999433-a772-418f-880e-33ca1e9caa4e","iat":1560328957}
Header (B64Url): eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoiYTI5OTk0MzMtYTc3Mi00MThmLTg4MGUtMzNjYTFlOWNhYTRlIiwiaWF0IjoxNTYwMzI4OTU3fQ
CEK (HEX): 29CE9B01BA1B0A242C8096B70645F047
EncryptedKey (HEX): B17F938619A97314BB3670C5B6646961DD33DE54BD86D0EA5A631823AEB3A403695C11C2DA9C5F86624D2568E0C8A99C6B4EB12A01ED638ADBE4D8B5D2842A26A1195C78A3D9C0164CEB3D44D254BBD24B0C35FA788A74CE078937DC55697BEEC4A55B2D4BAF2A1A40A4211DAD3248F4A4859BE9FF4EFE13086B1BDBE3BD28DDB026F17F203390A21C6CC2D04F9AB5E92853B75860D24E115F2EB83855C43BDE543FF5F593244640C244A0C5F1569FCE2F26263884F008A69AAE19880BC5166E5130568137B1FB94AE9306FD17FAC9B1803DA41895B707FA2663B3E19981CAA64E09F6EE6A81ACF0FD8C7A56B12BE8835F2E785B374B004C9756264FD9B33153
EncryptedKey (B64Url): sX-ThhmpcxS7NnDFtmRpYd0z3lS9htDqWmMYI66zpANpXBHC2pxfhmJNJWjgyKmca06xKgHtY4rb5Ni10oQqJqEZXHij2cAWTOs9RNJUu9JLDDX6eIp0zgeJN9xVaXvuxKVbLUuvKhpApCEdrTJI9KSFm-n_Tv4TCGsb2-O9KN2wJvF_IDOQohxswtBPmrXpKFO3WGDSThFfLrg4VcQ73lQ_9fWTJEZAwkSgxfFWn84vJiY4hPAIppquGYgLxRZuUTBWgTex-5Sukwb9F_rJsYA9pBiVtwf6JmOz4ZmByqZOCfbuaoGs8P2MelaxK-iDXy54WzdLAEyXViZP2bMxUw
IV (HEX): C1411BC86BAFDAD9E9A77A83
IV (B64Url): wUEbyGuv2tnpp3qD
AAD (Clear): {"alg":"RSA-OAEP-256","enc":"A128GCM","kid":"a2999433-a772-418f-880e-33ca1e9caa4e","iat":1560328957}
AAD (B64Url): eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoiYTI5OTk0MzMtYTc3Mi00MThmLTg4MGUtMzNjYTFlOWNhYTRlIiwiaWF0IjoxNTYwMzI4OTU3fQ
Cipher Text (HEX): F24B619A117607E0BC0AF0E7B5A19FC6C64E7251A9EE00A265DC83433C6BEF9407532BBCC4D3FA4CC6D66F2DDF481B8A3BF99E4CDA7B00CEAE7BF6109073E33169A27E3DBDBD011282534AD42B0F646C5B484200151FEA6F29469ED7F661A2E46ABF25EA6E4473478DD7BA9748448377EA5075BC27EAA763C128CF6253F1E989A5F9655F7E1295C547EAB36F193251F99C14E2AB52C0D3E7931B8DC64418260CEDE99356F84D863307C4AC0974274F6B52DF65208BFCBF2625FE75DE6686A974FEA4578ED5CD6AEB2C02DC55F666C2BC8C23FC8AD4A02BAC327B0ED83AFE26CB618DEFF7EB43D236F622AD3FC0E0F0EB44F0A40E0E9F35461F9A043D584A42CA44B7A94E2BEBF54624F17A140FCD9F13CC1E34258D4F8873E61D10CA207F16F7E4673CBEC2EA7590E8DD246A998D4F4105F9158F62DE390B4ED707D90EB45381C006E0ACD4BCF65C7AB822BF56C7CB95F754A1DE788EC005099CDD10DB989D8C8C583AEC5F6A100256C02EDA4F845A36FB572FC63BF0747A1CCD85A23DF002E2816C22C520342AD89CD07F3E11692E485419917C51957A1F1B141AB607C63888DA8C6EB8F00E87FB8AAD688CAB5FB4D68F71F0F1E09DE41A54F08CBECF68F25D703BD897FDF4C18BBCD711ED519A93C98C4472896783AE60F43D008B075D69B33C831901C5E3BA8DC93A394A6F20D9091FB26F790B31A1A14BC36D9CDE44BA5B229D76B2ED5D8ADAB395AE802207079ABECFD99DD505AB6F144FBB763D1D66EC81EB5DD10B4B18B4C8BF8624764FA5B9903984BAEAA984BABF92C1018E0E0C207900E29311D8170B27C55AC16117067425C9E003CE2709B76DF2A9E2A42936548BE0BABD96EC957A9F7FB49BE12A2BB56AE1F96B2149ACFAEFD2F1DC35DC114B61C23EB4215D78B13C6C1872EC758F3F21593733D84C6FBA596415E40090F28D95582B5A301B088AFB11B5491A64944A3CA6FA6EE571E8ACC23910EE9E46AC3682C2737EBCEA7B3E852735B92944B93E34D5EF18FE2106121309063D6DC97EB259E6995BCF77AE25FD97360722857157755BBE187BF10B9719D43C3D6CCFD2E23DB3FF219E8FC200A381DB7B863AD8B30C527B95D460D7850E86302220582D4D8C8E6B1768BEAE2B5FC543F057E939657992A898831C00
Cipher Text (B64Url): 8kthmhF2B-C8CvDntaGfxsZOclGp7gCiZdyDQzxr75QHUyu8xNP6TMbWby3fSBuKO_meTNp7AM6ue_YQkHPjMWmifj29vQESglNK1CsPZGxbSEIAFR_qbylGntf2YaLkar8l6m5Ec0eN17qXSESDd-pQdbwn6qdjwSjPYlPx6Yml-WVffhKVxUfqs28ZMlH5nBTiq1LA0-eTG43GRBgmDO3pk1b4TYYzB8SsCXQnT2tS32Ugi_y_JiX-dd5mhql0_qRXjtXNaussAtxV9mbCvIwj_IrUoCusMnsO2Dr-Jsthje_360PSNvYirT_A4PDrRPCkDg6fNUYfmgQ9WEpCykS3qU4r6_VGJPF6FA_NnxPMHjQljU-Ic-YdEMogfxb35Gc8vsLqdZDo3SRqmY1PQQX5FY9i3jkLTtcH2Q60U4HABuCs1Lz2XHq4Ir9Wx8uV91Sh3niOwAUJnN0Q25idjIxYOuxfahACVsAu2k-EWjb7Vy_GO_B0ehzNhaI98ALigWwixSA0Ktic0H8-EWkuSFQZkXxRlXofGxQatgfGOIjajG648A6H-4qtaIyrX7TWj3Hw8eCd5BpU8Iy-z2jyXXA72Jf99MGLvNcR7VGak8mMRHKJZ4OuYPQ9AIsHXWmzPIMZAcXjuo3JOjlKbyDZCR-yb3kLMaGhS8NtnN5EulsinXay7V2K2rOVroAiBweavs_ZndUFq28UT7t2PR1m7IHrXdELSxi0yL-GJHZPpbmQOYS66qmEur-SwQGODgwgeQDikxHYFwsnxVrBYRcGdCXJ4APOJwm3bfKp4qQpNlSL4Lq9luyVep9_tJvhKiu1auH5ayFJrPrv0vHcNdwRS2HCPrQhXXixPGwYcux1jz8hWTcz2ExvullkFeQAkPKNlVgrWjAbCIr7EbVJGmSUSjym-m7lceiswjkQ7p5GrDaCwnN-vOp7PoUnNbkpRLk-NNXvGP4hBhITCQY9bcl-slnmmVvPd64l_Zc2ByKFcVd1W74Ye_ELlxnUPD1sz9LiPbP_IZ6PwgCjgdt7hjrYswxSe5XUYNeFDoYwIiBYLU2MjmsXaL6uK1_FQ_BX6TlleZKomIMcAA
Tag (HEX): 39A3015B2BDEF196450349B7D9639231
Tag (B64Url): OaMBWyve8ZZFA0m32WOSMQ

