HMAC validation Failure

You're missing the HMAC implementation. Please take a look at the API Docs & Sandbox section. We also have sample implementations in our code samples that will help.

Excerpted below from our developer documentation ..
Construct the data param by appending the parameters below in the same order as shown.
a. apikey - API key of the developer.
b. nonce - secure random number.
c. timestamp - epoch timestamp in milliseconds.
d. token - Merchant Token.
e. payload - Actual body content passed as post request.

Compute HMAC SHA256 hash on the above data param using the key below
f. apiSecret - Consumer Secret token for the given api key

Calculate the base64 of the hash which would be our required Authorization header value.

Hi alagesanshunmug..,

Can you please try using the latest sample code given on the payeezy website along with the latest Apple Pay Payeezy toolkit. 

Thanks,

Nilesh Dafe

Hi markstenersen1492, Can you please share your php code with us ? Thanks and Regards, Nilesh Dafe

Thanks markstenersen1492,

We will take a look at your code.

Thanks and Regards,

Nilesh Dafe

I am getting the following when I execute your php. Does not look like the php is executed. 

//////////////////////////////////////////////////////////////////////////////// // // example.php: generate a json request to Payeezy // //////////////////////////////////////////////////////////////////////////////// require_once 'Payeezy.php'; // initialise Payeezy $payeezy = new Payeezy(); // set Payeezy params $payeezy::$apiKey = 'MY API KEY'; $payeezy::$apiSecret = 'MY API SECRET'; $payeezy::$merchantToken = 'fdoa-a480ce8951daa73262734cf102641994c1e55e7cdf4c02b6'; $payeezy::$baseURL = 'https://api-cert.payeezy.com/v1/transactions'; // json_request $json_request = array( 'amount'=> '1299', 'card_number' => '4788250000028291', 'card_type' => 'visa', 'card_holder_name' => 'John Smith', 'card_cvv' => '123', 'card_expiry' => '1216', 'merchant_ref' => 'Test Transaction', 'currency_code' => 'USD' ); $json_response = $payeezy->purchase($json_request); //////////////////////////////////////////////////////////////////////////////// // // Payeezy.php: required Payeezy class for test.php // //////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// // Payeezy: class to encapsulate Payeezy IPN POST data //////////////////////////////////////////////////////////////////////////////// class Payeezy { public static $apiKey, $apiSecret, $merchantToken, $baseURL, $url; //////////////////////////////////////////////////////////////////////////////// // set_api_key //////////////////////////////////////////////////////////////////////////////// public static function set_api_key($apiKey) { self::$apiKey = $apiKey; } //////////////////////////////////////////////////////////////////////////////// // get_api_key //////////////////////////////////////////////////////////////////////////////// public static function get_api_key() { return self::$apiKey; } //////////////////////////////////////////////////////////////////////////////// // set_api_secret //////////////////////////////////////////////////////////////////////////////// public static function set_api_secret($apiSecret) { self::$apiSecret = $apiSecret; } //////////////////////////////////////////////////////////////////////////////// // get_api_secret //////////////////////////////////////////////////////////////////////////////// public static function get_api_secret() { return self::$apiSecret; } //////////////////////////////////////////////////////////////////////////////// // set_url //////////////////////////////////////////////////////////////////////////////// public static function set_url($baseURL) { self::$baseURL = $baseURL; } //////////////////////////////////////////////////////////////////////////////// // get_url //////////////////////////////////////////////////////////////////////////////// public static function get_url() { return self::$baseURL; } //////////////////////////////////////////////////////////////////////////////// // set_merchant_token //////////////////////////////////////////////////////////////////////////////// public static function set_merchant_token($merchantToken) { self::$merchantToken = $merchantToken; } //////////////////////////////////////////////////////////////////////////////// // get_merchant_token //////////////////////////////////////////////////////////////////////////////// public static function get_merchant_token() { return self::$merchantToken; } //////////////////////////////////////////////////////////////////////////////// // get_payload //////////////////////////////////////////////////////////////////////////////// public function get_payload($args = array()) { $args = array_merge(array( 'amount'=> '', 'card_number' => '', 'card_type' => '', 'card_holder_name' => '', 'card_cvv' => '', 'card_expiry' => '', 'merchant_ref' => '', 'currency_code' => '', 'transaction_tag' => '', 'split_shipment' => '', 'transaction_id' => ''), $args ); $transaction_type = strtolower(func_get_arg(1)); $data = ''; if($transaction_type == ('authorize' || 'purchase')) { self::$url = self::$baseURL; $data = array( 'merchant_ref'=> $args['merchant_ref'], 'transaction_type'=> $transaction_type, 'method'=> 'credit_card', 'amount'=> $args['amount'], 'currency_code'=> strtoupper($args['currency_code']), 'credit_card'=> array( 'type'=> $args['card_type'], 'cardholder_name'=> $args['card_holder_name'], 'card_number'=> $args['card_number'], 'exp_date'=> $args['card_expiry'], 'cvv'=> $args['card_cvv'] ) ); } else { self::$url = self::$baseURL . '/' . $args['transaction_id']; if($transaction_type == 'split') { $data = array( 'merchant_ref'=> $args['merchant_ref'], 'transaction_type'=> $transaction_type, 'method'=> 'credit_card', 'amount'=> $args['amount'], 'currency_code'=> strtoupper($args['currency_code']), 'transaction_tag'=>$args['transaction_tag'], 'split_shipment'=>$args['split_shipment'] ); } else { $data = array( 'merchant_ref'=> $args['merchant_ref'], 'transaction_type'=> $transaction_type, 'method'=> 'credit_card', 'amount'=> $args['amount'], 'currency_code'=> strtoupper($args['currency_code']), 'transaction_tag'=>$args['transaction_tag'] ); } } return json_encode($data, JSON_FORCE_OBJECT); } //////////////////////////////////////////////////////////////////////////////// // hmac_auth_token //////////////////////////////////////////////////////////////////////////////// public function hmac_auth_token($payload) { $nonce = strval(hexdec(bin2hex(openssl_random_pseudo_bytes(4)))); $timestamp = strval(time()); $data = self::$apiKey + $nonce + $timestamp + self::$merchantToken + $payload; // HMAC hash in hex $hmac = hash_hmac('sha256', $data , self::$apiSecret, false); $authorization = base64_encode($hmac); return array( 'authorization' => $authorization, 'nonce' => $nonce, 'timestamp' => $timestamp ); } //////////////////////////////////////////////////////////////////////////////// // json_pretty_print - Pretty print JSON data //////////////////////////////////////////////////////////////////////////////// public function json_pretty_print($json, $istr = ' ') { $result = ''; for($p=$q=$i=0; isset($json[$p]); $p++) { $json[$p] == '"' && ($p>0?$json[$p-1]:'') != '\\' && $q=!$q; if(strchr('}]', $json[$p]) && !$q && $i--) { strchr('{[', $json[$p-1]) || $result .= "\n".str_repeat($istr, $i); } $result .= $json[$p]; if(strchr(',{[', $json[$p]) && !$q) { $i += strchr('{[', $json[$p]) === false ? 0 : 1; strchr('}]', $json[$p+1]) || $result .= "\n" . str_repeat($istr, $i); } } return $result; } //////////////////////////////////////////////////////////////////////////////// // post_transaction //////////////////////////////////////////////////////////////////////////////// public function post_transaction($payload, $headers) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, self::$url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'apikey: ' . strval(self::$apiKey), 'token: ' . strval(self::$merchantToken), 'Authorization: ' . $headers['authorization'], 'nonce: ' . $headers['nonce'], 'timestamp: ' . $headers['timestamp'] )); //curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); //echo self::$url; var_dump($headers); echo ''; var_dump($payload); $response = curl_exec($ch); if(!$response) $response = curl_error($ch); curl_close($ch); return $response; } //////////////////////////////////////////////////////////////////////////////// // authorize //////////////////////////////////////////////////////////////////////////////// public function authorize($args = array()) { $payload = $this->get_payload($args, 'authorize'); $headerArray = $this->hmac_auth_token($payload); return $this->post_transaction($payload, $headerArray); } //////////////////////////////////////////////////////////////////////////////// // purchase //////////////////////////////////////////////////////////////////////////////// public function purchase($args = array()) { $payload = $this->get_payload($args, 'purchase'); $headerArray = $this->hmac_auth_token($payload); return $this->post_transaction($payload, $headerArray); } //////////////////////////////////////////////////////////////////////////////// // capture //////////////////////////////////////////////////////////////////////////////// public function capture($args = array()) { $payload = $this->get_payload($args, 'capture'); $headerArray = $this->hmac_auth_token($payload); return $this->post_transaction($payload, $headerArray); } //////////////////////////////////////////////////////////////////////////////// // void //////////////////////////////////////////////////////////////////////////////// public function void($args = array()) { $payload = $this->get_payload($args, 'void'); $headerArray = $this->hmac_auth_token($payload); return $this->post_transaction($payload, $headerArray); } //////////////////////////////////////////////////////////////////////////////// // refund //////////////////////////////////////////////////////////////////////////////// public function refund($args = array()) { $payload = $this->get_payload($args, 'refund'); $headerArray = $this->hmac_auth_token($payload); return $this->post_transaction($payload, $headerArray); } //////////////////////////////////////////////////////////////////////////////// // split_shipment //////////////////////////////////////////////////////////////////////////////// public function split_shipment($args = array()) { $payload = $this->get_payload($args, 'split'); $headerArray = $this->hmac_auth_token($payload); return $this->post_transaction($payload, $headerArray); } } 

