Topic: Discover Card
GNUCash is telling me that their certificate is not signed. Has anyone else experienced this error?
The SSL verification log says "Success" does that mean they checked the certificate as well?
You are not logged in. Please login or register.
OFX Home Forum → Institution Errors → Discover Card
GNUCash is telling me that their certificate is not signed. Has anyone else experienced this error?
The SSL verification log says "Success" does that mean they checked the certificate as well?
Their certificate fails Verisign validation. I can't understand how ANY finance software would work correctly unless they bundle the certificate directly. FYI, here's a link to try to show the failure. I've been fighting with them on this for over a month.
Their certificate fails Verisign validation. I can't understand how ANY finance software would work correctly unless they bundle the certificate directly. FYI, here's a link to try to show the failure. I've been fighting with them on this for over a month.
The certificate is now valid! Thanks for taking this up with them. I feel much better about connecting now.
BTW, how did you find the correct people to talk to about certificates?
Hello Jesse,
I tried accessing OFX Direct connect for my Discover Card but not able to get a response for the list of account/card number in the ACCTINFORS.
Example:
<OFX>
<SIGNONMSGSRSV1>
<SONRS>
<STATUS>
<CODE>0
<SEVERITY>INFO
</STATUS>
<DTSERVER>20130904
<LANGUAGE>ENG
<FI>
<ORG>Discover Financial Services
<FID>7101
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>123456
<STATUS>
<CODE>1
<SEVERITY>INFO
<MESSAGE>Client up-to-date
</STATUS>
<ACCTINFORS>
<DTACCTUP>20130904
</ACCTINFORS>
</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>
Please help me with this problem
If anyone is still connecting to discover with ofx they recently (like 3 days ago from this post) gave out new account numbers. I have been using custom software that i wrote for the past 3 years and it finally broke. Once i requested an account list from them i found out i have a new card number!
When I updated my software with the new account number, data began flowing again.
For anyones info who needs this info the following also happened. Before the new account number i was able to connect, but every transaction had a credit for the same amount. On the new number the transactions are available and correct however the fitids were not shared between both accounts so i got 5 days of duplicate data because i request last 10 days every update. Ive removed the old duplicates and forsee no future problems with discover card and ofx (its been working great the past couple years).
I haven't been able to connect for over a week; get 401 forbidden message. Tried speaking to Discover technical support, as usual for these types of problems, completely useless. I'm using my own software but I'm aware that Moneydance users are experiencing the same problem.
Anyone have any other information? Discover definitely changed some connection parameter(s).
also getting a 403 for this as of feb 21. Hopefully they are not discontinuing it, will update the thread if i find anything.
I'm getting a 403 Forbidden response as well. This is new code I'm writing, so I thought I was just doing something wrong...
I HAVE THE SOLUTION!
The HTTP request User Agent header has changed. In my code the Discover server used to accept this header: httpReqst.UserAgent = "httpclient"
Now, if I comment out that header or set httpReqst.UserAgent =null I can download from Discover; if it's left uncommented I get the 403 Forbidden error
Be warned, other institutions, such as TD Bank, require the UserAgent header to be set.
Here's the full HTTP header list that works for Discover:
httpReqst.ContentLength = enc.Length;
httpReqst.Method = "POST";
httpReqst.ContentType = "application/x-ofx";
httpReqst.UserAgent = null;
httpReqst.ServicePoint.Expect100Continue = false;
The first 3 are necessary for OFX requests at any institution. The last 2 are Discover specific, meaning other institutions might require other values.
@robler removing the user-agent header didn't work for me, still getting the forbidden message.
could you show a full request payload to ofx.discovercard.com
@overflow636 - it's not only the UserAgent, the Expect100Continue property must be false. all other properties are default
i'm using c#.
the below is the http request from my debugger. hope this helps.
