question

Loyal Loops avatar image
Loyal Loops asked sam Deactivated edited

Receiving "failureMessage": "796-INVLD DETOK" when using token with Developer Pay API

Hi all,

We're having trouble completing transactions when using a token with the Developer Pay API.

We can successfully make a charge by sending payloads with the encrypted card information (all identifying card & merchant info redacted here)

{
  "orderId": "ABCDEFGHIJKLM", 
  "taxAmount": 0, 
  "zip": "90210", 
  "expMonth": 1, 
  "cvv": "999", 
  "amount": 100, 
  "currency": "usd", 
  "last4": "999", 
  "expYear": 2020, 
  "first6": "410101", 
  "cardEncrypted": "long_encrypted_string=="
}

and we successfully receive a response like

{
  "paymentId": "ABCDEFGHIJKLM",
  "result": "APPROVED",
  "avsResult": "ZIP_CODE_MATCH",
  "cvvResult": "SUCCESS",
  "authCode": "123456",
  "token": "XYZ123ABC1234"
}

But when we attempt to make a charge using just the token, say like,

 {
    "orderId": "ABCDEFGHIJKLM", 
    "taxAmount": 0, 
    "amount": 100, 
    "currency": "usd", 
    "token": "XYZ123ABC1234"
}

we get an error "796-INVLD DETOK" like this

{
  "result": "DECLINED",
  "failureMessage": "796-INVLD DETOK"
}

This also occurs if we supply the first6, last4, cvv, expMonth, expYear and zip in addition to token.

Any ideas on what we're doing wrong? What exactly does this error mean anyway?

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

loyalzoo avatar image loyalzoo commented ·
Do we have update on this? I don't see anything in the docs that says you are not supporting continous payments, so i had to implement it first and then find out, here on forums, that is not supported yet. I'm still getting the same error as in this post. Am i missing something or this thing still doesn't work and docs are not updated?

Cheers
0 Likes 0 ·
rachel avatar image
rachel Deactivated answered rachel Deactivated commented

Hi @devteam,

Unfortunately, the token feature is not yet enabled. Many developers use a third-party card vault, such as Spreedly. We're updating our documentation to reflect this.

Thank you,

Rachel

4 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Loyal Loops avatar image Loyal Loops commented ·

Hi @rachel, thanks for getting back to us.

Can you tell me if we store the cardEncrypted value, if it's valid to use that value multiple times as long as we send the first6, last4, cvv, expMonth, expYear and zip fields with it?

At first blush this appears to work since the output from the /v2/merchant/{mID}/pay/key endpoint does not change for each merchant (or, at least, changes infrequently)

0 Likes 0 ·
rachel avatar image rachel commented ·

Hi @devteam,

Credit card data must be stored in a way that is PCI compliant, which is why most developers use third-party card vaults that specialize in such compliance.

0 Likes 0 ·
Loyal Loops avatar image Loyal Loops commented ·

Yes, for clarity we're definitely only interested in PCI compliant solutions. And I have the utmost confidence that the encryption scheme provided to us by Clover is indeed PCI compliant. But our question is, once encrypted, what is the lifetime of that encrypted value? How long and how many times is it permissable to submit cardEncrypted to conduct transactions?

0 Likes 0 ·
rachel avatar image rachel commented ·

We do not guarantee a specific lifetime of the key generated by this endpoint.

Clover is PCI compliant, but if you choose to store credit card data, your storage method must also be PCI compliant.

0 Likes 0 ·
rachel avatar image
rachel Deactivated answered
Hi @Loyalzoo,

Our Developer Pay API supports vaultedCards for recurring payments. You can check whether the merchant's gateway supports vaulted cards at /v3/merchants/{mId}/gateway.

If a vaultedCard object is returned from the Developer Pay API, it can be used to POST to the /v2/merchant/{mId}/pay endpoint (requires an OAuth token with permissions Payments Write and Process Credit Cards). The minimum payload is

{
"orderId": orderId, //orderId must exist beforehand
"currency": "usd",
"amount": amount,
"last4": "1234",
"first6": "123456",
"vaultedCard": vaultedCard
}

There's also an optional taxAmount parameter. Note that the vaultedCard object is more than just a token string.
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

loyalzoo avatar image
loyalzoo answered sam Deactivated commented
Hi @rachel,

how do i actually know wheter vaultedCard is supported from /v3/merchants/{mId}/gateway api?
It returns bunch of data, none related to vaultedCard.

You said that Developer Pay API shoud return vaultedCard object if its supported, by Developer Pay API, do you mean v2/merchant/{mId}/pay/key or /v3/merchants/{mId}/gateway?

If its v2/merchant/{mId}/pay/key, im still returns token that is still not supported.
Is there any documentation available on vaultedCard?
1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sam avatar image sam commented ·

v3/.../gateway endpoint should return tokenType which needs to be non-0001 in order to support vaultedCards.

Here's another thread on how to use vaultedCard:

https://community.clover.com/questions/9355/payment-response-after-card-payment.html

0 Likes 0 ·
loyalzoo avatar image
loyalzoo answered sam Deactivated edited
@Sam

thanks Sam,

but what does the merchant need to do in order to support VaultedCards, and have non-0001 token?
Is it something that can be set up on their merchant dashboard?

Cheers
1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sam avatar image sam commented ·

At the moment, activating vaultedCard is done manually, merchant by merchant and will require an un-insignificant amount of additional work: please contact us at dev@clover.com if interested. Please expect an appropriate extended timeline for completion.

0 Likes 0 ·

Welcome to the
Clover Developer Community