Troubleshooting the Push Notification (CIBA Callback)

You can troubleshoot and debug issues related to Push Notification. The Push Notification uses Client-Initiated Backchannel Authentication (CIBA) workflow to authenticate at the time of login and during the financial transactions.

CIBA Workflow Sequence Diagram

Checklist for Troubleshooting

Following are the checklist items for troubleshooting issues in Push Notification:

Environment Checks
Client-side

  • Check for the current value of the timer inside the component. Make sure that the value must be 180000.

    Note: This value should be same as in the Fabric.

  • Monitor the entire process time.
Server-side Logs

  • Check whether you receive data from HID Authentication Service through logs.

  • If received, ensure that the data received from the HID Authentication Service is not malformed.

  • Check whether the data you received from HID Authentication Service is processed.
Fabric-side

  • In Fabric, go to Advanced > Properties > getHIDApprovalStatus API and make sure that the current value is 180000.

  • Check whether the Fabric Cacheable Check is enabled or not.

  • In Fabric, go to App Services > Settings > Server Properties and check whether the HOST_ID and Tenant_ID field values were entered without Port.

     

    For example:

     

    Correct:

    HOST: test.aaas.hidcloud.com

    TENANT: td7f7131a5289307306696

     

    Incorrect:

    HOST: https://test.aaas.hidcloud.com:443

Verify the correctness of the CIBA endpoint:

  1. Confirm if the port matches the Fabric's port.

  2. Add the webhook endpoint as the callback URL and assess if a response can be obtained.

    1. If a response is received through the webhook.site endpoint, it indicates a potential scenario where the HID region's public IP is blocked by the firewall.

    2. In such situations, you must reach out to your IT team to whitelist the HID public IPs.

Expected Response APIs after Troubleshooting

Prerequisites:

Check Integration Service with auth_req_id:

To receive the auth_req_id response from approveTransactInitiate API call response, enable the developer tool on the Web Client (browser).

Following are the possible cases for the correct functioning of Push Notification:

  • Case 1 - Approved: Success

  • Case 2 - Not Approved: Failure

  • Case 3 - Not Approved for 1 Minute: Success

  • Case 4 - Not Approved for 2 Minute: Failure

Case 1 - Approved: Success

Network Response API:

  • ApproveTransactInitiate:

    {"AprroveTransactInitiate": [{"auth_req_id":"a1571242-0650-4b07-bbf0-4d8a86073932","expires_in":3600,"interval":0}],"opstatus":0,"httpStatusCode":200}

  • Poll:

    {"ApproveStatus":[{"access_token":"3SO8tAAAAYb9KOBhGb+RLbxam9ByYDGer4WFhQfm","auth_status":"accept"}],"opstatus":0,"httpStatusCode":200}

Integration API response through Fabric:

Case 2 - Not Approved: Failure

Network Response API:

  • ApproveTransactInitiate:

    {"AprroveTransactInitiate":[{"auth_req_id":"f7a3eb6a-4a37-47df-afc0-1e299e05adea","expires_in":3600,"interval":0}],"opstatus":0,"httpStatusCode":200}

  • Poll:

    {"ApproveStatus":[{"auth_status":"UNKNOWN"}],"opstatus": -1,"httpStatusCode":401,"errmsg":"HID ActivID Push based operation approval is not known"}
Note: A timeout message will appear if you do not approve the request.

Integration API response through Fabric:

Case 3 - Not Approved for 1 Minute: Success

Network Response API:

  • ApproveTransactInitiate:

    {"AprroveTransactInitiate":[{"auth_req_id":"6023428c-dc8b-493f-b5d0- 0d82ba739349","expires_in":3600,"interval":0}],"opstatus":0,"httpStatusCode":200}

  • Poll:

    {"ApproveStatus": [{"auth_status":"UNKNOWN"}],"opstatus":-1,"httpStatusCode":401,"errmsg":"HID ActivID Push based operation approval is not known"}
    {"ApproveStatus": [{"access_token":"3SO8tAAAAYb9TUtyco68EnuxDuV+nUGzgeQBMisa","auth_status":"accept"}],"opstatus":0,"httpStatusCode":200}
Note:

  • If you initially not approved the request within the first minute but later approve it within the second minute (for example, you approved the request at 1 minute and 33 seconds), you will receive two response APIs: one indicating failure and the other indicating success.

  • However, in Fabric, you will only receive the most recent API response, which means you will only receive the success response.

Integration API response through Fabric:

Case 4 - Not Approved for 2 Minute: Failure

Network Response API:

  • ApproveTransactInitiate:

    {"AprroveTransactInitiate":[{"auth_req_id":"941f107e-6727-4f17-b6ca-52f76f2fa337","expires_in":3600,"interval":0}],"opstatus":0,"httpStatusCode":200}

  • Poll:

    {"ApproveStatus":[{"auth_status":"UNKNOWN"}],"opstatus":-1,"httpStatusCode":401,"errmsg":"HID ActivID Push-based operation approval is not known"}
Note:

  • A timeout message will appear if you do not approve the request within 2 minutes.

Integration API response through Fabric:

Test CIBA request using Webhook.site

  1. Go to Webhook.site - Test, process and transform emails and HTTP requests.

  2. Copy the unique URL from the Webhook.site.

  3. Set the unique URL as CallbackURL for CIBA in Postman.

  4. Once you approve the push notification, check whether the response in Webhook.site is the same as that of the Expected Response APIs.

Note: