Visa Accounts Receivable Manager (Visa AR Manager)

Start a Project Start a Project API Overview API Overview API Reference API Reference
Navigate to...
keyboard_arrow_down

Authentication Methods

Visa AR Manager APIs use different authentication requirements for different endpoints, providing flexibility while maintaining security standards appropriate for each operation type.

  • Multi-Layered Security Model – Visa AR Manager APIs implement a layered security approach that includes:
    • Transport Security – All communications use HTTPS encryption
    • Client Credentials – Required for payment operations
    • Application Identification – Visa Developer Center (VDC) external application ID for provisioning
  • Endpoint-Specific Authentication – Different endpoints have varying authentication requirements:
    • Payment (/varm/v1/payment) – Required clientId header
    • Status Inquiry (/varm/v1/paymentinfo) – Required clientId header
  • Authentication Flow – The authentication process follows these principles:
    • Credentials are validated on each request (stateless authentication)
    • Multiple authentication factors may be required simultaneously
    • Authentication failures result in appropriate HTTP error responses
    • Successful authentication enables access to authorized operations
  • Security Considerations – Important security aspects of the authentication system:
    • All credentials must be transmitted over HTTPS
    • Credentials should be stored securely and rotated regularly
    • Authentication failures should be monitored and logged

Client Credentials

Client credentials are required authentication elements for payment and status inquiry operations in the Visa AR Manager APIs. These credentials establish your identity as an authorized client and enable access to payment-related functionality.

  • Client Credential Components – Client authentication requires a single header value, which is the Client ID (clientId). This is a unique identifier for your client organization.

    This credential must be provided in the header for successful authentication to payment operations.

  • Required Endpoints – Client credentials are mandatory for the following endpoints:
    • Payment (/varm/v1/payment) – Required for all virtual card transaction operations.
    • Status Inquiry (/varm/v1/paymentinfo) – Required for retrieving payment status information.
  • Authentication Mechanism – Client credentials are transmitted as HTTP headers:
    • Header Format – Standard HTTP header key-value pairs.
    • Transmission Security – Always sent over HTTPS for protection.
    • Validation – Verified on each request (stateless authentication).
    • Case Sensitivity – Header names and values are case-sensitive.
  • Troubleshooting – Common issues with client credential authentication:
    • Missing Headers – Ensure the clientId header is provided.
    • Incorrect Values – Verify credential values match your assigned identifiers.
    • Case Sensitivity – Check that header names and values use correct capitalization.
    • Expired Credentials – Confirm credentials are current and have not expired.

Security Considerations

Visa AR Manager APIs implement multiple security layers, and proper implementation of security best practices is essential for protecting sensitive payment data and maintaining compliance with industry standards.

  • Transport Security – All API communications must use secure transport protocols:
    • HTTPS Only – All API endpoints require HTTPS connections.
    • TLS Version – Use current TLS versions (1.2 or higher).
    • Certificate Validation – Verify SSL/TLS certificates to prevent man-in-the-middle attacks.
    • Secure Ciphers – Use strong encryption ciphers for data transmission.
  • Authentication Best Practices – Implement robust authentication practices:
    • Client Credentials – Use client credentials for payment and status inquiry operations.
    • Stateless Authentication – Validate credentials on each request.
    • Authentication Monitoring – Monitor and log authentication attempts and failures.
    • Failure Handling – Implement appropriate responses to authentication failures.
  • Visa AR Manager-Specific Security and Data Protection – Utilize Visa AR Manager's built-in security in handling sensitive payment data:
    • Visa Infrastructure Security – Utilizes Visa's enterprise-grade security infrastructure and compliance standards.
    • Automated Security Updates – Benefits from Visa's continuous security monitoring and updates without additional implementation effort.
    • PCI Compliance – Follows Payment Card Industry (PCI) Data Security Standards.
    • Secure Transmission – Ensures all sensitive data is encrypted in transit.