Payeezy Credit Card Payments always geting "HMAC validation Failure" error response

Question

Can anyone answer, why I always get "HMAC validation Failure" error response .

my code:

$response_purchase_JSON = $payeezy - > purchase(array(

      "amount" => "420",
      "card_number" => "4012000033330026",
      "card_type" => "VISA",
      "card_holder_name" => "Test Account",
      "card_cvv" => "675",
      "card_expiry" => "1119",
      "merchant_ref" => "Transaction",
      "currency_code" => "USD",

));

print_r($response_purchase_JSON);

Answer 1

These are the common causes for “HMAC validation Failure”:

1. API key and/or API secret are incorrect.
2. Leading or trailing spaces in the API key, API secret, merchant token.
3. Timestamp in the HTTP header is not in milliseconds.
4. Timestamp in the HTTP header does not represent EPOCH time.
5. Epoch time is not being calculated from UTC.
6. Timestamp in the HTTP header is not within 5 minutes of our server time
7. System time is not accurate.

If you testing payment on the local machine and you think you have followed all the step correctly then also getting the same error,then try the code to run on the server

Answer 2

You need to construct HMAC value. Take a look at documentation at: https://developer.payeezy.com/content/hmac-validation-failure

Also your JSON payload is incorrect.

Example correct payload (test.json):

{
    "transaction_type": "authorize",
    "method": "credit_card",
    "amount": "420",
    "currency_code": "USD",
    "credit_card": {
        "type": "visa",
        "cardholder_name": "Test Account",
        "card_number": "4012000033330026",
        "exp_date": "1119",
        "cvv": "675"
    }
}

Here is also sample PHP code below:

<?php

$serviceURL = 'https://api-cert.payeezy.com/v1/transactions';
$apikey = 'yourapikey';
$token = 'yourapitoken';
$apisecret = 'yourapisecret';

list($usec, $sec) = explode(" ", microtime());
$timestamp = round(((float)$usec + (float)$sec) * 1000);
$timestamp = $timestamp - 5000;
$nonce = rand();

echo 'Timestamp is: '. $timestamp."\n";

$reqbody = file_get_contents('./test.json', true);

echo 'Request body: '.$reqbody."\n";

$summarize = "";
$summarize .= $apikey;
$summarize .= $nonce;
$summarize .= $timestamp;
$summarize .= $token;
$summarize .= $reqbody;


$hmac = hash_hmac('SHA256', $summarize, $apisecret);

echo "Hmac is: ".$hmac."\n";

$hmac_enc = base64_encode($hmac);


$curl = curl_init($serviceURL);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $reqbody);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_VERBOSE, true);


$headers = array(
    'Content-type: application/json',
    "Authorization: ".$hmac_enc,
    "apikey: ".$apikey,
    "token: ".$token,
    "timestamp: ".$timestamp,
    "nonce: ".$nonce,
);


curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);

$json_response = curl_exec($curl);

$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);

if ( $status != 201 ) {
    die("Error: call to URL $serviceURL failed with status $status, response $json_response, curl_error " . curl_error($curl) . ", curl_errno " . curl_errno($curl));
}


curl_close($curl);

$response = json_decode($json_response, true);

echo "Response is: ".$response."\n";
echo "JSON response is: ".$json_response."\n";

?>