Home › Forums › Stripe Payments Plugin › Invalid Security Token
Tagged: invalid security token
- This topic has 13 replies, 3 voices, and was last updated 4 years, 3 months ago by Admin.
-
AuthorPosts
-
July 14, 2020 at 3:30 pm #3091leavitteldredgeLFParticipant
Hello,
What could cause an Invalid Security Token when processing a payment?
The information the customer gave was:
“I get an “invalid security token error” when I use the website to pay. I’ve tried two different browsers”Look forward to your response. Anything will help of why a customer could get this error, thank you.
——————–
Also, does it matter what browser they use for your plugin?
What version they use?Do you have guidelines that customers must follow in order for the payment to be successful?
Such as if I use Internet Explorer 9, would this cause me to have any issues making a payment with your plugin?
Thank you
JenniferJuly 14, 2020 at 4:06 pm #3092alexanderfoxcParticipantHi Jenniffer.
Looks like caching settings on your server prevent security token to be updated properly, which results in the error message your customer received.
I suggest you to disable
Prefetch Payment Popup Scripts
option on plugin settings page (Advanced Settings
tab).If this isn’t helping, you should configure your server not to cache payment popup page. Following URL mask should be excluded:
{yourwebsite.com}/?asp_action=show_pp
. This should prevent security token from being cached and not properly regenerating for each page visitor.July 14, 2020 at 4:12 pm #3094leavitteldredgeLFParticipantOkay I disabled Prefetch Payment Popup Scripts.
Yes we have Sucuri Firewall. So I will go in and make sure this page is not cached. Thank you for telling me.
I will let you know if this continues.
Thank you for the quick reply 🙂
JenniferJuly 14, 2020 at 4:21 pm #3095leavitteldredgeLFParticipantThis is a separate question and I was wanting to know do I need a new support ticket or can I ask here.
So here is my question and just let me know.
We want to use your subscription plugin but it requires me to place a test webhook status:
“Test Webhook Status No API key provided. (HINT: set your API key using “Stripe::setApiKey()”. You can generate API keys from the Stripe web interface. See https://stripe.com/api for details, or email [email protected] if you have any questions.”However, I cannot put our Stripe on test. We have live payments coming in constantly and had I known that your plugin requested this while I was in test mode I could have provided this information.
Stripe said it would not be best to switch from live to test.
Can you fix this to where you do not require a test webhook status and just a live webhook status.
Can you please help me with this, thank you 🙂
JenniferJuly 14, 2020 at 7:03 pm #3096leavitteldredgeLFParticipantCan you please answer the last part of my questions from my original support question.
Also, does it matter what browser they use for your plugin?
What version they use?Do you have guidelines that customers must follow in order for the payment to be successful?
Such as if I use Internet Explorer 9, would this cause me to have any issues making a payment with your plugin?
July 14, 2020 at 11:42 pm #3097AdminKeymasterYou shouldn’t need to put it in test mode. You can copy the test and live API keys both from your Stripe account and then paste it in the plugin’s settings. Do you have the test API keys set/saved in the settings?:
General Settings Configuration of the Accept Stripe Payments Plugin
Even if you need to setup a webhook in testmode, you can do that very quickly by going to test mode and creating the hook and then switching back to live (should take only 5 seconds). You can do that at a time of the day when the site goes through a quiet period.
The only guideline is to use latest version of any browser. Then it will work fine. If a browser version is older than 2 years (for example) then there is no guarantee since we don’t test for such old versions. Latest browser version should be used for security reasons also.
July 15, 2020 at 8:11 pm #3106leavitteldredgeLFParticipantI did the changes you requested but we are still having problems with Invalid Security Token.
Is there another reason why this could be happening?
July 16, 2020 at 12:26 am #3111AdminKeymasterI will take a look inside your site to see what I can find. I have sent you an email for it.
July 16, 2020 at 8:42 am #3116alexanderfoxcParticipantI have added a new option
Disable Security Token Check
to the testing version of the plugin. You can get it here https://s-plugins.com/testing-version/Enable it (Stripe Payments -> Settings, Advanced Settings tab, Experemintal Settings
section) and it should makeInvalid Security Token
issue go away. Since you’re using reCaptcha on your payment form, it’s okay to disable Security Token as reCaptcha acts as security token in this case.July 16, 2020 at 6:47 pm #3121leavitteldredgeLFParticipantDo I keep all my other plugins enabled and add this plugin on top of what I have?
July 16, 2020 at 6:50 pm #3122alexanderfoxcParticipantDelete current Stripe Payments plugin you have installed. Then download the one from https://s-plugins.com/testing-version/ , install and activate it. And enable the new option as explained in my previous message.
Once new stable version of Stripe Payments is released (should be pretty soon), make sure to update your testing version to stable version via WP Dashboard when prompted.
July 16, 2020 at 7:18 pm #3123leavitteldredgeLFParticipantOkay thank you for that clarification 🙂
Jennifer
July 16, 2020 at 9:57 pm #3124leavitteldredgeLFParticipantThis is the message I received from Stripe support. Does this make any sense to you and can this help you or does this even involve your plugin?
—————————–Hi Jennifer,
Thank you for taking my call today. It was a pleasure talking to you. I just wanted to quickly touch base with you about the conversation we just had.
By looking into this further, I’m not seeing any plugin to connected to your Stripe account.
Meanwhile, I checked your dashboard logs and I can see 400x error code (invalid_request_error). This errors arise when your request has invalid parameters.
https://stripe.com/docs/api/errors#errors-invalid_request_error
With this being said, I would recommend for you to save the card details with a Customer. You can also attach the Payment Method to that object if there’s already an existing customer object. Below is additional info on that:
https://stripe.com/docs/api/customers.
https://stripe.com/docs/payments/save-after-payment#web-create-payment-intent
Thanks again for reaching out. If you run into issues still, just reply directly to this email and I will gladly do all that I can. I am here for you.
All the best,
IneeJuly 17, 2020 at 12:48 am #3125AdminKeymasterHi Jennifer, Let us know if you see the new error after you use the testing version (given by Alex).
Also, keep the debug logging enabled so you can tell us if the transaction completes correctly on your site or not:
Using the Debug Log to Solve Transaction Related Issues on a Site
-
AuthorPosts
- You must be logged in to reply to this topic.