6 posts / 0 new
Last post
jamesmurphy8644
"(500) Internal Server Error." when posting a credit card transaction

I'm getting this message when attempting to post a credit card transaction.

Any insights?

Thanks!

The data string looks like this:

{"merchant_ref": "Monthly-Payment", "transaction_type": "purchase", "method": "credit_card", "amount": "1299", "currency_code": "USD", "credit_card": {"type": "visa", "cardholder_name": "John Smith", "card_number": "4111111111111111", "exp_date": "1020", "cvv": "123", }}

The headers look like this:

Content-Type: application/json apikey: 4IkuPdzYyOC85IJjiFjkO6EBNdJgYXl3 token: 829d42949229c12d Authorization: 4990288f64eebcb7cdc9401cf61f8e3c8d7aa4b96c1e6701acf58a3a4b3945dc nonce: 8774615874874690000 timestamp: 1463235664855

generated by this VB.Net code:

<%@ Page Language="vb" %>

Sub Test_Click(ByVal sender As Object, ByVal e As System.EventArgs)

Dim siteUrl As String = "https://api-cert.payeezy.com/v1/transactions"
Dim contentType As String = "Content-Type:application/json"
Dim API_Key As String = "apikey:4IkuPdzYyOC85IJjiFjkO6EBNdJgYXl3"
Dim Token As String = "token:829d42949229c12d"
Dim api_Auth As String = "Authorization:4990288f64eebcb7cdc9401cf61f8e3c8d7aa4b96c1e6701acf58a3a4b3945dc"
Dim nonce As String = "nonce:" & (10000000000000000000UL * New Random(DateTime.Now.Millisecond).NextDouble()).ToString("0000000000000000000")
Dim timeStamp As String = "empty"
Dim timeStampValue As String = "empty"
Dim transData As StringBuilder
Dim transResponse As String = "empty"

Dim transMethod As String = "Post"
Dim leftcb As String = "{"
Dim rightcb As String = "}"
Dim sep As String = ", "
Dim colon As String = ": "
Dim merch_ref_label As String = "merchant_ref"
Dim trans_type_label As String = "transaction_type"
Dim trans_method_label As String = "method"
Dim trans_amount_label As String = "amount"
Dim trans_currency_label As String = "currency_code"
Dim cc_label As String = "credit_card"
Dim cc_type_label As String = "type"
Dim cc_name_label As String = "cardholder_name"
Dim cc_number_label As String = "card_number"
Dim cc_exp_date_label As String = "exp_date"
Dim cc_cvv_label As String = "cvv"
Dim dquote As String = """"

Dim merch_ref_value As String = "Monthly-Payment"
Dim trans_type_value As String = "purchase"
Dim trans_method_value As String = "credit_card"
Dim trans_currency_value As String = "USD"

Dim transaction As New Net.WebClient

transData = New StringBuilder()
transData.Append(leftcb & dquote & merch_ref_label & dquote & colon & dquote & merch_ref_value & dquote & sep)
transData.Append(dquote & trans_type_label & dquote & colon & dquote & trans_type_value & dquote & sep)
transData.Append(dquote & trans_method_label & dquote & colon & dquote & trans_method_value & dquote & sep)
transData.Append(dquote & trans_amount_label & dquote & colon & dquote & "1299" & dquote & sep)
transData.Append(dquote & trans_currency_label & dquote & colon & dquote & trans_currency_value & dquote & sep)
transData.Append(dquote & cc_label & dquote & colon & leftcb)
transData.Append(dquote & cc_type_label & dquote & colon & dquote & "visa" & dquote & sep)
transData.Append(dquote & cc_name_label & dquote & colon & dquote & "John Smith" & dquote & sep)
transData.Append(dquote & cc_number_label & dquote & colon & dquote & "4111111111111111" & dquote & sep)
transData.Append(dquote & cc_exp_date_label & dquote & colon & dquote & "1020" & dquote & sep)
transData.Append(dquote & cc_cvv_label & dquote & colon & dquote & "123" & dquote & sep)
transData.Append(rightcb & rightcb)

transaction.Headers.Add(contentType)
transaction.Headers.Add(API_Key)
transaction.Headers.Add(Token)
transaction.Headers.Add(api_Auth)
transaction.Headers.Add(nonce)
timeStampValue = CLng((DateTime.UtcNow - New DateTime(1970, 1, 1)).TotalMilliseconds).ToString
timeStamp = "timestamp:" & timeStampValue
transaction.Headers.Add(timeStamp)

transResponse = transaction.UploadString(siteUrl, "POST", transData.ToString)
' transResponse = transaction.Headers.ToString

Session("StransData") = transResponse.ToString

Response.Redirect("showresult.aspx")

End Sub


rohitrajagopal3538
Re: "(500) Internal Server Error." when posting a credit card...

