Authentication Errors
401 Unauthorized
Symptom: API returns401 with “Bad or missing authorization data.”
What to check:
- Verify the
Authorizationheader uses theAPIKEYprefix:Authorization: APIKEY your-key-here - Confirm the API key is active. Use the Validate API Key endpoint to test.
- Check whether you are using a test key against the production environment (or vice versa).
409 Conflict on credential operations
Symptom: Storing or updating a Payment Gateway Account returns409.
What to check:
- The
paymentGatewayAccountNamemay already exist. List your accounts with List Payment Gateway Accounts to confirm. - If you intend to replace existing credentials, the PUT endpoint overwrites by design. Ensure you are sending the full credential set.
Transaction Failures
Transaction returns “Rejected”
Symptom: A charge or authorization returns aRejected status.
What to check:
- Read the
GatewayDescriptionandAcquirerDescriptionfields in the response. These contain the gateway’s reason for the rejection (e.g., insufficient funds, invalid card, do-not-honor). - If using test cards, confirm you are using the mock PSPs or the gateway’s own sandbox credentials.
- Check Gateway-Specific Requirements for the gateway you are using. Some gateways require specific parameters (e.g., AMEX requires
myRefwith 6+ characters).
Transaction times out
Symptom: The API call takes too long and times out, or returns a timeout error. What to do:- Do not retry the charge immediately. The original transaction may still be processing at the gateway.
- Use the Transaction Status endpoint with the
transactionIdfrom your original request to check the outcome. - Only retry after confirming the original transaction failed.
Gateway returns “FatalFailure”
Symptom: Transaction returnsFatalFailure status.
What to check:
- This typically means the gateway configuration is wrong (invalid credentials, disabled account, unsupported operation).
- Verify your gateway credentials are correct using List Payment Gateway Accounts.
- Confirm the gateway supports the operation you are attempting. For example, AMEX does not support direct Charge or Refund operations (use PreAuth + Capture instead).
- If using multi-gateway failover, Orchestra automatically tries the next gateway in your list.
Gateway-Specific Issues
AMEX: “Bad Data” on charge
AMEX requires themyRef parameter with at least 6 characters. Only the first 6 characters are used as the trace number.
Pesopay: duplicate transaction error
Pesopay requiresmyRef to be unique per transaction. Reusing a reference value causes a rejection.
First Data / Gateline: connection refused
These gateways require a client certificate for authentication. Verify thatpaymentGatewayCertName is set and the certificate is configured in your account.
Adyen: unexpected test/live behavior
TheShopperInteraction credential defaults to Ecommerce. For POS integrations, set this explicitly in your Payment Gateway Account credentials.
For the full list of gateway-specific requirements, see Gateway-Specific Requirements.
Card and Token Issues
Invalid card number
Symptom: Tokenization fails with a card validation error. What to check:- The card number must pass the Luhn algorithm. Use the Luhn Validation tool to verify.
- Card number must be 12-19 digits with no spaces or separators.
- Use the Brand Lookup tool to confirm the card brand is supported by your gateway.
Token not found
Symptom: A string token operation returns404.
What to check:
- String tokens are deleted after retrieval by default. If you need to retrieve a token multiple times, store it with the appropriate retention setting.
- Confirm the token ID is correct and belongs to the authenticated API key.
Payments Library Issues
Session token invalid
Symptom: Library operations fail with “Session token is invalid.” What to check:- Session tokens are single-use. A new session must be created for each payment attempt.
- Ensure the
Authorization: Bearer <token>header is set correctly in library API calls. - Verify the session was created with the correct
mode(LIVEvsTEST). Sandbox accounts cannot createLIVEsessions.
3D Secure not triggering
What to check:- Mock PSPs do not support 3D Secure. You must use a real gateway’s sandbox credentials for 3DS testing.
- Ensure your gateway account has 3DS enabled on the gateway’s side.
- The Payments Library handles 3DS automatically when the gateway requires it. If you are using the REST API directly, see the 3D Secure guide.
Debugging Tips
Include myRef in every request
Set a unique myRef value on every transaction. This makes it easy to trace transactions in gateway dashboards and when contacting support.
Check the response body
Orchestra returns the gateway’s own response inGatewayDescription and AcquirerDescription. These fields contain the most specific error information and are the first place to look when a transaction fails.
Test with mock PSPs first
The mock PSPs let you test your integration without external gateway accounts. They support Charge, PreAuth, Capture, Refund, and Void operations with predictable responses.Mock PSPs do not support 3D Secure, gateway tokenization, or real card validation. Graduate to a real gateway sandbox for testing these features.
Contact support with context
When reaching out to support, include:- Your
myRefvalue andtransactionId - The full API response (including
GatewayDescription) - The gateway name and operation type
- Whether you are using test or production credentials
Related
- Return Codes - Full list of Orchestra error codes
- Gateway-Specific Requirements - Per-gateway parameter rules
- Transaction Status - Check the outcome of a transaction
- Mock PSPs - Test without external accounts