9 posts / 0 new
Last post
harleysunderlin5618
Receive 403 HMAC Validation Error from App test post and Docs & Sandbox try out pages

Background:
- Posting to Sandbox URL https://api-cert.payeezy.com/v1/transactions
- Using Sandbox cart's ApiKey and ApiSecert
- Using Sandbox Merchant Token Key
- 99% sure I am generating HMAC key correctly.
- Posting from test application returns 403 HMAC Validation Error
- Posting from Docs & Sandbox Token Based Payments section using cart keys and merchant Token returns 403 HMAC Validation Error

I have been working on validating the HMAC key correctly. I'm 99% sure it is creating the HMAC correctly. However
when I post a test token transaction. I receive a 403 HMAC Validation Error. I then decided to test my keys from the Docs & Sandbox
Token Based Payments section. I replace the apikey, token and api secert with my cart and merchant keys. I generated a new HMAC
key from this screen and then clicked the send button. I received the same 403 HMAC Validation Error from this page that I am getting doing
a test post. I checked all my keys for the test cart and test merchant ID and everything matches. I have no clue why this is not working. I
I had expected this to work from the Docs & Sandbox section, but when this also failed I was at a loss. Any ideas would be helpful.


rohitrajagopal3538
Re: Receive 403 HMAC Validation Error from App test post and...

Hi Harley,

If you are getting 403 error even when you try on the Docs and Sandbox page, it is likely that the problem is specific to your machine. When other users encountered this issue, we found that the problem was with the system time. Please make sure that your system time is accurate by comparing with http://www.time.gov/.

Regards,

Rohit


rohitrajagopal3538
Re: Receive 403 HMAC Validation Error from App test post and...

I tried using your api key and secret on the Docs and Sandbox page for "Token based payments" and it worked fine. 

Regards,

Rohit


harleysunderlin5618
Re: Receive 403 HMAC Validation Error from App test post and...

Using Docs and Sandbox pages If my system time is off 2 minutes I get a 403 HMAC Validation Error . I changed my system time to match the time at http://www.time.gov/ and I it post fine from the Docs and Sandbox pages. So the HMAC validation uses the requests date and time for validation and not the provided timestamp yes or no? How much time can my system be off for the HMAC check to fail.


harleysunderlin5618
Re: Receive 403 HMAC Validation Error from App test post and...

My system time is off by about 2 minutes this seems to be enough time to cause the HMAC Validation to fail on your end. So besides the timestamp provided in the header it seems the requests Date header is also used in the HMAC validation process? How much time can the request Date and timestamp be off before the HMAC is considered invalid?


rohitrajagopal3402
Re: Receive 403 HMAC Validation Error from App test post and...

Hello,

No, the requests date header is inconsequential. The timestamp you send in your request should be within 5 minutes of our server's time but it cannot be ahead of our server's time.

Regards,

Rohit


rohitrajagopal3402
Re: Receive 403 HMAC Validation Error from App test post and...

Hmac validation uses the timestamp sent as the request header.

Regards,

Rohit


stefangrabs6006
Re: Receive 403 HMAC Validation Error from App test post and...

Is there a way to test what your current server time is, to verify the request timestamp is not before the server time?

Thanks!


rohitrajagopal3538
Re: Receive 403 HMAC Validation Error from App test post and...

You can compare with http://www.time.gov/

Regards,

Payeezy team