if you're still having problems, check your ofx request statement; maybe the APPVER or the ofx header is incorrect
- httpReqst {System.Net.HttpWebRequest} System.Net.HttpWebRequest
Accept null string
+ Address {https://ofx.discovercard.com/} System.Uri
AllowAutoRedirect true bool
AllowReadStreamBuffering false bool
AllowWriteStreamBuffering true bool
AuthenticationLevel MutualAuthRequested System.Net.Security.AuthenticationLevel
AutomaticDecompression None System.Net.DecompressionMethods
+ CachePolicy {Level:BypassCache} System.Net.Cache.RequestCachePolicy
+ ClientCertificates {System.Security.Cryptography.X509Certificates.X509CertificateCollection} System.Security.Cryptography.X509Certificates.X509CertificateCollection
Connection null string
ConnectionGroupName null string
ContentLength 630 long
ContentType "application/x-ofx" string
ContinueDelegate null System.Net.HttpContinueDelegate
ContinueTimeout 350 int
+ CookieContainer null System.Net.CookieContainer
CreatorInstance {System.Net.WebRequest.DesignerWebRequestCreate} System.Net.IWebRequestCreate {System.Net.WebRequest.DesignerWebRequestCreate}
Credentials null System.Net.ICredentials
+ Date {1/1/0001 12:00:00 AM} System.DateTime
Expect null string
HaveResponse false bool
+ Headers {Content-Type: application/x-ofx
Host: ofx.discovercard.com
Content-Length: 630
} System.Net.WebHeaderCollection
Host "ofx.discovercard.com" string
+ IfModifiedSince {1/1/0001 12:00:00 AM} System.DateTime
ImpersonationLevel Delegation System.Security.Principal.TokenImpersonationLevel
KeepAlive true bool
MaximumAutomaticRedirections 50 int
MaximumResponseHeadersLength 64 int
MediaType null string
Method "POST" string
Pipelined true bool
PreAuthenticate false bool
+ ProtocolVersion {1.1} System.Version
+ Proxy {System.Net.WebRequest.WebProxyWrapper} System.Net.IWebProxy {System.Net.WebRequest.WebProxyWrapper}
ReadWriteTimeout 300000 int
Referer null string
+ RequestUri {https://ofx.discovercard.com/} System.Uri
SendChunked false bool
ServerCertificateValidationCallback null System.Net.Security.RemoteCertificateValidationCallback
+ ServicePoint {System.Net.ServicePoint} System.Net.ServicePoint
SupportsCookieContainer true bool
Timeout 5000 int
TransferEncoding null string
UnsafeAuthenticatedConnectionSharing false bool
UseDefaultCredentials false bool
UserAgent null string
@robler I have also been getting 403 Forbidden since ~2/15, and my code didn't use the UserAgent or Expect headers to begin with. Thanks for posting the debugging info, but I wasn't able to learn anything from it. Echoing @overflow636, if you wouldn't mind posting the actual HTTP request sent to ofx.discovercard.com, it'd be greatly helpful. I've included mine below for reference.
POST / HTTP/1.1
Host: ofx.discovercard.com
Accept-Encoding: identity
Content-Length: 685
Content-Type: application/x-ofx
Accept: */*, application/x-ofx
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:uid_redacted
<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20170228161351
<USERID>username_redacted
<USERPASS>password_redacted
<LANGUAGE>ENG
<FI>
<ORG>Discover Financial Services
<FID>7101
</FI>
<APPID>QWIN
<APPVER>2200
</SONRQ>
</SIGNONMSGSRQV1>
<CREDITCARDMSGSRQV1>
<CCSTMTTRNRQ>
<TRNUID>uid_redacted
<CLTCOOKIE>4
<CCSTMTRQ>
<CCACCTFROM>
<ACCTID>card_number_redacted
</CCACCTFROM>
<INCTRAN>
<DTSTART>20161230
<INCLUDE>Y
</INCTRAN>
</CCSTMTRQ>
</CCSTMTTRNRQ>
</CREDITCARDMSGSRQV1>
</OFX>
Before ~2/15, the server would respond with an OFX file containing transaction details. After ~2/15, I get a 403 Forbidden status with an HTML page saying Access Denied. I've tried removing different combinations of unnecessary HTTP headers, changing ofx version and appver to newer ones, and removing special characters from my password, all to no avail.
@fanqiuwen
Unless I install Fiddler or something similar, I don't know of any way to get the full http request, that's why I posted my debug info. Do you know of simple way? I'm using C#
All I can say is that you need to implement the headers I specified or it's not going to work. The fact the your code didn't use UserAgent or Expect100Continue and used to work is the point; Discover changed their header requirements. Now Discover expects these, before it didn't.
Unless I install Fiddler or something similar, I don't know of any way to get the full http request, that's why I posted my debug info. Do you know of simple way? I'm using C#
I see you have the line "h ttpReqst.ContentLength = enc.Length". Would you mind printing out the string that was encoded into the variable "enc", and posting that (with personal info redacted)? Unfortunately I'm not familiar with C#, and a quick Google search didn't produce any way to print out the entire HTTP POST request. But "enc" presumably contains the OFX request, which should be very helpful in combination with the headers in the debugging info you posted earlier.
All I can say is that you need to implement the headers I specified or it's not going to work. The fact the your code didn't use UserAgent or Expect100Continue and used to work is the point; Discover changed their header requirements. Now Discover expects these, before it didn't.
Unless I'm mistaken, setting "h ttpReqst.UserAgent = null" simply removes UserAgent from the headers, and setting "h ttpReqst.ServicePoint.Expect100Continue = false" removes "Expect: 100-continue" from the headers. Since I didn't have these headers to begin with, I think I'm running into a different issue than you are. Thanks anyway!
@fanqiuwen
In C# UserAgent is default as null, so it could be left out (other institutions I download from require a non-null UserAgent), but ServicePoint.Expect100Continue is default true so it has be explicitly set to false. You should check what the header defaults for your language are.