--------- JWE Decoding --------- [ClientEncryption key]
Header (Json): {"alg":"RSA-OAEP-256","enc":"A128GCM","iat":1560328960619}
Header (B64Url): eyJpYXQiOjE1NjAzMjg5NjA2MTksImFsZyI6IlJTQS1PQUVQLTI1NiIsImVuYyI6IkExMjhHQ00ifQ
EncryptedKey (HEX): 59326837AD22405B29B4918971F0103D4AEF1389185E45480B9C1F4BC32DCCC41E282273FD0002C837BD8EFEE883C8D51B6A67918A6BAA61F627EB357B0931CBB92B786F989B19DA41BD8E836DD92679AA0D1B4289056A3250B1CF1E4003D2D30001404E1A9AED87A06D2CE0641D28479DAABEA9CA304EB22884344EF03A5C4C27398A2BB3BAA0C9C45841231448615EF7C1B781B2966F6B2E5B698E4E0C217C1E881356B1024ECBC240E406350496BB46AAF3DD59C23D7E69E762907FFDC309D62EB74F3E0DF137A1AB9C82851B27E829932C4266DCFB5105D5E55EECD5429AC8910824E9094BDE09FDAF667FD689F80022DBC43FD969F1AF37C61E86B39FAA
EncryptedKey (B64Url): WTJoN60iQFsptJGJcfAQPUrvE4kYXkVIC5wfS8MtzMQeKCJz_QACyDe9jv7og8jVG2pnkYprqmH2J-s1ewkxy7kreG-YmxnaQb2Og23ZJnmqDRtCiQVqMlCxzx5AA9LTAAFAThqa7YegbSzgZB0oR52qvqnKME6yKIQ0TvA6XEwnOYors7qgycRYQSMUSGFe98G3gbKWb2suW2mOTgwhfB6IE1axAk7LwkDkBjUElrtGqvPdWcI9fmnnYpB__cMJ1i63Tz4N8Tehq5yChRsn6CmTLEJm3PtRBdXlXuzVQprIkQgk6QlL3gn9r2Z_1on4ACLbxD_ZafGvN8YehrOfqg
CEK (HEX): C83E455F55B21EAACAD000634AA80715
IV (HEX): C99137C81581C247BD073F12
IV (B64Url): yZE3yBWBwke9Bz8S
AAD (Clear): {"alg":"RSA-OAEP-256","enc":"A128GCM","iat":1560328960619}
AAD (B64Url): eyJpYXQiOjE1NjAzMjg5NjA2MTksImFsZyI6IlJTQS1PQUVQLTI1NiIsImVuYyI6IkExMjhHQ00ifQ
Cipher Text (B64Url): lOzncpN6EYY6hrTBylflrVBF0m5Vn-6nLMXgYKktweMwJpSd98H8zTVo5rECFOY1qPIDm2ApO-xYE5o_ZVlX1JX45X46P6i_6jhVmuhaKH010o7fDkWj506a4BrBZk_2ksrT36WrtKaSuUxGpx0
Text (Clear): {"errorResponse":{"details":{"message":"Error in processing request, Please Contact Visa Inc."},"status":404}}
Tag (HEX): 83B78974AF20B1D7618C3BB933A5C5AD
Tag (B64Url): g7eJdK8gsddhjDu5M6XFrQ

