Use the Visa Platforms Login API to implement user registration, authentication, profile updates, and administrative management with secure workflows for both standard and guest users. It supports multi-factor authentication, session management, and compliance validation for seamless access to platform services.
Before proceeding, ensure you have completed the prerequisites outlined in the Getting Started guide, including OAuth2 credentials and Site ID configuration.
The Visa Platforms Login API supports multiple user management workflows. This guide covers the most common implementation patterns for user registration, authentication, and profile management.
Include required fields: primaryUserIdentifier, email, userSiteRegistrationRequest with siteId and attributes including locale.
The system sends an activation email to the user. The response includes a user ID for tracking.
Users activate their accounts using the token received via email. This completes the registration process.
Once activated, users can authenticate using their credentials and access platform services.
Include PAN information in userAssets array and required site attributes. For external enrollments, encrypt payload using Message Level Encryption.
The system validates user data against OFAC screening automatically during enrollment.
Accounts are auto-activated if OFAC validation passes. Users denied by OFAC will not be activated and require manual review.
Guest users must reset their password on the GMAP website to obtain login credentials and access full functionality.
Provide username, password, and siteId. Include optional MFA parameters (otp, otpType) if multi-factor authentication is enabled.
Maintain active sessions by calling this endpoint with valid user authentication tokens before session expiration.
Access current user profile information using the user's authentication token.
This generates a TOTP key for users with NOT_ENROLLED MFA status.
Users provide their TOTP code to complete the enrollment process and activate MFA protection.
Use /user/mfa/totp/unenroll for user-initiated removal or /user/mfa/totp/unenroll/dashboard for administrative removal.
Locate users by userDetailsId or email address. Include siteId and set includeAttributes flag for comprehensive user data.
Modify user details such as firstName, lastName, title, and dateOfBirth using appropriate authentication tokens.
Use /migrate endpoints for bulk user data migration and /user/re-validate for OFAC or MOE synchronization.
Following these workflows enables comprehensive user management across Visa platforms, including secure registration, authentication, profile management, and administrative oversight capabilities.
Monitor API responses for error conditions and implement appropriate retry logic. Refer to the Error Codes documentation for detailed troubleshooting guidance.