7 posts / 0 new
Last post
joemueller4573
403 Error

I'm getting the following error message in the chrome console when trying to call method credit_card:

XMLHttpRequest cannot load https://api-cert.payeezy.com/v1/transactions. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.

I'm not sure if I am doing something wrong or something needs to be done on the server. It sounds to me the server has to allow access to my domain from what I have been reading. The following is from the a website that discusses CORS:

"In order for this to work, the server must enable credentials by setting the Access-Control-Allow-Credentials response header to “true”.

Access-Control-Allow-Credentials: true"

It seems like my ip address might need to be whitelisted on the api in order to communicate with the server.

Any help regarding this subject is greatly appreciated.

Thanks,

Joe


rohitrajagopal3402
Re: 403 Error

Hi Joe,

I called the same method from the developer portal. I got the following headers in the response to the pre-flighted OPTIONS request.

  1. Access-Control-Allow-Headers:
    accept,apikey,authorization,content-type,nonce,timestamp,token
  2. Access-Control-Allow-Methods:
    GET, POST, PUT, DELETE
  3. Access-Control-Allow-Origin:
    *
  4. Connection:
    keep-alive
  5. Content-Length:
    0
  6. Content-Type:
    application/json

The server responded with a Access-Control-Allow-Origin: * which means that the resource can be accessed by any domain in a cross-site manner. So, I don't think it is a problem with your IP address.

However, in your request the Origin is set to null which might be causing the issue. Can you try the recommendations in this thread in stackoverflow? 

http://stackoverflow.com/questions/4208530/xmlhttprequest-origin-null-is-not-allowed-access-control-allow-origin-for-file

Regards,

Payeezy Team

  1.  
  2.  
  3.  

joemueller4573
Re: 403 Error

Thanks for the speedy response. I followed the directions in the link you provided. I still get the same error message. I also put the code up on my server to run it which changed the Origin to my domain instead of null and that didn't help either.

The following is the response I get from your developer portal which works fine for me:

Access-Control-Allow-Headers:
Content-Type
Access-Control-Allow-Methods:
GET
Access-Control-Allow-Origin:
http://localhost:8080
Access-Control-Max-Age:
3628800
Access-Control-Request-Headers:
origin
Connection:
keep-alive
Content-Language:
en-US
Content-Length:
536
Content-Type:
application/json;charset=UTF-8
Date:
Wed, 22 Jul 2015 20:22:51 GMT
OPTR_CXT:
01000100007115ef79-acbc-4265-ba70-339cabf3ac5100000000-0000-0000-0000-000000000000-1 HTTP ;
X-Archived-Client-IP:
10.174.197.250
X-Backside-Transport:
OK OK
X-Client-IP:
10.174.197.250
X-Powered-By:
Servlet/3.0
{
"correlation_id": "124.1437596571412",
"transaction_status": "approved",
"validation_status": "success",
"transaction_type": "authorize",
"transaction_id": "ET128438",
"transaction_tag": "57329726",
"method": "credit_card",
"amount": "1299",
"currency": "USD",
"cvv2": "M",
"token": {
"token_type": "FDToken",
"token_data": {
"value": "2629742478108291"
}
},
"card": {
"type": "visa",
"cardholder_name": "John Smith",
"card_number": "8291",
"exp_date": "1020"
},
"bank_resp_code": "100",
"bank_message": "Approved",
"gateway_resp_code": "00",
"gateway_message": "Transaction Normal"
}


pramodrao2872
Re: 403 Error

Hi Joe,

403 Error is received when HMAC validation fails. HMAC validation could fail due to a number of reasons as listed below.

 

1) Api Key is incorrect

2) Api Secret is incorrect

3) timestamp is not in sync with our server time. Timestamp you generate on your end should be within 5 minutes of our server time. The timestamp should be in milli seconds format representing EPOH time.

4) The authorization value which is hmac should be calculated as per the algorithm.

Please refer to above parameters and verify all values as expected.

If you are still having issues, please send an email to support@payeezy.com.


joemueller4573
Re: 403 Error

The code I'm using comes from the node js example your team has on github. The following code is the gist of what I'm using to generate the hmac:

requestJSON = {
"merchant_ref": "Astonishing-Sale",
"transaction_type": "authorize",
"method": "credit_card",
"amount": "1299",
"currency_code": "USD",
"credit_card": {
"type": "visa",
"cardholder_name": "John Smith",
"card_number": "4788250000028291",
"exp_date": "1020",
"cvv": "123"
}
};

var payload = JSON.stringify(requestJSON);
var nonce = Math.random() * 1000000000000000000;
var timeInMillis = new Date().getTime();
var headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'apikey': this.payeezy.getApiKey(),
'token': this.payeezy.getToken(),
'nonce': nonce,
'timestamp':timeInMillis,
'Authorization': util.getAuthorizationHeader(this.payeezy.getApiKey(), this.payeezy.getApiSecret(), payload, this.payeezy.getToken(), nonce, timeInMillis)
};

getAuthorizationHeader: function (apiKey, apiSecret, payload, token, nonce, timestamp) {
var data = apiKey + nonce + timestamp + token + payload;
var digest = CryptoJS.HmacSHA256(data, apiSecret);
var header = new Buffer(digest.toString()).toString('base64');
return header;
}

Please let me know if you see anything that would make the hmac not work.

Thanks,
Joe


rohitrajagopal3402
Re: 403 Error

Hi Joe,

Can you please confirm if the API path in your code is "https://api-cert.payeezy.com/v1/transactions"?

Regards,

Payeezy Team


joemueller4573
Re: 403 Error

var options = {
host: "api-cert.payeezy.com",
method: "POST",
path: "/v1/transactions",
port: "443"
}

var req = http.request(options);