All of the Visa Direct Payout APIs use Two-Way SSL (Mutual SSL) authentication and channel encryption, which requires you to provide a user name and password as well as install an X509 security certificate issued by Visa. Test credentials can be obtained online in your Project Dashboard for sandbox testing. Production credentials will be supplied to you as part of production on-boarding. Contact [email protected] for more information or to begin the production on-boarding process.
Authentication and encryption protocols vary according to the APIs used during a transaction. For example, the Send API will have different requirements for authentication and encryption to the Receive API. See below for details.
As one of the security protocols, Visa Developer sandbox secures its connections with clients by means of Two-Way SSL (Mutual Authentication) method. Refer to the link below to quickly learn about how to get credentials to start building with Two-Way SSL.
Visit the Two-way SSL Guide to learn more.
As part of continuing security improvements, Visa enabled Message Level Encryption (MLE) for Visa Direct APIs. Clients using Visa Direct APIs are required to support MLE in both certification and production environment. Refer to the Message Level Encryption guide for more details
As one of the security protocols, Visa Developer sandbox secures its connections with clients by means of Two-Way SSL (Mutual Authentication) method. Refer to the link below to quickly learn about how to get credentials to start building with Two-Way SSL.
Visit the Two-way SSL Guide to learn more.
Clients using Visa Direct Receive APIs have the option to support MLE in both certification and production environment. Refer to the Message Level Encryption guide for more details.
Optionally, Visa Direct incorporates Open Authentication 2.0 to secure and control access to the Visa Direct Receive APIs, encompassing all outbound Notification APIs from Visa Direct to its clients. Visa Direct for Account and Visa Direct for Wallet offers support for Open Authentication 2.0 based on industry standards. For more information, contact your Visa Direct representative.
Clients have the option to request the setup of one or more, custom API header key and value pairs for the Visa Direct Receive APIs. These custom configurations can function together with any combination of Two-Way SSL, Message Level Encryption, and Open Authentication 2.0. For more information, contact your Visa Direct representative.