Authorize.net Error when adding new paymentProfile - code: E00114, Invalid OTS Token

Question

we're trying to add a new customerPaymentProfile for an existing customerProfile. we're patterning our code on the github sample provided https://github.com/AuthorizeNet/sample-code-node/blob/master/CustomerProfiles/create-customer-payment-profile.js

the only difference is that, we don't pass CC details to our servers. instead, we pass opaqueData from frontend. on Initial customerProfile creation(with a single payment profile) it works w/c is good. but if we try to add a new paymentProfile(using a new opaqueData) we get the error code: E00114, Invalid OTS Token.

the official documentation regarding error code doesn't say much

And it seems like there's a few different cases, where it throws this error code

Using Accept.js

• https://community.developer.authorize.net/t5/Integration-and-Testing/E00114-Invalid-OTS-Token/td-p/58879
• https://community.developer.authorize.net/t5/Integration-and-Testing/E00114-Invalid-OTS-Token/td-p/59314

Our Case(node.js SDK)

• https://community.developer.authorize.net/t5/Integration-and-Testing/Error-while-adding-new-paymentProfile-quot-code-quot-quot-E00114/td-p/69872

Others

• https://community.developer.authorize.net/t5/Integration-and-Testing/Intermittent-Invalid-OTS-Token-Errors-E00114/td-p/57509
• https://community.developer.authorize.net/t5/Integration-and-Testing/E00114-Invalid-OTS-Token-error-generates-while-creating-ARB/td-p/68685

We also tried to delay the transaction at least 7 seconds, before using the opaqueData maybe to allow their systems to sync as suggested here to receive the same error message.

Anyone ever encountered something like this before? Any form of help would be highly appreciated.

Answer 1

We were doing something wrong, by doing trial and error(via API) to determine if a customer exists or not. hence hitting api once or twice resulting to an invalid token (error on 2nd call)

So we tried to create a customerProfile, w/ customerPaymentProfile & this will throw error if customerProfile already exist(if its a duplicate email). Whats good here, is that customerProfileId comes with the error payload.

We though of using customerProfileId from error payload, to create a new payment profile for the customer, giving us some edge by reducing one DB call on our system.

The issue with our strategy though, is that opaqueData will expire, when we use it to create customerProfile(w/ payment profile) even though the request failed.

So resolution is to save customer info in our system, and check if it's a returning customer or not. If it is, then get customerProfileId from db, and create new customerPaymentProfile on authorize.net

One could also create customerProfile first, w/o the customerPaymentProfile. if this transaction fails, then at least you haven't used the opaqueData yet and you get the customerProfileId w/o doing any query on your db. So when you try to create a new customerPaymentProfile, you won't get error code E00114 since opaqueData isn't used yet.

lessons learned the hard way for us, but hopefully it helps someone.