kalidasa Posted April 19, 2022 Share Posted April 19, 2022 (edited) I googled worldpay forums and this forum showed up with a decent covering of worldpay pg issues. I have my server certificate signed(SHA2) by the required root authority (digicert global G2). When I send a GET to the worldpay test url https://secure-test.worldpay.com with Authorization header and an empty body - I get a 200 OK with partial/truncated message body. When I send the full xml for an imaginary order per the DTD here, LiveDTD: paymentService_v1.dtd (worldpay.com) - I get a 403 Forbidden. I have the installation id, merchant code in the right locations as per the schema. I dont know what in the TLS handshake to look for. any pointers on how to get past the 403 is hugely appreciated. GET https://secure-test.worldpay.com/jsp/merchant/xml/paymentService.jsp --- GET /jsp/merchant/xml/paymentService.jsp HTTP/1.1 Content-Type: text/xml Authorization: Basic Base64-Encoded-Username-Password User-Agent: PostmanRuntime/7.29.0 Accept: */* Cache-Control: no-cache Host: secure-test.worldpay.com Accept-Encoding: gzip, deflate, br Connection: keep-alive Content-Length: 1929 Cookie: ak_bmsc=CA534BF110140D7AB367CE78F764B8C8~000000000000000000000000000000~YAAQZpYRYKAaCC6AAQAAhJZWQQ+JkRXUZ2HR+r4y/J7q+CIdVZ1scpFM8swDkvLD56CDcmfB/qybPDJ9wbMH4CwbowVFNEvOmetiAl2Q132rdGDgh4zmPKo9UDof2tV0aW9cYFud5kPe8OUiVI1xnRGa5TGrXb0iacr+21gPxrZPtHCfXIH4vCsxGSdAWVNDRnN1ejxmutMhGzk3/sCpCVkK8mJlZ4EMdwMBoJgE65eVpYvxHYlvk+wlaX/p0mdLiztkyoCyiFbEhUvKfSAHDUJ6mbSFZW1yCsGIavCvx6GkwbCkeR7N6GycFHiRk5xTl1psLfkZcQWAIo33IhCuXHptZNBJkKejEX4gUycGOlqAq4LycB4LQck9tjR6hfI=; machine=0a844015 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="XXXXXX"> <submit> <order orderCode="jsxml353135552341234" installationId="xxxxxx"> <description>test order</description> <amount value="100" currencyCode="EUR" exponent="2"/> <orderContent> <![CDATA[ ]]> </orderContent> <paymentMethodMask> <include code="ALL"/> </paymentMethodMask> <shopper> <shopperEmailAddress>sp@worldpay.com</shopperEmailAddress> </shopper> <shippingAddress> <address> <firstName>John</firstName> <lastName>Doe</lastName> <street>The Science Park</street> <houseNumber>270</houseNumber> <postalCode>CB4 0WE</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> </address> </shippingAddress> <billingAddress> <address> <address1>47A</address1> <address2>Queensbridge Road</address2> <address3>Suburbia</address3> <postalCode>CB94BQ</postalCode> <city>Cambridge</city> <state>Cambridgeshire</state> <countryCode>GB</countryCode> </address> </billingAddress> </order> </submit> </paymentService> HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 327 Expires: Tue, 19 Apr 2022 11:27:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 19 Apr 2022 11:27:35 GMT Connection: close Strict-Transport-Security: max-age=31536000 ; includeSubDomains <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://secure-test.worldpay.com/jsp/merchant/xml/paymentService.jsp" on this server.<P> Reference #18.2d01c045.1650367655.d800e4 </BODY> </HTML> What is really odd aabout the HTML in 403 Forbidden response is the presence of the HTTP scheme in the URL. I used HTTPS to make the GET request. I dont know if I must read too much into the unsecure http scheme or whether it is indicative of any cause Edited April 19, 2022 by kalidasa Quote Link to comment Share on other sites More sharing options...
BrockleyJohn Posted April 20, 2022 Share Posted April 20, 2022 I agree that returning a different schema in the error message is weird but may not be meaningful. The 403 return usually means an authentication problem but may also relate to trying to do something that's not permitted. Try submitting an order value in GBP - maybe the account doesn't handle euros. I have found the worldpay technical team quite helpful in the past, though remote working has made them harder to get hold of. Quote Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x Link to comment Share on other sites More sharing options...
kalidasa Posted April 20, 2022 Author Share Posted April 20, 2022 It is the wierdest of things - with Worldpay support I discovered that using POST instead of GET method solved the problem. The documentation never goes into detail about this basic info and being a total noob to web applications, I could not spot it (relying heavily on our software vendor who does this day in and day out) Thanks Brockey John for the message, but I had to run around worldpay team for a month now and I got a bad apple from the bunch who just sent me off on rock fetching exercises. Ultimately, it turned out to be such a trivial issue that is embarassing to report Quote Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.