-------- HTTP Request --------
Content-Type: application/json
Content-Length: 1631
keyId: a2999433-a772-418f-880e-33ca1e9caa4e
Host: sandbox.api.visa.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
Authorization: Basic NklDMlE2WjdRUVU0N0Y1UTRJOUgyMUhRcEJIRVFRc2hMUVR2Sm9fNWxJY25zaHRfNDpmTUJvNnhBWW42bmZ5NzJLNzk0TVV4N2cxWGVkUzc0eFA=

-------- HTTP Response --------
Server: nginx
Content-Type: application/json;charset=UTF-8
Content-Length: 623
X-SERVED-BY: l73c012
X-CORRELATION-ID: 1560328960_351_1187691199_l73c012_VDP_WS
X-APP-STATUS: 404
X-APP-STATUS: 404
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0 ,Thu, 01 Jan 1970 00:00:00 GMT ,-1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2592000;includeSubdomains
Content-Language: en-US
Date: Wed, 12 Jun 2019 08:42:40 GMT
Connection: close

--------------------------------------------------------------------------------------------------------------------------------------------

Best regards.

Hi @hafedh,

I'm currently reviewing your question and I'll get back to you soon with an answer.

Hi @hafedh,

After further investigation, I see that the following Request works for VPP. Please see the Request, Response, and Response Header below. I hope this helps!

Request

{
"acctInfo": {"primryAcctNum": {
"panExpDt": "2019-12",
"pan": "4761739001010135"
}},
"cardAcceptr": {"clientId": "1DLMLAPPKDJ04301701"},
"freeFormDescrptnData": "Freeformdata",
"msgIdentfctn": {
"correlatnId": "auditest20180925_016",
"origId": "468352863713348"
},
"msgTransprtData": "TransportData",
"verfctnData": {"billngAddr": {
"postlCd": "12345",
"addrLn": "PO Box 12345"
}},
"transctn": {
"partialAuthInd": "true",
"eComData": {
"eciCd": "5",
"digitalGoods": "true",
"xid": "EEC4567F90123A5678B0123EA67890D2345678FF"
},
"localDtTm": "2019-02-27T19:41:43",
"posData": {
"envrnmnt": "eCom",
"panEntryMode": "OnFile",
"panSrce": "VCIND"
},
"tranAmt": {
"amt": "123.45",
"numCurrCd": "840"
},
"tranDesc": "Transactiondescription"
}
}

Response

{
"verfctnReslts": {"avsReslt": "U"},
"acctInfo": {"primryAcctNum": {"panLast4": "0135"}},
"freeFormDescrptnData": " Freeformdata",
"transctnReslts": {
"tranReslt": "Declined",
"actionCd": "15"
},
"msgTransprtData": "TransportData",
"settlmntData": {"reconDt": "--06-20"},
"transctn": {
"eComData": {"eciCd": "5"},
"tranAmt": {
"amt": "123.45",
"numCurrCd": "840"
}
}
}

Response Header

Status Code: 402 Payment Required
Server : nginx
Content-Type : application/json;charset=UTF-8
Content-Length : 923
X-SERVED-BY : l55c016
X-CORRELATION-ID : 1560985555_163_670857801_l55c016_VDP_WS
X-APP-STATUS : 402
Content-Language : en-US
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=2592000;includeSubdomains
Cache-Control : no-cache, no-store, must-revalidate
Pragma : no-cache
Expires : -1
Date : Wed, 19 Jun 2019 23:05:55 GMT
Connection : close