- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have a sandbox account with administrative role.
I've been working AcceptJS to generate a payment solution and have run into a problem.
I've been able to use certain methods, like createTransactionRequest and opaqueData with no issues.
But, when I try to use the same credentials with createCustomerProfileRequest I've been receiving a the error message:
OTS Token Access Violation
I've seen the explanation that this can be because the keys were generated for Production but used in the Sandbox, but I've reset the keys while in sandbox.authorize.net twice with no resolution.
If I do not use opaqueData, then I get no error -- though I suppose this makes sense? I need to use opaqueData for PCI compliance.
I'd appreciate directions to go in from here so I can proceed with this application's construction.
Matthew
Solved! Go to Solution.
โ07-10-2019 06:51 AM
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In case anyone is interested in how this turned out, I decided to use Accept UI and let it take care of all these details for me.
The documentation seems to be saying that you can use a nonce to create a payment profile to an existing customer profile, but in actuality it will give you an OTS Token Access Violation.
So, if you have burned any time trying to do this yourself -- save yourself the headache and just use Accept UI.
Matthew
โ07-12-2019 08:37 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @maraymer
The nonce returned by Accept.js is a one-time use token. You will get this error if you attempt to use it a second time.
If you need to run multiple transactions for a customer, for example an initial payment and then create a subscription, you might do the following:
Use the nonce for a one-time payment and set createProfile as true. If the transaction is successful, the gateway will return a customer profile which can be used for other transactions.
Richard
โ07-10-2019 09:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answer. I believe I need to describe a bit more of my interaction with the API.
Not that it matters but I'm using Angular 8; just FYI
When users register, the workflow creates a customer profile id and that gets stored in the db. Here they also enter their address information.
After they verify their registration via email, they enter a payment method (via CC only for now).
From the browser, I request a nonce from ANET API.
I then pass that nonce to my own backend API where the backend looks up current user's customer profile from the db and uses the nonce plus the customer profile to make a create payment request.
var ctrl = new ApiControllers.CreateCustomerPaymentProfileController( ... );
I consistently get an OTS Token Access Violation at this point.
I've scoured the flow of this and cannot find a place where the nonce is used other than for the CreateCustomerPaymentProfileController call.
Any suggestions?
Matthew
โ07-10-2019 11:52 PM - edited โ07-10-2019 11:53 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Further to the issue described, I've also used my sandbox keys to "hand-generate" transactions via the apitest.authorize.net and have replicated the exact same error -- as well as a successful transaction when using createPaymentTransaction (using a different nonce specifically generated for that method's call).
This is either something I'm missing or its something in the way my sandbox account is setup?
Matthew
โ07-11-2019 07:59 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In case anyone is interested in how this turned out, I decided to use Accept UI and let it take care of all these details for me.
The documentation seems to be saying that you can use a nonce to create a payment profile to an existing customer profile, but in actuality it will give you an OTS Token Access Violation.
So, if you have burned any time trying to do this yourself -- save yourself the headache and just use Accept UI.
Matthew
โ07-12-2019 08:37 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
response text:
{"transactionResponse":{"responseCode":"3","authCode":"","avsResultCode":"P",
"cvvResultCode":"","cavvResultCode":"","transId":"0","refTransID":"","transHash":"","testRequest":"0",
"accountNumber":"","accountType":"",
"errors":[{"errorCode":"153","errorText":"There was an error processing the payment data. Required fields are missing from decrypted data."}],"transHashSha2":"","SupplementalDataQualificationIndicator":0},"refId":"123456","messages":{"resultCode":"Error","message":[{"code":"E00027","text":"The transaction was unsuccessful."}]}}
why retun failure?