James - The token you have used seems incorrect. The token here is the merchant token. It is available in the Merchants page.


jamesmurphy8644
Re: "(500) Internal Server Error." when posting a credit card...

Thanks. I was mistakenly using the reporting token from my API page. I appreciate the help.

I changed it to the ACME Sox merchant token. I also noticed an extra comma at the end of my data string which I removed.

I am now getting a 403 (Forbidden) error. Any further suggestions? FYI since there weren't any .NET examples I based this code of the CURL examples in the SDK. Seems like I'm getting connected but the API doesn't like what I'm sending. Two questions:

1. Do I need to utilize an HMAC hash? It seems to be present in some other .NET posts on the forum but they are not using the WebClient class.
2. Does the data need to be a byte stream?

Here's the headers and data again:

Content-Type: application/json apikey: 4IkuPdzYyOC85IJjiFjkO6EBNdJgYXl3 token: fdoa-4ccbc423fda87c6138683245ba3bc20d4ccbc423fda87c61 Authorization: 4990288f64eebcb7cdc9401cf61f8e3c8d7aa4b96c1e6701acf58a3a4b3945dc nonce: 8616793611374120000 timestamp: 1463445333832

{"merchant_ref": "Monthly-Payment", "transaction_type": "purchase", "method": "credit_card", "amount": "1299", "currency_code": "USD", "credit_card": {"type": "visa", "cardholder_name": "John Smith", "card_number": "4111111111111111", "exp_date": "1020", "cvv": "123", }}


rohitrajagopal3538
Re: "(500) Internal Server Error." when posting a credit card...

James,

Yes, you will need to compute the HMAC hash using your api secret. Here is an example in C# 

 

        static byte[] CalculateHMAC(string data, string secret)

        {

            HMAC hmacSha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret));

            byte[] dataBytes = Encoding.UTF8.GetBytes(data);

            byte[] hmac2Hex = hmacSha256.ComputeHash(Encoding.UTF8.GetBytes(data));

 

            string hex = BitConverter.ToString(hmac2Hex);

            hex = hex.Replace("-", "").ToLower();

            byte[] hexArray = Encoding.UTF8.GetBytes(hex);

            return hexArray;

        }

where data = apiKey + nonce + time + token + jsonString and secret = API secret.


jamesmurphy8644
Re: "(500) Internal Server Error." when posting a credit card...

I don't understand the purpose of this statement in your example:

byte[] dataBytes = Encoding.UTF8.GetBytes(data);

Also, how do I use the HMAC hash once I have it? Do I use it as the Authorization header? If so why not return a string instead of the byte array?

thanks


rohitrajagopal3538
Re: "(500) Internal Server Error." when posting a credit card...

James - I apologize, that line is not required. Please use this -

 

public static string CalculateHMAC(PZHeaders headers, string jsonString)

        {

            /*

             * This function creates an HMAC SHA256 Hash of the Transaction data

             */

            string hashData = headers.APIKey + headers.NONCE + headers.TimeStamp + headers.Merchant_Token + jsonString;

 

            HMAC hmacSha256 = new HMACSHA256(Encoding.UTF8.GetBytes(headers.APISecret));

            byte[] hmac2Hex = hmacSha256.ComputeHash(Encoding.UTF8.GetBytes(hashData));

 

            string hex = BitConverter.ToString(hmac2Hex);

            hex = hex.Replace("-", "").ToLower();

            byte[] hexArray = Encoding.UTF8.GetBytes(hex);

            string base64Hash = Convert.ToBase64String(hexArray);

            return base64Hash;

        }

 

The PZHeaders class is defined here:

 

public class PZHeaders

    {

        public string APIKey { get; set; }

        public string APISecret { get; set; }

        public string Merchant_Token { get; set; }

        public string NONCE { get; set; }

        public string TimeStamp { get; set; }

        public string JS_Security_Key { get; set; }

        public string TA_Token { get; set; } 

    }

Once you have the HMAC hash, use it as the authorization header.