Unanswered question

How to get the security token which is passed in the header of the request Silent/pay for payment authorization?

I am getting 403-forbidden error for the request silent/Pay which is getting called while adding the credit card details for payment of Placing an order in CrossView Customer Care application while validating the script.I observed that a token boundary is passed in the request header of the mentioned request which is a dynamic one and Suspect it is being generated by cybersource secure acceptance server for secure payment.Since it is not available in response, I am not able to proceed on that one.Please refer the attachements which will you some visibility of the problem.I need some guidance on this ASAP

Abirami V.
Abirami V.

Abirami V.

Level
1
159 / 750
points

Answers

Nouredine A.
Nouredine A.

Nouredine A.

Level
4
5000 / 5000
points
Team

When you have a POST multipart request, there's a boundary value that is generated on the client side (here it's NeoLoad) to separate all the parts between them. So there's nothing to correlate here.

Looking at your request parameters, i think that there's some values that have to be correlated. I do not know if you already handled them but you should look at the  "access_key", "transaction_uuid" and "signature" values.

 

Abirami V.
Abirami V.

Abirami V.

Level
1
159 / 750
points

I have correlated Transaction_uuid and Signature values.Access key is a constant one(Confirmed by comparing the scripts).In Transaction_uuid parameter, timestamp is passed along with the Order id like this 10001664135:1458042595034. So I have used current Date option to replace that timestamp. But I am not sure whether the passed timestamp is a localone or GMT. If that boundary is not an issue,do you think it could be the problem incase if timetamps are different? Also one more thing Have you noticed the boundary value in request heders(Attached file) is different from the one which is displayed in recorded request(Attached file)?

Nouredine A.
Nouredine A.

Nouredine A.

Level
4
5000 / 5000
points
Team

The boundaries will be different all the time and it's perfectly normal. You're right you probably can't use the recorded timestamp. First, you should check if it is coming from a server response and correlate it if it's the case.

Otherwise, you should use the current date variable. Regarding the time zone, usually it's the client timezone. You can convert the recorded timestamp to human readable format and compare with the server time displayed in the server responses.

If after handling all these values it still fails then i would suggest you to make another recording of the exact same transactions and compare the requests one by one in order to identify possible dynamic values that you may have forgotten.

 

Abirami V.
Abirami V.

Abirami V.

Level
1
159 / 750
points

As suspected,the timestamp is of GMT time and after making changes it works fine.But again I am facing one more issue in the same request itself. The request is returning the full response successfully one time and returning half of the response the other time, due to which assertion error is thrown for the same. Attached the screenshot for reference. Validated the script with 2 iterations and for the first iteration assertion error was thrown for teh request.But in the 2nd iteration, it got passed without any error.

All the dynamic values are handled.I am not able to get any lead on this.Can you please help on this?.

Nouredine A.
Nouredine A.

Nouredine A.

Level
4
5000 / 5000
points
Team

It's difficult to say anything conclusive with the screen shots. When it fails on the first iteration, do you have any error on the response sent by the server?

Have you checked the value that were sent on that request if everything is correct?

You may have to check the previous responses to make sure that the script worked until that point.