Hi @alavu, 

The 401 Token Validation Failed error you're getting will be seen when the x-pay-token sent in the header is invalid. 

A couple of things I'd like you to note while generating the token: 

1. For starters, please follow the getting started documentation to generate a valid token: https://developer.visa.com/pages/working-with-visa-apis/x-pay-token. There is also this Visa YouTube video that may help: https://youtu.be/RZ7zlDA89xE 
2. APIkey in the url query param should be the same as the one used to generate xpayToken 
3. “resourcePath” sent in the xpaytoken has to be as per the documentation (eg: v2/payments?apikey={apikey}). 
4. Payload sent in the request payload should exactly match along with spaces to the “requestBody” value used in xpaytoken. 

Can you send a screenshot of the request header? 

Also, could you check to see if you're passing a correct value for URI. For example, make sure it’s defined correctly in the beginning of your code, and use the same value for the URI in the middle of your code. In general, for cases like this (i.e. “helloworld works, but the API XX doesn’t”).

Thanks, 

Illana

"Sure, I can share you a screenshot of the request header.

Here, I'm not using below the header field x-pay-token - "${#TestCase#xpayToken}" for getting token values, instead of I'm directly taking token from the groovy script and inserting the "Value" field. I tried that way for testing "helloworld" Api, but I got the token validation error so chosen this way.

Hi @alavu, 

In looking at your screenshots and comparing to the X-pay token guide and video, 

in your header for x-pay-token you have the value set to the actual token value when I believe it should be ${#TestCase#xpayToken} (see step 8 in the X pay token guide).

Please try and let me know.

Thanks, 

Illana

@alavu 

Apologies- I realize that you mentioned trying to take the value from your groovy script; can you double check the following as well: 

• Resource path should not have “/” at the end
• apiKey is case sensitive and must be the same what is passed in the request and as is used in x-pay-token creation
• query string or resource path should not include “?”
• there must not be any space “ “, new line "\n" or “.” in the request payload or at the end as compared to the one used in creating the x-pay-token
• Ensure resource path capitalisation matches API definition - provisionedToken is not the same as provisionedtoken.

Hi, @I_Doroteo3 

 I have double-checked the recommendations you provided, including ensuring that the resource path does not have a "/" at the end, verifying that the apiKey is case sensitive and is used consistently in the request and x-pay-token creation, and that the resource path capitalization matches the API definition.

However, despite these efforts, I am still encountering the same issue. I have also tried the additional suggestions you provided in your last response, but to no avail. I am including the details of my Postman request and any error messages that I have received for your reference.

EndPoint: https://sandbox.api.visa.com/inapp/provisioning/cardData/applePay?apiKey=<KEY>

Request Header: 

   key                          Value
x-pay-token            {{x-pay-token}}

Request Body :

{

  "vCardID": "v-123-b25dd0af-2960-420b-8aaa-49b3e466c00f",

  "deviceCert": "adevicecert",

  "nonceSignature": "jD4Aphu+93N2wbBn",

  "nonce": "vXWJaBidcTLaJJCF"

}

Pre-request Script:

var resourcePath = 'inapp/provisioning/cardData/applePay';
var queryParams = '<KEY>';
var sharedSecret = '<ID>';
var postBody = pm.request.body.toString();

var timestamp = Math.floor(Date.now() / 1000);  
var preHashString = timestamp + resourcePath + queryParams + postBody;  
var hashString = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA256(preHashString, sharedSecret));
var xPayToken = 'xv2:' + timestamp + ':' + hashString;

postman.setEnvironmentVariable('x-pay-token', xPayToken);

Response Header (include the x-correlation-id) :

Key                                                        Value

Server                                                   nginx

Date                                                      Tue, 04 Apr 2023 09:47:18 GMT
Content-Type                                        application/json

Content-Length                                    112

Connection                                           keep-alive
X-SERVED-BY                                       -68c8b6f9

X-CORRELATION-ID                             1680601638_168_338020198_-68c8b6f9_VDP_WS

x-vdp-normalized-url                            /inapp/provisioning/cardData/applePay

X-APP-STATUS                                       401

x-vdp-authn-api-visa-id                        VIAP.101

X-ERROR-ORIGIN                                  9100

Response Body :

{
    "responseStatus": {
        "status": 401,
        "code": "9159",
        "severity": "ERROR",
        "message": "Token Validation Failed",
        "info": ""
    }
}

Query Params:

Key                                          Value

apiKey                                     <KEY>

Could you please assist me further in resolving this issue? I would appreciate any additional insights or suggestions you can offer.

Thank you for your time and support.

Best regards,
Alavu

Hi @alavu, 

I've submitted a ticket for your issue and provided the info you shared to the technical team; I'll reach back out when I receive a response.

Thanks, 

Illana

Hi @I_Doroteo3 ,

I wanted to check in on the status of the ticket that was submitted for my issue. Have you received any updates from the technical team yet?

Thanks,
Alavu

Hi @alavu

Thanks for your patience, the root cause is a token hash mismatch error due to XPT setup.

Thanks, 

Illana