TIssue with Decryption Error (Tag Mismatch) When Calling /v2/payouts API
Hello Toss Payments Support,
I’m integrating with your /v2/payouts API using encryption with my provided security key. I’m correctly encrypting my payload (in text/plain) with the A256GCM algorithm and sending it with the required headers:
TossPayments-api-security-mode: ENCRYPTION
Authorization: Basic <encoded_secret_key>
However, when I send a request to /v2/payouts, I get an encrypted response, and when I try to decrypt it using the same security key, I get the following error:
Decryption failed: AES/GCM/NoPadding decryption failed: Tag mismatch!
Here's an example of the encrypted response I received
eyJlbmMiOiJBMjU2R0NNIiwiaWF0IjoiMjAyNS0wNi0yNlQxODo0Mjo0Ni4zNTYyNTkzMTUrMDk6MDAiLCJub25jZSI6IjAwOWNiNTQ2LTgzZGYtNDRiNC1hMmQxLWYyMTliMThhZTgxZCIsImFsZyI6ImRpciJ9..myecGkNfS2k3F4en.VVwewGVwcxgf2iA9TZk4YyMZ7xdKu7ZcuBq_SizluSnVB5dCVAIHkpVbdTY326euGWcKXhjAOMjKOwruXxnOJbR2oVylauimkBKNRFbRfFQ-bs0wM8gj4AypeSYnctuStSMzui7ktErCDeHgYo9YNeyZX28SO-G6iT65xLVhCC9MLCqWcsK-86SCIGAQNzvRKJRv96CfCE38J4R0hBbtEo0JAhWCT61_lG6SGc5rhIIvPtg3cEiO4NtUjTklY9WQLWYfTzMBELHEdw5bwArFdlvIWZoTZClIqUENcdf265lbkRNphA.2TP2KoM93w1q7sEO5eG4lw
I used the same security key to encrypt the request, and it works fine locally (I can encrypt + decrypt my own payload).
Additionally, when I call the /v2/balances endpoint, I get a 403 Forbidden error.
Could you please help me confirm:
If my account has the proper permissions to use these endpoints?
If there is anything wrong with the encryption/decryption headers or payload format?
Why I might be getting the tag mismatch on decryption?
Thank you!
I’m integrating with your /v2/payouts API using encryption with my provided security key. I’m correctly encrypting my payload (in text/plain) with the A256GCM algorithm and sending it with the required headers:
TossPayments-api-security-mode: ENCRYPTION
Authorization: Basic <encoded_secret_key>
However, when I send a request to /v2/payouts, I get an encrypted response, and when I try to decrypt it using the same security key, I get the following error:
Decryption failed: AES/GCM/NoPadding decryption failed: Tag mismatch!
Here's an example of the encrypted response I received
eyJlbmMiOiJBMjU2R0NNIiwiaWF0IjoiMjAyNS0wNi0yNlQxODo0Mjo0Ni4zNTYyNTkzMTUrMDk6MDAiLCJub25jZSI6IjAwOWNiNTQ2LTgzZGYtNDRiNC1hMmQxLWYyMTliMThhZTgxZCIsImFsZyI6ImRpciJ9..myecGkNfS2k3F4en.VVwewGVwcxgf2iA9TZk4YyMZ7xdKu7ZcuBq_SizluSnVB5dCVAIHkpVbdTY326euGWcKXhjAOMjKOwruXxnOJbR2oVylauimkBKNRFbRfFQ-bs0wM8gj4AypeSYnctuStSMzui7ktErCDeHgYo9YNeyZX28SO-G6iT65xLVhCC9MLCqWcsK-86SCIGAQNzvRKJRv96CfCE38J4R0hBbtEo0JAhWCT61_lG6SGc5rhIIvPtg3cEiO4NtUjTklY9WQLWYfTzMBELHEdw5bwArFdlvIWZoTZClIqUENcdf265lbkRNphA.2TP2KoM93w1q7sEO5eG4lw
I used the same security key to encrypt the request, and it works fine locally (I can encrypt + decrypt my own payload).
Additionally, when I call the /v2/balances endpoint, I get a 403 Forbidden error.
Could you please help me confirm:
If my account has the proper permissions to use these endpoints?
If there is anything wrong with the encryption/decryption headers or payload format?
Why I might be getting the tag mismatch on decryption?
Thank you!
