Receiving "failureMessage": "796-INVLD DETOK" when using token with Developer Pay API

Question

This question was closed Apr 02, 2019 at 09:46 PM by clover-community-bot for the following reason: automated

question

Loyal Loops asked Feb 15, '17 sam Deactivated edited Jun 15, '17

Receiving "failureMessage": "796-INVLD DETOK" when using token with Developer Pay API

Hi all,

We're having trouble completing transactions when using a token with the Developer Pay API.

We can successfully make a charge by sending payloads with the encrypted card information (all identifying card & merchant info redacted here)

{
  "orderId": "ABCDEFGHIJKLM", 
  "taxAmount": 0, 
  "zip": "90210", 
  "expMonth": 1, 
  "cvv": "999", 
  "amount": 100, 
  "currency": "usd", 
  "last4": "999", 
  "expYear": 2020, 
  "first6": "410101", 
  "cardEncrypted": "long_encrypted_string=="
}

and we successfully receive a response like

{
  "paymentId": "ABCDEFGHIJKLM",
  "result": "APPROVED",
  "avsResult": "ZIP_CODE_MATCH",
  "cvvResult": "SUCCESS",
  "authCode": "123456",
  "token": "XYZ123ABC1234"
}

But when we attempt to make a charge using just the token, say like,

 {
    "orderId": "ABCDEFGHIJKLM", 
    "taxAmount": 0, 
    "amount": 100, 
    "currency": "usd", 
    "token": "XYZ123ABC1234"
}

we get an error "796-INVLD DETOK" like this

{
  "result": "DECLINED",
  "failureMessage": "796-INVLD DETOK"
}

This also occurs if we supply the first6, last4, cvv, expMonth, expYear and zip in addition to token.

Any ideas on what we're doing wrong? What exactly does this error mean anyway?

1

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

loyalzoo commented · Jun 14, 2017 at 02:48 PM

Do we have update on this? I don't see anything in the docs that says you are not supporting continous payments, so i had to implement it first and then find out, here on forums, that is not supported yet. I'm still getting the same error as in this post. Am i missing something or this thing still doesn't work and docs are not updated?

Cheers

0 ·

Welcome to the
Clover Developer Community

Answer 1 · 2017-02-17T13:30:13Z

rachel Deactivated answered Feb 17, '17 rachel Deactivated commented Feb 17, '17

Hi @devteam,

Unfortunately, the token feature is not yet enabled. Many developers use a third-party card vault, such as Spreedly. We're updating our documentation to reflect this.

Thank you,

Rachel

4

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Loyal Loops commented · Feb 17, 2017 at 01:56 PM

Hi @rachel, thanks for getting back to us.

Can you tell me if we store the cardEncrypted value, if it's valid to use that value multiple times as long as we send the first6, last4, cvv, expMonth, expYear and zip fields with it?

At first blush this appears to work since the output from the /v2/merchant/{mID}/pay/key endpoint does not change for each merchant (or, at least, changes infrequently)

0 ·

rachel commented · Feb 17, 2017 at 04:12 PM

Hi @devteam,

Credit card data must be stored in a way that is PCI compliant, which is why most developers use third-party card vaults that specialize in such compliance.

0 ·

Loyal Loops commented · Feb 17, 2017 at 05:05 PM

Yes, for clarity we're definitely only interested in PCI compliant solutions. And I have the utmost confidence that the encryption scheme provided to us by Clover is indeed PCI compliant. But our question is, once encrypted, what is the lifetime of that encrypted value? How long and how many times is it permissable to submit cardEncrypted to conduct transactions?

0 ·

rachel commented · Feb 17, 2017 at 05:26 PM

We do not guarantee a specific lifetime of the key generated by this endpoint.

Clover is PCI compliant, but if you choose to store credit card data, your storage method must also be PCI compliant.

0 ·

Answer 2 · 2017-06-14T20:13:15Z

rachel Deactivated answered Jun 14, '17

Hi @Loyalzoo,

Our Developer Pay API supports vaultedCards for recurring payments. You can check whether the merchant's gateway supports vaulted cards at /v3/merchants/{mId}/gateway.

If a vaultedCard object is returned from the Developer Pay API, it can be used to POST to the /v2/merchant/{mId}/pay endpoint (requires an OAuth token with permissions Payments Write and Process Credit Cards). The minimum payload is

{
"orderId": orderId, //orderId must exist beforehand
"currency": "usd",
"amount": amount,
"last4": "1234",
"first6": "123456",
"vaultedCard": vaultedCard
}

There's also an optional taxAmount parameter. Note that the vaultedCard object is more than just a token string.

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 3 · 2017-06-15T11:53:53Z

loyalzoo answered Jun 15, '17 sam Deactivated commented Jun 15, '17

Hi @rachel,

how do i actually know wheter vaultedCard is supported from /v3/merchants/{mId}/gateway api?
It returns bunch of data, none related to vaultedCard.

You said that Developer Pay API shoud return vaultedCard object if its supported, by Developer Pay API, do you mean v2/merchant/{mId}/pay/key or /v3/merchants/{mId}/gateway?

If its v2/merchant/{mId}/pay/key, im still returns token that is still not supported.
Is there any documentation available on vaultedCard?

1

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sam commented · Jun 15, 2017 at 04:23 PM

v3/.../gateway endpoint should return tokenType which needs to be non-0001 in order to support vaultedCards.

Here's another thread on how to use vaultedCard:

https://community.clover.com/questions/9355/payment-response-after-card-payment.html

0 ·

Answer 4 · 2017-06-15T16:39:28Z

loyalzoo answered Jun 15, '17 sam Deactivated edited Jun 15, '17

@Sam

thanks Sam,

but what does the merchant need to do in order to support VaultedCards, and have non-0001 token?
Is it something that can be set up on their merchant dashboard?

Cheers

1

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sam commented · Jun 15, 2017 at 04:49 PM

At the moment, activating vaultedCard is done manually, merchant by merchant and will require an un-insignificant amount of additional work: please contact us at dev@clover.com if interested. Please expect an appropriate extended timeline for completion.

0 ·

question

Receiving "failureMessage": "796-INVLD DETOK" when using token with Developer Pay API

4 Answers

Welcome to the
Clover Developer Community

question details

question

Receiving "failureMessage": "796-INVLD DETOK" when using token with Developer Pay API

4 Answers

Welcome to theClover Developer Community

question details

Related Questions

Welcome to the
Clover Developer Community