Umbraco.Commerce.Issues icon indicating copy to clipboard operation
Umbraco.Commerce.Issues copied to clipboard
verified publisher icon umbraco

Payment token re-initialization fails with 400 Bad Request after checkout cancellation

Open xeniajensen opened this issue 2 months ago • 2 comments

Which component is this issue related to?

Checkout

Which Umbraco Commerce version are you using? (Please write the exact version, example: 10.1.0)

16.4.0

Bug summary

The /pay/{token} endpoint returns 400 Bad Request when attempting to re-initialize payment after a checkout session has been canceled, even though a new token is successfully generated.

Specifics

  • Umbraco Commerce Version: 16.4.0
  • Component: Checkout
  • Payment Gateway: Nets Easy OneTime Payment (hosted checkout, Framed mode)
  • API Endpoint: /umbraco/commerce/storefront/api/v1/checkout/{orderId}/

The cancellation is triggered automatically by the DIBS payment gateway when the iframe is unloaded. Token generation always succeeds, but /pay/{token} fails on re-initialization.

Steps to reproduce

  1. User reaches payment step and payment token is generated via GET /checkout/{orderId}/token → Success
  2. Payment iframe loads GET /checkout/{orderId}/pay/{token} → Success (payment form displays)
  3. User navigates back to previous step
  4. Payment gateway automatically calls /pay/{token}/canceled when iframe unloads
  5. User navigates forward to payment step again
  6. New payment token is generated via GET /checkout/{orderId}/token → Success
  7. Payment iframe attempts to load GET /checkout/{orderId}/pay/{newToken}400 Bad Request

Expected result / actual result

Expected Behavior

After a checkout session is canceled, we should be able to:

  1. Generate a new payment token via /token endpoint
  2. Successfully load the payment form via /pay/{token} endpoint using the new token

Actual Behavior

  • First payment initialization works: GET /checkout/{orderId}/token200 OK, GET /checkout/{orderId}/pay/{token}200 OK
  • After navigation away and return: GET /checkout/{orderId}/token200 OK (new token), but GET /checkout/{orderId}/pay/{token}400 Bad Request

Questions

  1. Is it expected that /pay/{token} returns 400 after a checkout session has been canceled, even with a newly generated token?
  2. Is there a way to reset the checkout session state or clear an existing checkout session programmatically?
  3. What is the recommended pattern for handling user navigation in multi-step checkout flows with hosted payment?

Dependencies

No response

xeniajensen avatar Nov 13 '25 07:11 xeniajensen

Hi @xeniajensen ,

Could you check the 400 error against the logs and see what the source is?

acoumb avatar Nov 13 '25 09:11 acoumb

@acoumb It's not actually showing up in the Umbraco logs, and if I make a direct request to /umbraco/commerce/storefront/api/v1/checkout/{orderId}/pay/{token} I just get the same error 400 with an empty body in the response. If I make a new request to /umbraco/commerce/storefront/api/v1/checkout/{orderId}/token - with the same orderId, I get a success response but the payUrl in that response just gives an immediate 400.

Image

xeniajensen avatar Nov 13 '25 11:11 xeniajensen

@acoumb Any updates on this?

xeniajensen avatar Dec 01 '25 07:12 xeniajensen

@xeniajensen I will check up in our team with the support people and get back to you. Sorry for the delay.

acoumb avatar Dec 01 '25 08:12 acoumb