search

csingley / ofxtools

Python OFX Library
Other
301 stars 68 forks source link

USAA error responses #92

Closed jdwx closed 3 years ago

jdwx commented 3 years ago

Unfortunately I'm not able to connect successfully to USAA with ofxtools.

Running "ofxget scan ussa" returns this:

[(102, [{'pretty': True, 'unclosedelements': True}, {'pretty': False, 'unclosedelements': True}]), (151, [{'pretty': True, 'unclosedelements': True}, {'pretty': False, 'unclosedelements': True}])]
[(200, [{'pretty': True, 'unclosedelements': False}, {'pretty': False, 'unclosedelements': False}]), (202, [{'pretty': False, 'unclosedelements': False}, {'pretty': True, 'unclosedelements': False}])]
[{"versions": [102, 151], "formats": [{"pretty": false, "unclosedelements": true}, {"pretty": true, "unclosedelements": true}]}, {"versions": [200, 202], "formats": [{"pretty": false}, {"pretty": true}]}, {"chgpinfirst": false, "clientuidreq": false, "authtokenfirst": false, "mfachallengefirst": false}]

Everything seems fine with that.

Here's what "ofxget list usaa" says:

USAA Federal Savings Bank
ofxhome = 483
url = https://service2.usaa.com/ofx/OFXServlet
version = 202
org = USAA
fid = 24591

That all seems fine as well.

But any attempt to do anything else fails with an OFX error status code 2000 ("General Error").

(In all cases I'm going to add some newlines to the XML that aren't in the original to make it more readable. Nothing else has been changed.)

Running "ofxget prof usaa" returns:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?OFX OFXHEADER="200" VERSION="202" SECURITY="NONE" OLDFILEUID="NONE" NEWFILEUID="cf3ebe77-76e6-4c3f-a673-d8853db3777a"?>
<OFX>
<SIGNONMSGSRSV1>
<SONRS>
<STATUS>
<CODE>2000</CODE>
<SEVERITY>ERROR</SEVERITY>
<MESSAGE>Were sorry, an error has occurred during processing.  Please try again.</MESSAGE>
</STATUS>
<DTSERVER>20201010231104</DTSERVER>
<LANGUAGE>ENG</LANGUAGE>
<FI><ORG>USAA</ORG><FID>24591</FID></FI>
</SONRS></SIGNONMSGSRSV1>
<PROFMSGSRSV1><PROFTRNRS>
<TRNUID>6eaf386f-21e1-44b2-829b-5572d1f4f1d8</TRNUID>
<STATUS><CODE>15500</CODE><SEVERITY>ERROR</SEVERITY></STATUS>
</PROFTRNRS></PROFMSGSRSV1>
</OFX>

ofxget acctinfo -u (userid) usaa returns:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?OFX OFXHEADER="200" VERSION="202" SECURITY="NONE" OLDFILEUID="NONE" NEWFILEUID="d2e93c9f-a156-44ce-ad73-ed539d458f0a"?>
<OFX>
<SIGNONMSGSRSV1>
<SONRS>
<STATUS><CODE>0</CODE><SEVERITY>INFO</SEVERITY><MESSAGE>Success</MESSAGE></STATUS>
<DTSERVER>20201010232054</DTSERVER>
<LANGUAGE>ENG</LANGUAGE>
<FI><ORG>USAA</ORG><FID>24591</FID></FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>d33ca7f6-b660-4ed5-9841-14f46696b902</TRNUID>
<STATUS><CODE>2000</CODE><SEVERITY>ERROR</SEVERITY></STATUS>
</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>