I included my OFX request statement below.
I noticed that your OFX request is not in XML but SGML, try formatting in XML. Also your OFXHEADER and VERSION #s differ from mine; as does the APPVER but I think your APPVER will work
Good Luck.
<?OFX OFXHEADER=\"200\" VERSION=\"211\" SECURITY=\"NONE\" OLDFILEUID=\"NONE\" NEWFILEUID=\"NONE\"?>
<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20170228232807</DTCLIENT>
<USERID>PRIVATE</USERID>
<USERPASS>PRIVATE</USERPASS>
<LANGUAGE>ENG</LANGUAGE>
<FI>
<ORG>Discover Financial Services</ORG>
<FID>7101</FID>
</FI>
<APPID>QWIN</APPID>
<APPVER>2500</APPVER>
</SONRQ>
</SIGNONMSGSRQV1>
<CREDITCARDMSGSRQV1>
<CCSTMTTRNRQ>
<TRNUID>0</TRNUID>
<CCSTMTRQ>
<CCACCTFROM>
<ACCTID>PRIVATE</ACCTID>
</CCACCTFROM>
<INCTRAN>
<DTSTART>20130101000000</DTSTART>
<DTEND>20170228232807</DTEND>
<INCLUDE>Y</INCLUDE>
</INCTRAN>
</CCSTMTRQ>
</CCSTMTTRNRQ>
</CREDITCARDMSGSRQV1>
</OFX>
I am having same problem only I get this error message when I try to retrieve my updates.
Invalid OFX Statement
** Review .\xfr\DISCOVER20170301152115889896.ofx for possible clues
I have read all of the above suggestions but I don't have a clue what any of it means. I have used Pocket Sense for many years now and have always just set it up per their instructions. Could someone please simplify this for me - I have just used the https://ofx.discovercard.com in the past and it worked until recently.
I was hitting the same thing, but thanks to robler's notes, I was able to get it working again as well. The server is very finicky about the order of the HTTP headers -- this sequence works for me:
POST / HTTP/1.1
Content-Type: application/x-ofx
Host: ofx.discovercard.com
Content-Length: [the length of the request]
Connection: Keep-Alive
With those headers, the XML request robler posted above works for me. Hope this helps.
The server is very finicky about the order of the HTTP headers -- this sequence works for me:
POST / HTTP/1.1 Content-Type: application/x-ofx Host: ofx.discovercard.com Content-Length: [the length of the request] Connection: Keep-Alive
Thanks pgs!! This finally fixed it for me.
As a data point, with these headers I was able to get correct responses from the server using either robler's ofx 2.1.1 request in #16 or my original ofx 1.0.2 request in #13. I can't believe this is the case, but the headers indeed have to be exactly these lines in exactly this order.
I was hitting the same thing, but thanks to robler's notes, I was able to get it working again as well. The server is very finicky about the order of the HTTP headers (...)
Works for me too; thanks a lot! I'm curious though: how did you figure this out? The server is very very finicky indeed; I really wouldn't have been able to guess it's something with the headers, let alone figure out the correct set & order...
I'm curious though: how did you figure this out?
The key was robler's comment about the required options for the .NET HttpWebRequest class -- once I got that working I was able to log the HTTP request. It's so sensitive that I wasn't even able to get the http library I was previously using to work and ended up writing a custom client just for this server.
Nice! (yeah that's what I ended up doing, too )
Thanks everyone (esp @robler, @pgs & @fanqiuwen) for the useful info!
@Rette: I think this is a thing that will either a) fixed by Discover b) by Pocket Sense; they'd need a request that's very specific for Discover.
I'm glad my posts helped out.
To be truthful, I lucked out on the header order - who woulda thunk order matters - but I did test for header inclusion/value
Happy downloading!
I am also having this problem. I see that some have solved the problem, but it seems one must be a very sophisticated computer programmer to implement. Can these solutions work for someone with no programming skills? Is is simply a matter of inputting correct information into the "Advanced Setup" for Moneydance "Online Banking Setup"? Or is some sort of additional independent programming necessary? Under the "Advanced Setup" for Moneydance, the following fields are requested: "Name", "OFX Institution Org", "OFX Institution ID", "OFX Institution URL"
Any advice would be greatly appreciated. If this is not recommended for non-programmer types, let me know.
Above I said I got lucky on the order - because a few members reported that header order is a factor - and I never considered order. However, in C# the headers are just properties on an WebRequest object; order cannot possibly matter when ascribing values. But since it works, the actual HTTP stream that .NET is forming from the request clearly puts the headers in the correct sequence.
This makes think there might be a prescribed (i.e. protocol defined) sequence for headers.
OFX Home Forum → Institution Errors → Discover Card
Powered by PunBB, supported by Informer Technologies, Inc.