Hello,
I'm having an issue when trying to call the Registration from Customer Rules on VTCs.
If I call it with out enforcing the MLE, and with out encrypting the payload, it work fine.
But if I enforce it, and do the encryption as it is done on the example code, it throw me this response:
{"responseStatus":{"status":401,"code":"9208","severity":"ERROR","message":"Token validation failed","info":""}}
I don't get what may be wrong, if it is something with the JWE encryption, or with x-pay-token (that is working with no MLE).
Any idea what can it be?
Is there any documentation that have the error code detailed info?
Thanks in advance!
Javier Sivack
Solved! Go to Solution
Hi @JavierSivack,
Please reference the MLE resources below:
https://developer.visa.com/pages/encryption_guide
Some key points to check:
1. Add the keyId as an additional HTTP header
2. For Encryption, use the server encryption certificate
3. For Decryption, use the certificate private key
You can also download MLE sample code for various languages. The download package is available from "General Assets" at the bottom of your project dashboard page.
Hope this helps, please let me know if you have other questions.
Hi Stacy,
It really does not help, I'm doing almost the same like all of the examples and docs, the only difference is that I'm using x-pay-token.
So I don't know how to follow with this...
Hi @JavierSivack,
Can you please share some more information about the error?
1. Request header
2. Request body
3. Response header with x-correlation ID
4. Pre-request script from Postman for the encryption
Thanks!
Hi Stacy,
Here is postman console for the post
POST https://sandbox.api.visa.com/vctc/customerrules/v1/consumertransactioncontrols?apiKey=
401
180 ms
POST /vctc/customerrules/v1/consumertransactioncontrols?apiKey= HTTP/1.1
x-pay-token: xv2:1630107728:3a85a1b1c19b043cd07669bc28fb952f1f91aeffc50ee0e7c92bb5962c70a2d3
Accept: application/json
keyId:
Content-Type: application/json
User-Agent: PostmanRuntime/7.28.4
Postman-Token: 0f8715f2-2814-4b5e-86bc-b1b67385cd89
Host: sandbox.api.visa.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 599
{"encData": "eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoiMTYzMDEwNDA3MDI0OCIsImFsZyI6IlJTQS1PQUVQLTI1NiIsImtpZCI6ImRiZDJiNWI2LWQ1MzAtNDk2NC1iZTRmLWU3MTUyYjFmMmI2ZSJ9.iXHW3RRqHCA9MlJZaaR3TIPrMCFtqmHy2hiaGjaw6zZGffXmqhUE2ieVolODPYlwoyyHRmiewS037ecKY49VdTZYfFxOJzB_M4zjEO_-KRyRt77wtwa_DdympVgZBDTrGUTwGVVita31MRXVxkkyj7CZpeq6v_Kc9UsGCeYL3udRLBfj-eFuNGeB6APvIf-IRlgoZhpP8If8b4u422ZEbmFO-XKupfOxSbBdg6de_TuYHo2ya4L8312cKgkxR_OEYTCwSSLXgnw5qGeV_618xMN3M_tricEI_NpERV85a_io8D26gdW7N8iW1j5-1cZ0pFR9thpUN2Y1q0c-qcYNZA.q8iPmKGnV9ykSTzS.4dng10CzuXjb3BQGL5C0VEM6c--vImdA69tg6_ZB23_pLybhGZ0uhBkmCC0.DMoyRaJ6Y8iNZIOq3ivStg"}
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Fri, 27 Aug 2021 23:42:09 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 112
Connection: keep-alive
X-SERVED-BY: l73c014
X-CORRELATION-ID: 1630107729_355_984436793_l73c014_VDP_WS
X-APP-STATUS: 401
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2592000;includeSubdomains
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
{"responseStatus":{"status":401,"code":"9212","severity":"ERROR","message":"Token validation failed","info":""}}
And pre request script:
var resourcePath = 'customerrules/v1/consumertransactioncontrols';
var queryParams = 'apiKey=';
var sharedSecret = '';
var postBody = pm.request.body.toString();
var timestamp = Math.floor(Date.now() / 1000);
var preHashString = timestamp + resourcePath + queryParams + postBody;
var hashString = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA256(preHashString, sharedSecret));
var xPayToken = 'xv2:' + timestamp + ':' + hashString;
postman.setEnvironmentVariable('x-pay-token', xPayToken);
Thanks in advance.
Javier Sivack
Hi @JavierSivack,
Can you please confirm that you have keyId in the Postman header and its value is set to the Key-ID value from your Project's Encryption/Decryption section?
Hi Stacy.
Yes I confirm it is there. You can see on my first message, I just had deleted the key to not post it here.
Hi @JavierSivack,
Thanks for confirming that keyId is not the issue. The other thing I can think of is the timestamp. Please check that the iat timestamp that goes in the JWE Header of the encrypted request is less than 2 minutes from the current time. The request will not be processed if the iat timestamp has expired. Please share the X-Correlation-ID from the latest failed request for us to troubleshoot further.
Hi Stacy.
Thanks, that with that, it start working on Postman with the the mle generated in my Java code!
So now, I have to get it working on Java code 😉
Thank you!