Using test credit card data with production credentials leads to 500 server error
Closed this issue · 6 comments
This is not really an ideal situation, but when using square production credentials, then filling out the square form using test credit card data (https://developer.squareup.com/docs/testing/test-values) we receive the following error (I can post the full error, but thought their may be some sensitive info in there):
[Unknown Error] Uncaught SquareConnect\ApiException: [HTTP/1.1 400 Bad Request] {"errors": [{"code": "PAN_FAILURE","detail": "Authorization error: 'PAN_FAILURE'","category": "PAYMENT_METHOD_ERROR"}],
It seems like this should just fail normally instead of throwing a 500 error?
Also I am using version: 2.20190925.0
What do you mean by 500 error? In the error you provided it says "400 Bad Request" (so a valid 400 error)...is something else happening? It's telling you it's a "PAN_FAILURE" meaning the card number is incorrect. Let me know if I'm misunderstanding, but this looks like a normal error. To be clear, in the PHP SDK, it always throw exceptions for all errors.
Apologies, a 500 error is specific to our setup, but yes a 400 error.
So my question is, why does it not just return a message that the credit card number is invalid. If I key in some random numbers, the form says the credit card is invalid
When I use "4111 1111 1111 1111" it returns the error.
Thanks for any help you can provide!
Ah, I see, thanks for clarifying. So to clarify on my side: the payment form will offer basic front-end validation (like checking if it looks or is formatted to be a real credit card number). However, the backend will actually try to make a payment with the credit card. In this case, I suspect since it starts with "4111" (which is how VISAs all start), it passes the basic formatting check. For instance, if I pass "4111" followed by all 0's, it also passes the payment form check, but would definitely fail on the backend check as well.
No worries, my daughter was running around while I was trying to piece that together so probably could of been more elegant :)
So to clarify on my side: the payment form will offer basic front-end validation (like checking if it looks or is formatted to be a real credit card number). However, the backend will actually try to make a payment with the credit card. In this case, I suspect since it starts with "4111" (which is how VISAs all start), it passes the basic formatting check. For instance, if I pass "4111" followed by all 0's, it also passes the payment form check, but would definitely fail on the backend check as well.
That seems to be the issue, I think expected behavior would be an invalid credit card would be caught and a friendly message returned.
I can test with the latest release if you like? Not sure if that would be helpful or not
So that is what PAN_FAILURE error means:
PAN_FAILURE
The specified card number is invalid. For example, it is of incorrect length or is incorrectly formatted.
You do make a good point about the detail section, I feel like that could definitely be better ha ha. I'll share the feedback with the team but let me know if I'm still missing something.
I think you got it all, let me know if I can provide any more information!
Thanks!!