Getting Started with Visa B2B Payment Controls

About Visa B2B Payment Controls

We look forward to working with you as you leverage Visa B2B Payment Controls to set controls on your B2B card portfolios. You can select what you need from our set of endpoints to achieve your desired use case.  Some of these endpoints are required because they are pivotal to the functionality of the API whereas some may be optional.

The overall flow of the service includes setting up your company and card portfolio first. After you are all set up, you will use the ongoing management and rule setting capabilities. 

The Visa B2B Payment Controls APIs are grouped into 5 different services:  Company Management, Account Administration, Controls Management, Contact Management, and Reporting Management.  See the How to Use Visa B2B Payment Controls page to see more information. You can perform the different operations related to each service including:  create, update, delete, and get to retrieve existing information.  We will work with you during implementation process to select the configuration that best meets your use case as well as complete the standard system-readiness tasks needed before you use Visa B2B Payment Controls.  

Note: These API operations vary by service.  

Things to Know

These services can be used by multiple parties including: fintechs, issuers, or processors; however, participation must be done on behalf of an issuer and their portfolio.  If the issuer is not coding directly to the APIs, the issuer must grant authorization for that entity to act as an agent for the issuer.  Your Visa Representative will discuss this contracting requirement during the implementation process.

This service can be used with physical plastic cards or virtual cards and are supported for contactless.  This is targeted for B2B Payments ranging from Commercial to Small Business card portfolios.

For added security, each message will leverage Message Level Encryption technology when requesting and receiving a call due to the sensitive nature of the information.  This will be set up as part of the implementation process with the Visa Developer Center.  Please note that these APIs include use of PAN data, so PCI requirements must be followed.  Additionally, the Visa B2B Payment Controls supports a service key model to limit PCI being sent back and forth after initial card setup.

Use the API explorer in the API Reference section to understand how to use APIs in the sandbox. When we are ready to promote your project to Certification environment or Production environment, complete the details requested in the Project promotion form. A Visa implementation manager will set up the data required and promote your project to the requested environment. To get started, refer to the Getting Started section in the Visa Developer Center.

To make calls to the Visa B2B Payment Controls APIs, you will need to send multiple IDs as standard request parameters to identify the corporation and their accounts (using Client ID and Issuer BID). You will also provide a unique Request ID and specify the company (Company ID – once company setup) in the request. The company ID is provided in the response of the Create Company call.

The process for requesting promotion to higher environments as well as receiving user credentials and certificates are provided within your Visa Developer Center account.

For the sandbox environment, the system will display the IDs to use.  For other environments, your Visa implementation manager will complete the setup activities and provide the required Client ID. Lastly, the issuer BID should be provided per the enrollment forms. After you have been promoted to the new environment, credentials will be made available within your account in the Visa Developer Center.

Note: The sandbox environment is designed to provide a general view and guide of the endpoint request and response structure. The data in the sandbox covers a small subset of possible requests. There are systematic environment limitations, and you cannot execute all API functionality or see the full list of accurate error codes through the API explorer in sandbox. Please code using the API specifications, including error codes, rather than mimicking the API explorer. The sandbox environment is live. 

For the Visa B2B Payment Controls Service to work, transactions must flow through VisaNet for authorization. 

Note:  Currently, this is not applicable for On-Us transactions or domestic processing scenarios. Functionality will be expanded in the future.

We will provide consultation and recommendations on APIs needed for your respective use cases.  A Visa Implementation Manager will work with you through the implementation process.  Test credentials can be provided to assist with the testing experience.

Note:  If the entity coding to the APIs is not the issuer directly, an issuer will be required prior to moving to production.  All API calls will be made on behalf of an issuer, acting as a third party agent.