Re: sharedSecret

BABALFADAA
Dabbler

sharedSecret

def sharedSecret = "xv2:" + timestamp + ":" + SHA256HMAC
def URI = "helloworld"
def QS = "apikey="+APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))
def payload = ""
def HMACDigest = hmac(sharedSecret, timeStampUTC + URI + QS + payload)
def encodedDigest = HMACDigest.encodeHex().toString()
def XPayToken = "xv2:"+ timeStampUTC + ":" + encodedDigest
testRunner.testCase.setPropertyValue("xpayToken", XPayToken)
log.info(XPayToken)

3 REPLIES 3
BABALFADAA
Dabbler

Re: sharedSecret

sharedSecret = "xv2:" + timestamp + ":" + SHA256HMACdef 

THIS SHOWS MY MISTAKE IN WHAT WE SHOULD WRITE?????

SyedSa
Community Moderator

Re: sharedSecret

Hi @BABALFADAA, Thank you for reaching out. An agent will get back to you as soon as possible. Until then, if any community member has information that may be helpful, feel free to reply in this thread.

DianaVisaPM
Visa Developer Support Specialist

Re: sharedSecret

Hey @BABALFADAA,

 

You need to generate an x-pay-token to authenticate your API requests. The process involves creating a shared secret and generating a HMAC digest.

 

Here is a corrected version of your script, including a more structured approach to generating the x-pay-token.

 

Corrected Script for Generating x-pay-token

```groovy
def generateHMAC(sharedSecret, data) {
Mac mac = Mac.getInstance("HmacSHA256")
SecretKeySpec secretKey = new SecretKeySpec(sharedSecret.getBytes(), "HmacSHA256")
mac.init(secretKey)
return mac.doFinal(data.getBytes())
}

def APIKey = "your-api-key"
def URI = "helloworld"
def QS = "apikey=" + APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))
def payload = ""
def sharedSecret = "your-shared-secret"
def dataToSign = timeStampUTC + URI + QS + payload

def HMACDigest = generateHMAC(sharedSecret, dataToSign)
def encodedDigest = HMACDigest.encodeHex().toString()
def XPayToken = "xv2:" + timeStampUTC + ":" + encodedDigest

testRunner.testCase.setPropertyValue("xpayToken", XPayToken)
log.info(XPayToken)
```

 

Explanation

1. generateHMAC Function:
- This function creates a HMAC digest using the HmacSHA256 algorithm.
- It takes the sharedSecret and data to sign as input parameters.

 

2. Variables:
- APIKey: Your API key provided by Visa.
- URI: The endpoint you are accessing, in this example, "helloworld".
- QS: The query string, which includes the API key.
- timeStampUTC: Current timestamp in seconds since Epoch.
- payload: The request payload, which is an empty string in this case.
- sharedSecret: Your shared secret key provided by Visa.
- dataToSign: Concatenation of timeStampUTC, URI, QS, and payload that will be signed.

 

3. Generate HMAC Digest:
- The generateHMAC function is used to generate the HMAC digest.

 

4. Encode the Digest:
- The resulting HMAC digest is encoded into a hexadecimal string.

 

5. Create x-pay-token:
- The x-pay-token is created by concatenating the version (xv2), timestamp, and encoded HMAC digest.

 

6. Set Property and Log:
- The generated x-pay-token is set as a property in the test case and logged for verification.

 

This script should correctly generate the x-pay-token required for authenticating your API requests with the Visa Developer Portal. Make sure to replace "your-api-key" and "your-shared-secret" with your actual API key and shared secret provided by Visa.




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.