Solved! Go to solution
New Contributor


I am getting below response for my POST API (vtis/v1/pan/retrieveTokenInfo)

    "responseStatus": {
        "message""Token Validation Failed",
seem like x-pay token is not valid.
I have checked hello world its working fine for me. but the POST API(vtis/v1/pan/retrieveTokenInfo) is giving me the error
request body: 

resource path : 

am i doing something wrong here?
while running above in postman i am passing the same request body.
i have one doubt as well, while generating the x-pay-token in request body what do we have to give?
because i dont have panreference in my requirement i have pan number..
do we have to pass the plain pan number or encrypted pan number while generating the x-pay-token?


Visa Developer Support Specialist

Re: VTS LCM/Inquiry API

Hi @manish_shahani,


Please refer to the Visa Developer Error Codes page. 

AuthN Error Codes


Depending on the authentication/encryption mechanism being used, this could be due any of the following reasons. If you are unable to root-cause the same from the possible reasons below, please contact Visa Support at developer@visa.com with the details of the error message, and full http request, response details.

Two-Way SSL (Mutual Authentication):

  • Authorization Header missing in the request.
  • Authorization Header in invalid format. It either does not start with 'Basic' or the userId or password fields are blank.
  • UserId or Password or Subject DN on the certificate is invalid.
  • You could be presenting a wrong client certificate for that environment.

X-Pay Token:

  • x-pay-token is blank or not in valid format.
  • Timestamp field not in valid UTC timestamp format.
  • Version field is invalid.
  • Token's timestamp is more than 8 minutes off from the current time.
  • Token hash mismatch.
  • APIKey not present in request.
  • APIKey is not active.
  • APIKey not valid.
  • APIKey not active.
  • The request contains an older version of x-pay-token than supported by the API/project. Please upgrade to the latest supported version. Consult the VDP Getting Started Guide for the same.


  • JWE Token format is invalid.
  • Kid not present in the token.
  • Token validation against Shared secret failed.
  • JWT Grant Type or Token value is either missing, empty or has multiple values.


  • JWS token validation failed.
  • Kid extraction from header failed.
  • JWT Grant Type or Token value is either missing, empty or has multiple values.
  • Kid missing in JWS header.


  • JWT prefix not in proper format.
  • JWT in Request Body not a well-formed JSON.
  • JWT does not contain grant type field or grant type field is blank.
  • JWT does not contain assertions field or assertions field is blank.
  • JWT token value does not start with the appropriate bearer_JWT prefix.
  • APIKey is not active.
  • APIKey not valid.
  • APIKey not active.

This could be due to any of the following scenarios in Message Level Encryption (JWE):

  • KeyId in request is invalid.
  • KeyId not present in the request (JWE Header/Request Header).
  • JWE payload element in request is not in the proper format.
  • JWE token does not have iat header or token has expired.


  • Request has more than one authentication tokens which is not supported.
  • Incoming http request does not contain any of the required authentication tokens for this API.



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.