โ09-27-2019 08:36 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
apple pay wallet card:China Union
Token from apple:
{"version":"EC_v1","data":"AfoPM4ZmwQpngugYj5P3THYSY9CmsBxHv1+CVlXWjBnKJxHD34bNMls3LxN2Ab9o7vlcTo00Rd4TxhH2ksZVF8QkShvkS00lJjzi24lWu4UIIjMz1yJdynQuEed5I+4KgIiShqno0gQpowWJj/T80LFu8QiBDR3dWtEYWw1NYDBSv7kGSgKcOTIdtdHDSyX9v5345W7M4dApkzc739IfJl0nMqBvIE8NCKcTIguDVCcBDXUpssWydiEdrknYwQR1ObyklT2BwfR2+1jfeaqpaWKp1hfTwMRajQXIGKOmkzG0ed62SndozZsqLXqw6TvCg8Jo8epVlXKaWbpxgXWDHLT5nAvEw7dlplA8FIlLEF7zGhFOHdW8puVVIYlAi97kd/aXBhR9qxaPYT6ymu0CNYEMzC0a2CMtqgQ6PB9F7WXZLNfF10NrOIpXZApU0PgSaKOjHmKlTx46W+0d876UQeputqF/6UtZfo9YZzTx4EHAGNL17qQwzsKbWm1qgZOSUzzuTRRwQivtDs5UbVZdRu/hkj3wrfPOZylpGq4hm5HPi/ecX7Ki62I2z4cLobmpuq5CghKXXEk+j4idTSEjapVCsINT6M1PE3S0v+LlGw3U473GX2T2xuA=","signature":"MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID7jCCA5SgAwIBAgIIOSxBHvsgmD0wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE2MDExMTIxMDc0NloXDTIxMDEwOTIxMDc0NlowazExMC8GA1UEAwwoZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRF9LcnlwdG9uX0VDQzEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZuDqDnh9yz9mvFMxidor2gjtlXTkIRF6oa8swxD2qLGco+d+0A+oTo3yrIaI5SmGbnbrrYntpbfDNuDw2KfQXaOCAhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFFfHNZQqvZ6i/szTy+ft4KN8jMX6MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0gAMEUCIESIU8bEgwEjtEq2dDbRO+C10CsxjVVVISgpzdjEylGWAiEAkOZ+sj5vSzNlDlOy5vyJ5ZO3b5G5PpnvwJx1gc4A9eYwggLuMIICdaADAgECAghJbS+/OpjalzAKBggqhkjOPQQDAjBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xNDA1MDYyMzQ2MzBaFw0yOTA1MDYyMzQ2MzBaMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPAXEYQZ12SF1RpeJYEHduiAou/ee65N4I38S5PhM1bVZls1riLQl3YNIk57ugj9dhfOiMt2u2ZwvsjoKYT/VEWjgfcwgfQwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxlcm9vdGNhZzMwHQYDVR0OBBYEFCPyScRPk+TvJ+bE9ihsP6K7/S5LMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUu7DeoVgziJqkipnevr3rr9rLJKswNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVyb290Y2FnMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAg4EAgUAMAoGCCqGSM49BAMCA2cAMGQCMDrPcoNRFpmxhvs1w1bKYr/0F+3ZD3VNoo6+8ZyBXkK3ifiY95tZn5jVQQ2PnenC/gIwMi3VRCGwowV3bF3zODuQZ/0XfCwhbZZPxnJpghJvVPh6fRuZy5sJiSFhBpkPCZIdAAAxggGNMIIBiQIBATCBhjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMCCDksQR77IJg9MA0GCWCGSAFlAwQCAQUAoIGVMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDkyODA4MDU1NlowKgYJKoZIhvcNAQk0MR0wGzANBglghkgBZQMEAgEFAKEKBggqhkjOPQQDAjAvBgkqhkiG9w0BCQQxIgQgKUAsV9tonA62sY5170dcp+7xl8MiTEJbA+ViamKuw+EwCgYIKoZIzj0EAwIESDBGAiEAm2m4LVLgDCrXztRp6vudbxr6cuez54aJhGhrTQUtDbYCIQCrrjjDt8WbNTr3wC0UTVXBbiw6VOd4S8U/xNa8EaW+FgAAAAAAAA==","header":{"ephemeralPublicKey":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5aUdauXBW7+McqIncHui1/58FlW8rc69Bs/KPSWGo5SUQ6cA/ekecjq15PQ6OMOvP2z64gm8klO61zOcV8IIiw==","publicKeyHash":"hchHAlA90rcN1UuKIM22UliT95t5zvtryeJZd+xRrkQ=","transactionId":"069282c483c530b5395b135dffd08c519fba02eb66ab9334d6472bb21b6ed032"}}
so above toke base64 encode,send to AuthorizeNet response so below:
{"transactionResponse":{"responseCode":"3","authCode":"","avsResultCode":"P","cvvResultCode":"","cavvResultCode":"","transId":"0","refTransID":"","transHash":"","testRequest":"0","accountNumber":"","accountType":"","errors":[{"errorCode":"153","errorText":"There was an error processing the payment data. Required fields are missing from decrypted data."}],"transHashSha2":"","SupplementalDataQualificationIndicator":0},"refId":"123456","messages":{"resultCode":"Error","message":[{"code":"E00027","text":"The transaction was unsuccessful."}]}}
โ09-28-2019 01:25 AM