4020: Information received from an Invalid IP address.

[judgej]

Just started getting this message from the API when requesting a payment.

Not sure what has changed - same IP, same code, same message details as was working a week ago. All POST details sent to Sage Pay to look at.

[judgej]

Now this is working, after Say Pay made some changes at their end.

[judgej]

The Pi (aka Sage Pay Integration) transactions are all showing up in my control panel as "Direct" API transactions. Looking at the way some of the old-style validation errors pop up when some fields contain invalid characters, I would guess that Pi is a layer built over the top of the Direct API.

My theory is that so far it has been working because my IP address was being passed through to the underlying Direct layer, and for some reason today that has been disabled, resulting in this error. Sage Pay having reinstated that IP pass-through, it now works again.

That's a wild guess, but I'm confident that's what has happened. In theory, given the session keys and card tokens, the IP address check should not be necessary, and the Pi team probably thought so too, but did not consider the knock-on effects of this IP check in the Direct API level. Whether this API will need IP checks like the rest of the Sage Pay APIs in the long term, is anyone's guess. I hope not, but it may need some additional layers of data signing to be applied to avoid it.

[judgej]

Closing because problem has gone away now.