I have been attempting to connect to Visa APIs using two-way SSL authentication. The .p12 file was manually created by integrating individual certificates and a private key downloaded from the Visa Developer Console. However, the connection fails with the error 401: Token validation failed. This post summarizes the steps I have taken and seeks guidance on proper implementation to resolve this issue.
The following certificates and private key were downloaded from Visa Developer Console:
- SBX-2024-Prod-Inter.pem (Intermediate Certificate)
- SBX-2024-Prod-Root.pem (Root Certificate)
- DigiCertGlobalRootCA.pem (Root Certificate) ←openssl x509 -inform der -in DigiCertGlobalRootCA.crt -outform pem -out DigiCertGlobalRootCA.pem
- Client Certificate (cert.pem)
- Private Key (key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.pem)
The full_chain.pem file was created by concatenating the certificates in the following order:
- Intermediate Certificate (SBX-2024-Prod-Inter.pem)
- Root Certificate (SBX-2024-Prod-Root.pem)
- Additional Root Certificate (DigiCertGlobalRootCA.pem)
------------------------------------------------------------------------------------------------------------------------------------------
Get-Content SBX-2024-Prod-Inter.pem | Out-File -FilePath full_chain.pem -Encoding ascii
Get-Content SBX-2024-Prod-Root.pem | Out-File -FilePath full_chain.pem -Append -Encoding ascii
Get-Content DigiCertGlobalRootCA.pem | Out-File -FilePath full_chain.pem -Append -Encoding ascii
-------------------------------------------------------------------------------------------------------------------------------------------
Using full_chain.pem, the private key, and the client certificate, the .p12 file was created as follows:
-------------------------------------------------------------------------------------------------------------------------------------------
openssl pkcs12 -export \
-inkey key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.pem \
-in cert.pem \
-certfile full_chain.pem \
-out visa_certificate.p12
-------------------------------------------------------------------------------------------------------------------------------------------
he following request consistently fails with 401: Token validation failed.
-------------------------------------------------------------------------------------------------------------------------------------------
const https = require('https');
const axios = require('axios');
const fs = require('fs');
const cert = fs.readFileSync('cert.pem');
const key = fs.readFileSync('key.pem');
const ca = fs.readFileSync('ca.pem');
const agent = new https.Agent({ cert, key, ca });
const username = 'VISA_API_USERNAME';
const password = 'VISA_API_PASSWORD';
const credentials = Buffer.from(`${username}:${password}`).toString('base64');
async function testVisaAPI() {
try {
const response = await axios.post(
'https://sandbox.api.visa.com/pop/v1/notification/generate',
{ messageId: 'test123', notificationType: 'payment_success' },
{
httpsAgent: agent,
headers: {
'Authorization': `Basic ${credentials}`,
'Content-Type': 'application/json',
},
}
);
console.log('API Response:', response.data);
} catch (error) {
console.error('API Error:', error.response ? error.response.data : error.message);
}
}
testVisaAPI();
----------------------------------------------------------------------------------------------------------------------------------------
Questions
1. Correct Usage of .p12
Was the .p12 file, which includes the certificate chain, created correctly?
Are there any missing steps or errors in the OpenSSL procedure?
2. Authentication Flow
3. Endpoint Validation
Request for Guidance
I would greatly appreciate your insights and suggestions. If you have experience resolving similar issues or successfully connecting to Visa APIs, your guidance would be invaluable. Thank you!
