Intermittent “Invalid OTS Token” + XML parse error during Blocks checkout

  • Resolved alienjackhammer

    (@alienjackhammer)


    2 months, 3 weeks ago

    Hi,

    We’re experiencing intermittent checkout failures on WooCommerce using your gateway plugin.

    Details:

    • WooCommerce Store API (Blocks checkout)
    • Payment method: Credit / Debit Card (Accept.js flow)
    • Orders reach “Reserved stock” stage
    • Then fail with: Invalid OTS Token
    • Woo error code:     woocommerce_rest_checkout_process_payment_error
    • HTTP status: 400

    Woo debug log shows:

    "message": "Invalid OTS Token."

    And additionally:

    SimpleXMLElement::__construct() File: includes/class-api-handler.php Line: 713

    This suggests the plugin is attempting to parse an empty/invalid XML response from Authorize.Net.

    Important notes:
    • Happens intermittently (not every transaction)
    • Occurs after draft order creation and stock reservation
    • We are using WooCommerce Blocks checkout (Store API flow)
    • WP Rocket JS delay is excluding Accept.js
    • AVS/CVV pass on successful transactions
    • Authorize.net sometimes logs $0 “ValidateCustomerPaymentProfile” entries prior to failure

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter alienjackhammer

    (@alienjackhammer)

    2 months, 2 weeks ago

    We are getting intermittent checkout failures. The plugin logs show the failure occurs when attempting to save a new card to CIM during checkout:

    • Request: createCustomerPaymentProfileRequest
    • Response: E00114 Invalid OTS Token
    • This happens after Retrieved opaque card data and after validating the customer profile (getCustomerProfileRequest OK).
    • The plugin aborts payment when saving fails: Payment processing failed … error_message: Invalid OTS Token … is_store_api: false

    Request: Please update the flow so that if CIM save fails with E00114, the plugin still charges the order using the opaque data (or changes sequence: create payment profile first, then charge via profile), instead of failing the entire checkout. Also confirm whether the plugin is reusing the opaqueData token across multiple API calls or delaying token use long enough to expire.

    Plugin Support Jignesh

    (@jigneshmpatel)

    2 months, 2 weeks ago

    Hello,

    Thank you for the detailed logs.

    The issue was caused by the one-time-use (OTS) opaque token becoming invalid during the CIM save step (createCustomerPaymentProfileRequest). OTS tokens are single-use and short-lived.

    We have updated the flow so that:

    Cards are saved to CIM only when required (e.g., user opts in or subscription).

    When saving is required, we save first and then charge using the returned CIM profile ID (not the opaque token again).

    The same opaqueData token is no longer reused across multiple API calls.

    This prevents checkout from failing due to token reuse or expiration during the save process.

    Please update to the latest version (1.0.8) and let us know if you experience any further issues.

    Best regards

    Thread Starter alienjackhammer

    (@alienjackhammer)

    2 months, 2 weeks ago

    Thank you for the update!!

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.