Adyen ERROR: [status] => 403 [errorCode] => 010 [message] => Not allowed [errorType] => security

Question

I'm trying to use JSON API in order to make a (test) payment via ADYEN.

Here's the code (I got this example from Github -> Adyen ->adyen-php-sample-code:

    <?php
/**
 * Create Payment through the API (HTTP Post)
 * 
 * 
 * Please note: using our API requires a web service user. Set up your Webservice 
 * user: Adyen Test CA >> Settings >> Users >> ws@Company. >> Generate Password >> Submit 
 *  
 * @author  Created by Adyen - Payments Made Easy
 */ 

 /**
  * A payment can be submitted by sending a PaymentRequest 
  * to the authorise action of the web service, the request should 
  * contain the following variables:
  * 
  * - merchantAccount: The merchant account the payment was processed with.
  * - amount: The amount of the payment
  *     - currency: the currency of the payment
  *     - amount: the amount of the payment
  * - reference: Your reference
  * - shopperIP: The IP address of the shopper (optional/recommended)
  * - shopperEmail: The e-mail address of the shopper 
  * - shopperReference: The shopper reference, i.e. the shopper ID
  * - fraudOffset: Numeric value that will be added to the fraud score (optional)
  * - card
  *     - expiryMonth: The expiration date's month written as a 2-digit string, padded with 0 if required (e.g. 03 or 12).
  *     - expiryYear: The expiration date's year written as in full. e.g. 2016.
  *     - holderName: The card holder's name, aas embossed on the card.
  *     - number: The card number.
  *     - cvc: The card validation code. This is the the CVC2 code (for MasterCard), CVV2 (for Visa) or CID (for American Express).
  * - billingAddress: we advice you to submit billingAddress data if available for risk checks;
  *   - street: The street name
  *   - postalCode: The postal/zip code.
  *   - city: The city
  *   - houseNumberOrName:
  *   - stateOrProvince: The house number
  *   - country: The country
  */

 $request =array(
  "merchantAccount" => "[YourMerchantAccount]",   
  "amount" => array(
    "currency" => "EUR",
    "value" => "199"
  ),
  "reference" => "TEST-PAYMENT-" . date("Y-m-d-H:i:s"),
    "shopperIP" => "2.207.255.255",
    "shopperReference" => "YourReference",
  "billingAddress" => array(
    "street" => "Simon Carmiggeltstraat",
        "postalCode" => "1011DJ",
        "city" => "Amsterdam",
        "houseNumberOrName" => "6-60",
        "stateOrProvince" => "NH",
        "country" => "NL"
  ),
    "card" => array(
        "expiryMonth" => "08",
        "expiryYear" => "2018",
        "holderName" => "Test Card Holder",
        "number" => "4111111111111111",
        "cvc" => "737"
    ),
    "browserInfo"=>array(
        "acceptHeader"=>$_SERVER['HTTP_USER_AGENT'],
        "userAgent"=>$_SERVER['HTTP_ACCEPT']
    )
);

 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise");
 curl_setopt($ch, CURLOPT_HEADER, false); 
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC  );
 curl_setopt($ch, CURLOPT_USERPWD, "YourWSUser:YourWSUserPassword");   
 curl_setopt($ch, CURLOPT_POST,count(json_encode($request)));
 curl_setopt($ch, CURLOPT_POSTFIELDS,json_encode($request));
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_HTTPHEADER,array("Content-type: application/json")); 

 $result = curl_exec($ch);

 if($result === false)
    echo "Error: " . curl_error($ch);
 else{
    /**
     * If the payment passes validation a risk analysis will be done and, depending on the
     * outcome, an authorisation will be attempted. You receive a
     * payment response with the following fields:
     * - pspReference: The reference we assigned to the payment;
     * - resultCode: The result of the payment. One of Authorised, Refused or Error;
     * - authCode: An authorisation code if the payment was successful, or blank otherwise;
     * - refusalReason: If the payment was refused, the refusal reason.
     */ 

print_r(json_decode($result));
 }

 curl_close($ch);
?>

Has anyone faced this problem before? How may I fix this? I've used almost any example in github, but there are just a few error which are documented, the rest....nothing..

Please help me on this. Thank you

Answer 1

Often this problem occurs when your user doesn't have permission to processes raw card details. Handling the raw card information requires full PCI compliance (SAQ D). If this is you, reach out to [email protected] to request that permission to be enabled on your account.

If not, you can use Adyen's CSE solution. Docs here. PHP example here.