I added code to a client’s website a while back to allow them to use First Data to take credit cards on their site. Everything was working well until last week when it just quit working. It was no longer communicating with First Data.
It completely stopped receiving a response at all from the CURL call to First Data. Nothing.
You can see the code that I was using here.
I put some debug code in to show the response I was getting from First Data. Nothing. I even used print_r(curl_getinfo($ch));
to see what was going on with CURL. All I got was blanks and zeros.
I thought maybe CURL was having a problem so I used this instead:
$result = file_get_contents($url, null, stream_context_create(array( 'http' => array( 'method' => 'POST', 'header' => $curl_headers, 'content' => $data_string ), )));
At least I got a response this time: Unauthorized Request. Bad or Missing Credentials.
I checked the credentials. They were good. I took the code and put it on my server and it worked like a charm. I knew the credentials were good. It definitely had something to do with the connection between the clients host server and their First Data account.
After multiple phone calls with a supervisor at First Data and several hours of troubleshooting, I finally found the problem. It had to do with the SSL option in CURL. I’m not sure if the hosting server updated CURL or PHP, or if First Data changed something, but adding this option made it work:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
Now, the complete CURL code looks like this:
$content_type = 'application/json; charset=UTF-8'; $hashtime = gmdate("c"); $content_digest = sha1($data_string); $api_uri = '/transaction/v13'; $hashstr = "POST\n".$content_type."\n".$content_digest."\n".$hashtime."\n".$api_uri; $authstr = base64_encode(hash_hmac("sha1",$hashstr,HMAC_KEY,TRUE)); $curl_headers = array('Content-Type:'.$content_type, 'Accept: application/json'); $curl_headers[] = 'Authorization: GGE4_API '.KEY_ID.':'.$authstr; $curl_headers[] = 'X-GGe4-Date:'.$hashtime; $curl_headers[] = 'X-GGe4-Content-SHA1:'.$content_digest; // Initializing curl $ch = curl_init( $url ); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_headers); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Getting results $result = curl_exec($ch); // Getting jSON result string $data_string = json_decode($result);
So… if your getting the Unauthorized Request error or NO error at all from CURL:
- Double check your First Data username, First Data Password, HMAC Key, and Key ID – Make sure you save them when you generate them
- Double check your endpoint – Make sure you’re using the correct credentials for the correct endpoint (testing vs. live)
- Check the CURL SSL settings as above
I hope this saves you some time.
Pingback: First Data Global E4 Gateway API PHP Example - Cullen Web Services
I am having this exact issue with Shopify and First Data right now. I forwarded their tech support (who could not help me) the link to this article.
Thanks Becky!
Help me ,i have check all credentials.All have no problem but i got this message..
Invalid signature received ‘tcaBXa############’.
I think your HMAC is probably wrong? You may find the answer is this reply to this post: https://cullenwebservices.com/first-data-global-e4-gateway-api-php-example/#comment-34572 If that doesn’t work, scroll up through the other comments on this post. You will probably find the answer. Your signatures in the HMAC must match those on your account.
Thank you for take me out that annoying issue
Thank you very much! This got me in the right direction.
You can also set/check for errors on the curl request using:
curl_setopt($ch, CURLOPT_FAILONERROR, true);
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
}