Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

flomaya
Helper

"Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI Execution

Hi,

I tried to run Enroll Customer API for Visa In-App Provisioning but I got the following error:

{"responseStatus": { "status": 401, "code": "9159", "severity": "ERROR", "message": "Token Validation Failed", "info": "" }}

- I already set the SSL settings

- I already put the userid and password (basic authorization)

- I already put the x-pay-token value from groovy script which is shown in the helloworld example (but change URI="helloworld" to URI="customers")

 

I already tried the hello world API calling using SOAP UI in here: https://developer.visa.com/pages/working-with-visa-apis/x-pay-token and it return the helloworld successfully.

 

So, I'm not sure what's wrong with my API call. Can anyone please give a hint/ help on how to solve this issue please?

 

 sucessHelloWorldUsingXPayTokenFromGroovyScriptUserIdAndPassword.png

 

enrollCustomerAPIError.png

 

successGroovyScript.png

(This is my groovy script to generate x-pay token, I changed the "helloworld" to "customers")

 

 

7 REPLIES 7
flomaya
Helper

Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

Sorry, my error code is 9102 now after I changed my auth to authenticate pre-emptively. I can't edit my question.
vkamboj
Community Moderator

Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

Hi @flomaya

 

Please follow the steps in the developer.visa.com Getting started and test whether certificates are good.  

https://developer.visa.com/pages/working-with-visa-apis/visa-developer-quick-start-guide 

 

  1. Use the instruction and install the certificates. Follow exact steps 
  1. Use SOAPUI and test hello world with your certs. That is tell if there is a credential issue.  

If that works, then send us the json http request and response (complete request and response with header values) and we can help if there is an issue. 

 

Thank you, 

Vaibhav

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
flomaya
Helper

Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

Hi,

Thanks for your reply.

I actually has done the 2 steps you are talking about. Hence my first screenshot, where the helloworld successfully returned.

 

Here are my HTTP Request and Respond of the Enroll Customer API ( https://developer.visa.com/capabilities/visa-in-app-provisioning/reference#visa-in-app-provisioning_... ) :

  • Request:

{
"lastName": "Paramita",
"firstName": "Maya",
"locale": "en_US"
}

 

  • Response:

{"responseStatus": {
"status": 401,
"code": "9102",
"severity": "ERROR",
"message": "Token Validation Failed",
"info": ""
}}

 

I suspect the cause of the error might be in the x-pay-token groovy script. For helloworld we use "helloworld" in the def uri right? So I am not sure what value to be put to the parameter there for the Enroll Customer API.

This is the helloworld x-pay-token groovy script in helloworld that I was talking about:

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
def hmac(String secretKey, String data) {
Mac mac = Mac.getInstance("HmacSHA256")
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256")
mac.init(secretKeySpec)
byte[] digest = mac.doFinal(data.getBytes())
return digest
}
def APIKey = "CXPUGIJAGG7MZ5DMVOI321BUCz1t9fUabZ9l8oEauadUkv2_0"
def sharedSecret = "MC1NE#FdQnEWaLLXGrmyC{ld2fC2Vhj9Dzhfc#En"
def URI = "customers"
def QS = "apikey="+APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))
def payload = "{\"lastName\": \"Doe\", \"firstName\": \"John\", \"locale\": \"en_US\", \"encMobileNumber\": \"ewogICJjb3VudHJ5Q29kZSI6ICI2MiIsCiAgInBob25lTnVtYmVyIjogIjgxMjg4MTQwNjkyIgp9\",\"encEmailAddress\": \"bWFwZW1hcGVsYUBnbWFpbC5jb20=\", \"encAddress\":\"ewogICJuYW1lIjogIkpvaG4gRG9lIiwKICAibGluZTEiOiAiMTIzMDEgUmVzZWFyY2ggQm91bGV2YXJkIiwKICAibGluZTIiOiAiUmVzZWFyY2ggQm91bGV2YXJkIiwKICAibGluZTMiOiAiVmlzYSBVU0EiLAogICJjaXR5IjogIkF1c3RpbiIsCiAgInN0YXRlIjogIlRYIiwKICAiY291bnRyeUNvZGUiOiAiVVMiLAogICJwb3N0YWxDb2RlIjogIjc4NzU5Igp9\"}"
def HMACDigest = hmac(sharedSecret, timeStampUTC + URI + QS + payload)
def encodedDigest = HMACDigest.encodeHex().toString()
def XPayToken = "xv2:"+ timeStampUTC + ":" + encodedDigest
testRunner.testCase.setPropertyValue("xpayToken", XPayToken)
log.info(XPayToken)

 

vkamboj
Community Moderator

Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

Hello @flomaya

 

I am working with our product team on the error you reported. I will keep you updated. 

 

Thank you, 

Vaibhav

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
vkamboj
Community Moderator

Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

Hello @flomaya,

 

Can you confirm if you are using URI value as core/customers instead of customers.

