Issue with Decryption Error (Tag Mismatch) When Calling /v2/payouts API
Hello Toss Payments Support,
I’m integrating with your /v2/payouts API using encryption with my provided security key. I’m correctly encrypting my payload (in text/plain) with the A256GCM algorithm and sending it with the required headers:
TossPayments-api-security-mode: ENCRYPTION
Authorization: Basic <encoded_secret_key>
However, when I send a request to /v2/payouts, I get an encrypted response, and when I try to decrypt it using the same security key, I get the following error:
Decryption failed: AES/GCM/NoPadding decryption failed: Tag mismatch!
Here's an example of the encrypted response I received
eyJlbmMiOiJBMjU2R0NNIiwiaWF0IjoiMjAyNS0wNi0yNlQxODo0Mjo0Ni4zNTYyNTkzMTUrMDk6MDAiLCJub25jZSI6IjAwOWNiNTQ2LTgzZGYtNDRiNC1hMmQxLWYyMTliMThhZTgxZCIsImFsZyI6ImRpciJ9..myecGkNfS2k3F4en.VVwewGVwcxgf2iA9TZk4YyMZ7xdKu7ZcuBq_SizluSnVB5dCVAIHkpVbdTY326euGWcKXhjAOMjKOwruXxnOJbR2oVylauimkBKNRFbRfFQ-bs0wM8gj4AypeSYnctuStSMzui7ktErCDeHgYo9YNeyZX28SO-G6iT65xLVhCC9MLCqWcsK-86SCIGAQNzvRKJRv96CfCE38J4R0hBbtEo0JAhWCT61_lG6SGc5rhIIvPtg3cEiO4NtUjTklY9WQLWYfTzMBELHEdw5bwArFdlvIWZoTZClIqUENcdf265lbkRNphA.2TP2KoM93w1q7sEO5eG4lw
I used the same security key to encrypt the request, and it works fine locally (I can encrypt + decrypt my own payload).
Additionally, when I call the /v2/balances endpoint, I get a 403 Forbidden error.
Could you please help me confirm:
If my account has the proper permissions to use these endpoints?
If there is anything wrong with the encryption/decryption headers or payload format?
Why I might be getting the tag mismatch on decryption?
Thank you!
14 Replies
⏳ 잠시만 기다려주세요! 곧 답변드리겠습니다
오류 문의일 경우 아래 정보를 미리 전달해주시면, 빠른 답변에 도움이 됩니다.
- 주문번호(orderId) :
- 문의 내용 :
(img를 함께 첨부해주시면 도움이됩니다)
* 계약관련 내용은 1544-7772로 문의주세요.
* 주말/공휴일에는 답변이 늦을 수 있어요.
We're not enforcing any access control on our side.
Could you try submitting a curl request when the error occurs?
💡 정보 제출
민감 정보를 안전하게 제출해주세요
You can submit through "정보제출" btn
I have a question: when using payout api, do I have to become a partner or meet any conditions first?
yes, you need a contract to use the payout first.
Thanks a lot. And when in development, if I'm not a partner yet, can I use payout apis for testing?
안녕하세요. 저희 팀은 현재 Payout 기능을 연동하려고 하고 있습니다.
궁금한 점이 몇 가지 있습니다:
프로덕션 전에 개발 환경에서 Payout API를 테스트할 수 있는지 알고 싶습니다.
아니면 파트너 등록이 선행되어야 하는지요?
만약 등록이 필요하다면, 어디에 연락해야 하고 절차는 어떻게 되나요?
그리고 중요한 질문이 하나 더 있습니다:
지금 저는 클라이언트를 대신하여 구현을 진행 중인데요,
이 유저가 개발 및 프로덕션 환경에서 Payout API를 사용할 수 있는지 확인해주실 수 있을까요?
저희는 현재 Toss Payments를 웹사이트에 연동하려고 최선을 다하고 있습니다.
도움을 주시면 정말 감사하겠습니다.
Thanks so much.
Thanks so much.
That's my question:
Hi, our team is currently working on integrating the Payout feature. We'd like to know:
Can we test the Payout API in the development environment before going to production?
Or do we need to register as a partner first?
If registration is required, who should we contact, and what is the process?
Thanks so much.
토스페이먼츠 결제연동팀
Thanks so much for your enthusiasm, I understand the process very well thanks to you, thanks again :gold:
Now I will ask my colleague in Korea to follow the steps you said to get MID, and at the same time I will do the API first, thank you very much.
Yes, we will go step by step, I want to ask in advance so we can plan the timeline, thank you very much.
Ah you're right, I got an MID: buskingphi
if you can check contract status with it it will be great, thanks again.
Store ID (MID)
buskingphi
Thanks so much. (y)
buskingphi is not ready to use payout service.Thanks so much.
❤️ 기술문의 경험이 어떠셨나요?!
간단히 코멘트 남겨주세요! 제품 발전에 큰 힘이 됩니다.
❤️ 기술문의 경험이 어떠셨나요?!
간단히 코멘트 남겨주세요! 제품 발전에 큰 힘이 됩니다.
Thanks so much, I contacted my Korean colleague and they informed that they will plan with Business Team for these processes, they are looking into the costs involved den Payout.