Skip to main content

Frequently Asked Questions

Error Codes

Q: I keep receiving the error: '442 Invalid one time use token'. Why is my token not working?

Once a one-time-use token has been used to submit an iframe it cannot be used to load another. You must request a new one-time-use token prior to submitting each iframe.

Q: Why am I getting a 403 error when I send a request for a one-time-use token? I know my credentials are correct.

To request a one-time-use token you must send a POST request. Sending a GET request will result in a 403 Forbidden error.

Q: I'm getting a 440 error when I try to specify which merchant to process with.

To troubleshoot this issue, follow the steps below:

  1. Make sure there are no typos when you enter the merchant ID.
  2. Check that you have access to this merchant. You can do this by logging into the Capstone Dashboard. If you do not see your desired merchant in the merchant selector dropdown, contact CMS Customer Service
  3. Make sure you are sending the variable merchantId as a string and not as an integer.

Q: Why do I keep receiving a 431 'Error from Kount' error while testing?

Please note that Kount verification will be performed by default when saving a card token or running a card transaction. To solve for unexpected 431 errors while testing your integration, try either of the following solutions:

  • Make sure your tests do not include any of the values shown here
  • Disable Kount verification by including the parameter"processingOptions": { "checkFraud": false } in the body of your request. (See the Enable Kount Verification tutorial for reference.)

Q: Why am I getting an error saying Authorization header requires 'Credential' parameter?

The following is a common AWS error: { "message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Basic Og==" }

To debug it, please try the following:

  • Check that your HTTP method is correct. (For example, if the HTTP method is set to PUT when it should be POST you may receive this error)
  • Check that your request includes all required path and query parameters
  • Check your request for typos in the URL

If you still cannot resolve the error, please contact integration support.

Testing

Q: Can I test the iframes before integrating?

Yes! Once you have a Capstone account, you can use our Sandbox Tester.

Q: Are there any cards I can test with?

Yes. Test cards vary by implementation. Contact integration support for test cards specific to your needs.

Note: If you are testing with the Processing Option verifyCvc: true you must set the CVC equal to 111, otherwise you will receive a 437 Invalid CVC error.

Other

Q: All payments are coming back as pending, are these actually successful? Can I mark the order as paid and ship product?

The status of pending means the transaction is approved but the batch has not yet settled.

Settled transactions will show a status of authorized.

You can be assured that any pending/authorized transactions will settle without any issue.

Note: Batch close time is typically at 11pm PDT.

See the Transaction Status table for more information.

Q: Is there a joint auth & capture method?

Yes! The endpoint is called Run Card Transaction. When you send a request to this endpoint, by default the transaction will be authorized and captured.

If you wish to run an auth only transaction, send isAuthOnly: true in the body of your request.

Q: I see two custom field entries, what are those for?

The two custom fields provided are optional for partners to use for reconciliation and/or reporting purposes.

Q: Is it possible to run an auth only using the iframe and then capture through the API?

Yes, you can use the Capstone iframe in AuthOnly mode then capture the sale later if that is best for your workflow.

To run an auth only in the iframe, include isAuthOnly: true the body of your request when you retrieve a one-time-use token.

You can then capture using the Capture Transaction endpoint of the API or through Capstone dashboard.

Q: Can I host my localization/translation JSON file as a GitHub gist?

Yes, you can host your sandbox localization/translation file anywhere you choose.

To use a GitHub gist to host your translation file, follow the steps below:

  1. Create a GitHub gist containing your translation JSON file

    • Note: The gist must be public in order for Capstone to access it
  2. Copy the gist's URL. It will look like this:

    https://gist.github.com/your-github-username/8bdeaf3e8bc8c473d06b82ad56dd1c7d

  3. Append /raw to end of the URL from step 2:

    https://gist.github.com/your-github-username/8bdeaf3e8bc8c473d06b82ad56dd1c7d/raw

    • This allows Capstone to access the raw JSON file hosted in your gist repository
  4. Proceed to step 4 of the Iframe Label Translation tutorial

Note: These steps do not apply to the production environment. Production translation/localization files must be hosted by Capstone. See step 3 of the Iframe Label Translation tutorial for more information.