Running "ofxget stmt usaa -u (redacted) -C (redacted) --bankid 314074269" returns:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?OFX OFXHEADER="200" VERSION="202" SECURITY="NONE" OLDFILEUID="NONE" NEWFILEUID="23023ee4-891e-4747-b23a-e60d5a271760"?>
<OFX>
<SIGNONMSGSRSV1>
<SONRS>
<STATUS><CODE>0</CODE><SEVERITY>INFO</SEVERITY><MESSAGE>Success</MESSAGE></STATUS>
<DTSERVER>20201010233055</DTSERVER>
<LANGUAGE>ENG</LANGUAGE>
<FI><ORG>USAA</ORG><FID>24591</FID></FI>
</SONRS>
</SIGNONMSGSRSV1>
<BANKMSGSRSV1>
<STMTTRNRS>
<TRNUID>8fae4064-2dce-4609-9013-818b3e9ad629</TRNUID>
<STATUS><CODE>2000</CODE><SEVERITY>ERROR</SEVERITY></STATUS>
</STMTTRNRS>
</BANKMSGSRSV1>
</OFX>

To confirm that USAA isn't just down, I successfully connected with Moneydance, which uses the same OFX URL and credentials, before and after the test. (Wish I could see the requests that it's sending!)

Also, I tried with incorrect usernames and passwords, and confirmed that they produce a different response:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?OFX OFXHEADER="200" VERSION="202" SECURITY="NONE" OLDFILEUID="NONE" NEWFILEUID="2c372341-a3fc-46eb-9844-bbf88693a228"?>
<OFX>
<SIGNONMSGSRSV1>
<SONRS>
<STATUS>
<CODE>15500</CODE>
<SEVERITY>ERROR</SEVERITY>
<MESSAGE>Some or all of the information you have entered is invalid. Please call toll free (1-800-531-6347) for assistance.</MESSAGE>
</STATUS>
<DTSERVER>20201010234305</DTSERVER>
<LANGUAGE>ENG</LANGUAGE>
<FI><ORG>USAA</ORG><FID>24591</FID></FI>
</SONRS>
</SIGNONMSGSRSV1>
<BANKMSGSRSV1>
<STMTTRNRS>
<TRNUID>a356f527-39ab-4368-8dc0-c6bb080d108f</TRNUID>
<STATUS><CODE>15500</CODE><SEVERITY>ERROR</SEVERITY></STATUS>
</STMTTRNRS>
</BANKMSGSRSV1>
</OFX>

Not sure what else I can try to get this working.

Wish I could see the exact requests and responses Moneydance is sending!

I did see the note on https://ofxtools.readthedocs.io/en/latest/client.html about User-Agent blocking. I don't know if that's at play, but it doesn't seem like it because in issue #90 you reported that this works for you.

Nonetheless, this page ( https://infinitekind.tenderapp.com/discussions/online-banking/15846-the-error-code-reported-by-the-server-was-2000 ) suggests Moneydance's User-Agent string is:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063

jdwx commented 3 years ago

Turns out you actually /can/ see Moneydance's requests and the bank's responses in its console.

Based on that I was able to find that it was stepping all the way down to 102 (with no closing tags, obviously).

This .cfg let me pull acctinfo and statements:

[usaa]
version: 102
unclosedelements = true
appid: QWIN
appver: 2400

Was also able to get it working with version 151 with the cfg:

[usaa]
version: 151
unclosedelements = true
appid: QWIN
appver: 2700

But no dice under 200 or 202, despite "ofxget scan usaa" claiming they are supported.

So I don't know if that's a problem of ofxget incorrectly determining what's supported, USAA not liking the 200/202 code it is sending, or if USAA is advertising 200 and 202 without actually supporting them.

But 151 works fine for me, so 🤷‍♂️.

jdwx commented 3 years ago

Thanks for this, by the way. You have saved me many hours.

csingley commented 3 years ago

Glad it all worked out; thanks for reporting. I'll update the default configuration for USAA accordingly; others have been reporting problems too.

BTW ofxget scan just requests an OFX profile from the server, and reports successes; the tool can't reasonably log in and request an account statement. For some reason USAA's server is honoring profile requests for OFXv2, but statement requests must be OFXv1. That violates an implicit assumption of the tool.