3

I'm trying to do a payment in my test environment in Adyen with curl but for some reason I keep getting a 401 Unauthorized response back. I have checked the credentials of the Web Service User a dozen times but I'm sure they are correct. When I try the official Adyen PHP Api library (https://github.com/Adyen/adyen-php-api-library) I get the same results. I have also tried creating a new Web Service User but without results. Has anyone an idea what I'm doing wrong?

The request code:

<?php

$request = array(
    "merchantAccount" => "MyWebsite",
    "amount" => array(
        "currency" => "EUR",
        "value" => "199"
    ),
    "reference" => "TEST-PAYMENT-" . date("Y-m-d-H:i:s"),
    "shopperIP" => "2.207.255.255",
    "shopperReference" => "YourReference",
    "billingAddress" => array(
        "street" => "Simon Carmiggeltstraat",
        "postalCode" => "1011DJ",
        "city" => "Amsterdam",
        "houseNumberOrName" => "6-60",
        "stateOrProvince" => "NH",
        "country" => "NL"
    ),
    "card" => array(
        "expiryMonth" => "08",
        "expiryYear" => "2018",
        "holderName" => "Test Card Holder",
        "number" => "4111111111111111",
        "cvc" => "737"
    ),
);

$json = json_encode($request);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC  );
curl_setopt($ch, CURLOPT_USERPWD, "xxxx:xxxx");
curl_setopt($ch, CURLOPT_POST, count($request));
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER,array("Content-type: application/json"));

// things I tried
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17');
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

$result = curl_exec($ch);

?>

The $result variable returns an empty string.

Response:

*   Trying 91.212.42.153...
* Connected to pal-test.adyen.com (91.212.42.153) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*    subject: C=NL; ST=Noord-Holland; L=Amsterdam; O=Adyen B.V.; CN=*.adyen.com
*    start date: Jun 14 00:00:00 2016 GMT
*    expire date: Aug 13 23:59:59 2018 GMT
*    issuer: C=US; O=thawte, Inc.; CN=thawte SSL CA - G2
*    SSL certificate verify ok.
* Server auth using Basic with user 'xxxxx'
> POST /pal/servlet/Payment/v25/authorise HTTP/1.1
Host: pal-test.adyen.com
Authorization: Basic xxxxxx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17
Accept: */*
Content-type: application/json
Content-Length: 465

* upload completely sent off: 465 out of 465 bytes
< HTTP/1.1 401 Unauthorized
< Date: Mon, 02 Apr 2018 19:58:11 GMT
< Server: Apache
< Set-Cookie: JSESSIONID=47E667BF9B585DC3BDF40F8D58493E23.test103e; Path=/pal; Secure; HttpOnly
* Authentication problem. Ignoring this.
< WWW-Authenticate: BASIC realm="Adyen PAL Service Authentication"
< Content-Length: 0
< Content-Type: text/plain; charset=UTF-8
< 
* Connection #0 to host pal-test.adyen.com left intact
Deviant
  • 41
  • 1
  • 6
  • You need to reset your password now. Also remove the base auth header in your response, basic auth is just the user/pass base64'ed meaning your user and pass are now compromised. – luke_b Apr 02 '18 at 22:15
  • @luke_b I have reset the password and changed the post. its an empty test environment so there is not much to worry about, thanks for noticing. – Deviant Apr 03 '18 at 07:28

3 Answers3

2

401 is failed authentication. You are not using the correct combination of user + password.

You have the option to generate a password for general API usage or for POS Payments. Make sure that if are intending to use this API user for the general API, use the "Generate Password" and not "Generate POS Password".

luke_b
  • 667
  • 6
  • 14
  • I have reset with both "Generate Password" and "Generate POS Password", they don't make any difference. I also checked the user password combination multiple times, I'm sure they are correct. Thats the whole problem. – Deviant Apr 03 '18 at 07:22
  • The docs of the Adyen examples (https://github.com/Adyen/adyen-php-sample-code/blob/master/2.API/Library/create-payment-api.php) say its only possible to do a payment request if you are PCI compliant, does that also count for a test environment? – Deviant Apr 03 '18 at 08:12
  • The comment on that file is incorrect. Using unencrypted card details is what requires PCI compliance. The example you are using is using raw card details so you need adyen's support to enable that for you. But if you are not pci compliant, why test it? – luke_b Apr 05 '18 at 17:44
2

Status: 401 with errorCode: 000 is a classic error for when the following maybe incorrect:

  • Use correct merchantAccount Name NOT companyAccount Name
  • API Key - Preferably regenerate the API Key and use the copy button in the customer area to copy it
  • Environment set to LIVE/TEST
Matts
  • 23
  • 2
1

Oke it works now. The strange thing is that I didn't change anything. My guess is that Adyen was having trouble on their side. I'll give them a call next time when something similar happens.

Deviant
  • 41
  • 1
  • 6