Hi markstenersen1492,

we will take a look at your code.

Thanks and Regards,

Nilesh Dafe

Hi markstenersen1492,

Can you send me the parameters that you are passing to the example test page?

Thanks and Regards,

Nilesh Dafe

can any one answer, why always geting "HMAC validation Failure" error response .
my code:
{
"transaction_type": "authorize",
"method": "credit_card",
"amount": "420",
"currency_code": "USD",
"credit_card": {
"type": "visa",
"cardholder_name": "Test Account",
"card_number": "4012000033330026",
"exp_date": "1119",
"cvv": "675"
}
}

Hi Tijender,

These are the common causes for “HMAC validation Failure”:

1. API key and/or API secret are incorrect.
2. Leading or trailing spaces in the API key, API secret, merchant token.
3. Timestamp in the HTTP header is not in milliseconds.
4. Timestamp in the HTTP header does not represent EPOCH time.
5. Epoch time is not being calculated from UTC.
6. Timestamp in the HTTP header is not within 5 minutes of our server time
7. System time is not accurate.

Let us know if this helped. Sample code for generating HMAC authorization is available in the "Docs and Sandbox" page and in Direct API repositories

Regards,

Payeezy Team

Can any help me ?
i got this error:
{
"code": "403",
"message": "HMAC validation Failure"
}

Please email the code you're using to generate the HMAC authorization to support.payeezy@firstdata.com