security_code_id can't be null

[Julio-Cesar07]

Hello everyone, when I created a cardToken for the payment it required the security_code_id but the card did not return this, how do I create a payment without this security code?

[romerosilva-meli]

Hi @Julio-Cesar07, how are you?

indeed the security_code field is missing in your request to the CardToken client, and it should be obtained directly from the user, like it is explained in this guide. It doesn't mention this requirement (and we'll fix it asap), but it explains how it can be obtained.

[Julio-Cesar07]

I understand, but whenever I need to make a payment, I need a cardToken, right? But when I look for a customer, the security_code/token field does not appear, neither in the found customer nor in the listed card. Am I doing something wrong?

[romerosilva-meli]

The security code (also known as cvv) is the 3-4 digits usually found in the back of the credit card. For PCI compliance reasons, you shouldn't store sensitive data on your end and let Mercado Pago handle them for you.

What I meant is that you need to ask for the security code through a frontend on your e-commerce. That's the expected use when working with saved cards. In this case, you'll need both because the card is already saved, but we need to ask the user for the security code as an extra layer of security.

Your initial implementation was fine, the only data missing is the security code that you can acquire following the guide I shared in my previous message.

If what you're trying to accomplish is to charge the user without asking for the security code, in that case you'd be creating a subscription and you should follow the guide on how to use that API.

Hope that helps.

[Julio-Cesar07]

So i'm creating a pre approval plan and a pre approval and i get the following error:

my code:

i'm using credentials test and i've already tried replacing card_token_id for the token id that return of the api https://api.mercadopago.com/v1/card_tokens?public_key=

[romerosilva-meli]

Hi @Julio-Cesar07,

even though it is not clear in the documentation, for this and most APIs, the card token should be asked via a frontend using Mercado Pago's frontend SDK. You can use the Integration via CardForm as an example on how to implement the frontend part and this example on how to implement the backend part.

the reason you are getting that CardToken service not found error is probably because you can't use test credentials to create subscriptions. You can create a test user and use the production credentials of that user instead.

We apologize for the documentation not being clear, we are working on improving the documentation for all APIs.

[patrickdelfim]

Hi Romero. Trying to test subscription here as well and I have questions.

1- Card tokens generated using bricks will work well in the subscription workflow?
2- Im trying to follow this approach about create test users to finish my integration and when I go to the website to get credentials Im redirected to retrieve MFA token, which is send to the test user email that I have no idea how to access it.

If you have any idea let me know.
Thanks a lot.

[romerosilva-meli]

Hi @patrickdelfim,

thanks for reaching out to us. About your questions:
1- Yes, they should work fine.
2- Not sure why you're being asked for MFA for a test user, that's unusual. I'll ask you to open a support ticket so they can better assist you.

Cheers

[marcelino-borges]

@patrickdelfim
Have you figured this out? Has support team explained something?

I'm also being asked for MFA (logged into my test user account in MP, clicked My Business (left menu) > Settings)

Mercado Pago is probably one of the worst developer experiences I've had in a while... Jesus