 

Thanks,

Vaibhav

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
flomaya
Helper

Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

Hi @vkamboj 

Yes, I have tried to use core/customers too, but it still shows this following error result:

{"responseStatus": {
"status": 401,
"code": "9159",
"severity": "ERROR",
"message": "Token Validation Failed",
"info": ""
}}

vkamboj
Community Moderator

Re: "Token Validation Failed" 9159 in Visa in-App Provisioning Enroll Customer API SOAP UI

;Hello @flomaya

 

Here is the updated groovy Script. Kindly use this to check against the API. As you see some of the attributes such as Mobile Number, Email Address , Address needs to be encrypted using JWE Assymmetric Encryption. Please send an email to developer@visa.com so we can provide you appropriate credentials.
 
Updated groovy script below
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
def hmac(String secretKey, String data) {
Mac mac = Mac.getInstance("HmacSHA256")
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256")
mac.init(secretKeySpec)
byte[] digest = mac.doFinal(data.getBytes())
return digest
}
def APIKey = "CXPUGIJAGG7MZ5DMVOI321BUCz1t9fUabZ9l8oEauadUkv2_0"
def sharedSecret = "MC1NE#FdQnEWaLLXGrmyC{ld2fC2Vhj9Dzhfc#En"
def URI = "core/customers"
def QS = "apikey="+APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))
def payload = '{"lastName": "Doe", "firstName": "John", "locale": "en_US", "encMobileNumber": "eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNjIxODg4ODA2MDMyLCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiJRMkFZM1Y1RTNJQ05CVVU2NkQ4SzExaEJtenFkWFN2VGlOelotWW5wb3pXUlhUbzUwIn0.Bbu7ttQK4Aqim55CVBuZAC0S_2PzP5LfTIQD4C4BCfi0Cl2YC98PSdl1upfgdVU4mi5PPfW47D69kJeWt-qNPDmnBRbJJaEqTEnjmdacZZenv9ikZEeYb33bkHpnFlmlRFJjoQ1VuoQ5eoIyPVM3jVhSZ0dPvxkeqprvV65_o4A2kAW8WIdB5cQBnGLCqXuvp3Kso34wTT90Kksf_gnIGxdIKlYY-2MJ0kuiQs1iOF79v-c_9XAaScg50VlvX46BhmdoAri0961zXdveLM-O31usSMbw1nQ7MUGXxO3nJbPJxQrFt4cpAPEg7_3oXVYNyqHx-VtGRBVip45N6yHyDQ.1blIfwWx0mTf700n.oAsBbIQFla-LakC8uqAOfZLGTd-HW6NvbV0MVsrkapjYCuQl7SO-YbZrTNDjOdUaPZMTCcZSyj3WFQ.6ldZZnF1UVsTZ3YVOJFr_g","encAddress":"eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNjIxODg4OTIzODU5LCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiJRMkFZM1Y1RTNJQ05CVVU2NkQ4SzExaEJtenFkWFN2VGlOelotWW5wb3pXUlhUbzUwIn0.DKUHIwYnvH8uZGiE9YcYFMzF-rW8wK9ErihHmyAL_Qfrd-WcYVQteakexXe8QVh5OxiEE_qWC_Fp_ZASJ-UHjsC0MhpnIi1vGpkS8iLEAX8kxP9XjLyCCcjFMEzei-u4xnEApWefXXxrkQYpTgXb9Ldb-yP8-Sh4oF8AGq1BYKdD_LBMYYhumfFXulGweWkgNOPLq0OElYnNqKJXF-i_CTsaUpht_-6wA9hKi2HZpwW0XOpavw7UW9X47PrIELsg1bacHYBxRZlqpl6lmOg4XrtlmlPvoghHD9AAMBd5Kmp2_1mvL9AWrAP7NkvSLWNkFkE61MwPwxAP6dzC4HIYfQ.f1k3OXZGX2UdtdL3.caQsluLibwd1SHZPN_nA4KWXNAxcDeWGc8_OI8V4sOiT7InhJGHmKOA-asN6ug8pgpwwPTiqz1eeGSb_EjWDQlHvngvBfTYNauh2E5sld8vfjMls74GSzpII2aPGh1w9xafUjOMqVHTM9zLDnOFVyOwzHuKUDm_zgocP-R8pS1cs_X4u4rNA295LNix1rIflhrj7FyFo6ci6wMwhTOn-Lt3w55mhEq_jos4Ts3KYaq-wwYsIUoFkIwL-bZvTCgOaYDpNUfGwx1a5NKMNrphg5ZFkkAk.-GzuqpgGNsWAVDiDxBfmsw"}'
def HMACDigest = hmac(sharedSecret, timeStampUTC + URI + QS + payload)
def encodedDigest = HMACDigest.encodeHex().toString()
def XPayToken = "xv2:"+ timeStampUTC + ":" + encodedDigest
testRunner.testCase.setPropertyValue("xpayToken", XPayToken)
log.info(XPayToken)
 
Thank you, 
Vaibhav
Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.