- This topic has 13 replies, 3 voices, and was last updated 4 years, 4 months ago by
.
-
Posts
-
Hello,
What could cause an Invalid Security Token when processing a payment?
The information the customer gave was:
“I get an “invalid security token error” when I use the website to pay. I’ve tried two different browsers”Look forward to your response. Anything will help of why a customer could get this error, thank you.
——————–
Also, does it matter what browser they use for your plugin?
What version they use?Do you have guidelines that customers must follow in order for the payment to be successful?
Such as if I use Internet Explorer 9, would this cause me to have any issues making a payment with your plugin?
Thank you
JenniferHi Jenniffer.
Looks like caching settings on your server prevent security token to be updated properly, which results in the error message your customer received.
I suggest you to disable
Prefetch Payment Popup Scriptsoption on plugin settings page (Advanced Settingstab).If this isn’t helping, you should configure your server not to cache payment popup page. Following URL mask should be excluded:
{yourwebsite.com}/?asp_action=show_pp. This should prevent security token from being cached and not properly regenerating for each page visitor.Okay I disabled Prefetch Payment Popup Scripts.
Yes we have Sucuri Firewall. So I will go in and make sure this page is not cached. Thank you for telling me.
I will let you know if this continues.
Thank you for the quick reply 🙂
JenniferThis is a separate question and I was wanting to know do I need a new support ticket or can I ask here.
So here is my question and just let me know.
We want to use your subscription plugin but it requires me to place a test webhook status:
“Test Webhook Status No API key provided. (HINT: set your API key using “Stripe::setApiKey()”. You can generate API keys from the Stripe web interface. See https://stripe.com/api for details, or email [email protected] if you have any questions.”However, I cannot put our Stripe on test. We have live payments coming in constantly and had I known that your plugin requested this while I was in test mode I could have provided this information.
Stripe said it would not be best to switch from live to test.
Can you fix this to where you do not require a test webhook status and just a live webhook status.
Can you please help me with this, thank you 🙂
JenniferCan you please answer the last part of my questions from my original support question.
Also, does it matter what browser they use for your plugin?
What version they use?Do you have guidelines that customers must follow in order for the payment to be successful?
Such as if I use Internet Explorer 9, would this cause me to have any issues making a payment with your plugin?
You shouldn’t need to put it in test mode. You can copy the test and live API keys both from your Stripe account and then paste it in the plugin’s settings. Do you have the test API keys set/saved in the settings?:
General Settings Configuration of the Accept Stripe Payments Plugin
Even if you need to setup a webhook in testmode, you can do that very quickly by going to test mode and creating the hook and then switching back to live (should take only 5 seconds). You can do that at a time of the day when the site goes through a quiet period.
The only guideline is to use latest version of any browser. Then it will work fine. If a browser version is older than 2 years (for example) then there is no guarantee since we don’t test for such old versions. Latest browser version should be used for security reasons also.
I did the changes you requested but we are still having problems with Invalid Security Token.
Is there another reason why this could be happening?
I have added a new option
Disable Security Token Checkto the testing version of the plugin. You can get it here https://s-plugins.com/testing-version/Enable it (Stripe Payments -> Settings, Advanced Settings tab, Experemintal Settings
section) and it should makeInvalid Security Tokenissue go away. Since you’re using reCaptcha on your payment form, it’s okay to disable Security Token as reCaptcha acts as security token in this case.Delete current Stripe Payments plugin you have installed. Then download the one from https://s-plugins.com/testing-version/ , install and activate it. And enable the new option as explained in my previous message.
Once new stable version of Stripe Payments is released (should be pretty soon), make sure to update your testing version to stable version via WP Dashboard when prompted.
This is the message I received from Stripe support. Does this make any sense to you and can this help you or does this even involve your plugin?
—————————–Hi Jennifer,
Thank you for taking my call today. It was a pleasure talking to you. I just wanted to quickly touch base with you about the conversation we just had.
By looking into this further, I’m not seeing any plugin to connected to your Stripe account.
Meanwhile, I checked your dashboard logs and I can see 400x error code (invalid_request_error). This errors arise when your request has invalid parameters.
https://stripe.com/docs/api/errors#errors-invalid_request_error
With this being said, I would recommend for you to save the card details with a Customer. You can also attach the Payment Method to that object if there’s already an existing customer object. Below is additional info on that:
https://stripe.com/docs/api/customers.
https://stripe.com/docs/payments/save-after-payment#web-create-payment-intent
Thanks again for reaching out. If you run into issues still, just reply directly to this email and I will gladly do all that I can. I am here for you.
All the best,
IneeHi Jennifer, Let us know if you see the new error after you use the testing version (given by Alex).
Also, keep the debug logging enabled so you can tell us if the transaction completes correctly on your site or not:
Using the Debug Log to Solve Transaction Related Issues on a Site
- You must be logged in to reply to this topic.