Hi we were given an ExactTarget php application to port from an older Magento installation to a new Magento installation. This code is based on the ExactTargetSoapClient, soap-wsse.php and xmlseclibs.php. This application runs fine in our development environment and creates a subscriber as it should on the all subscriber list. When we move this to the clients domain and use the exact same set of credentials and the same wsdl URL it fails with the response of An invalid security token was provided. Having looked for differences in the SOAP being sent to exact target in the working request and the failed request I see only the security information specifically the nounce and the time. Both of these would seem to me to be expected to be different on different domains. Any Ideas of how to fix this issue would be greatly appreciated.
Here are the only lines that differ in the 2 requests.
Works
<wsse:Nonce>ojFC8jonExNaQL0wHbwioz2CaYbcr5Xu37wFLXrO3a4=</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-05-19T18:04:35Z</wsu:Created>
Fails
<wsse:Nonce>HwqFEUj6xhuouYoLIbdzo7ApsqLpXjLznsf6cWRxjw4=</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-05-19T18:05:56Z</wsu:Created>
Here is the Soap Fault
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
<wsa:MessageID>urn:uuid:7442217e-c81c-4d6a-9fe8-b5a54723495a</wsa:MessageID>
<wsa:RelatesTo>urn:uuid:de4ef577-f20c-4f1c-8fd4-929add2ceee4</wsa:RelatesTo>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-649497a3-c740-4da3-8f0e-77fc9e4eb36a">
<wsu:Created>2016-05-19T17:59:55Z</wsu:Created>
<wsu:Expires>2016-05-19T18:04:55Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode xmlns:q0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">q0:InvalidSecurityToken</faultcode>
<faultstring>An invalid security token was provided</faultstring>
<faultactor>https://webservice.s6.exacttarget.com/Service.asmx</faultactor>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Best Answer
I was experiencing the same error until I noticed that ExactTarget will return this error if the created timestamp passed to it is in the future as per ET's own current time. Adjusting the time of the request server to a few minutes in the past worked for me.