How to receive customer Enrollment Attempt Notifications

Introduction

Issuers can receive a push notification every time that one of their cardholders attempts to enroll to Click to Pay via a merchant site or Click to Pay consumer portal.

Visa invokes this API call to the issuer every time a consumer attempts to enroll themselves to Click to Pay, for example during a merchant checkout process. Please note that the Request Body below only contains data fields that are relevant for notifications related to the event type CTP_ENROLLMENT_ATTEMPT. For a full specification covering other event types that exist for this notification API, please refer to the Visa Token Service – Issuer API Specifications (JSON) on Visa Assist.

Available Endpoints

Endpoint

Overview

CTP Enrollment Attempt Notification

POST {Issuer Endpoint}/vtis/v1/tokenRequestors/{tokenRequestorID}/cardEnrollment/notification?eventType=CTP_ENROLLMENT_ATTEMPT

Notification about a consumer attempting to enroll to Click to Pay via a merchant or via Visa’s CTP portal

Click to Pay Enrollment Attempt Notifications

Visa invokes this API call to the issuer every time a consumer attempts to enroll themselves to CTP, for example during a merchant checkout process.

{
    "encryptedData": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpPU0UiLCJraWQiOiI3MTVFQTI1NyIsImN0eSI6IkpXRSJ9..."
}
		

A successful API response will return HTTP 200 status code with no response payload.

Request Body

Field

Description

encryptedData

(Conditional) Blob field that contains the encrypted payload; see the “Unencrypted Payload” section below for more information.

Format: String; max length 7000 characters.

Unencrypted Payload

Field Description

clientInformation

(Required) Client information.

Format: A client information structure.

enrollment

(Required) Enrollment payloads which identifies the token service provider (TSP).

Format: An enrollment structure.

Client Information

Field

Description

firstName

(Conditional) First name of client.

Format: String, min length 2 characters, max length 80 characters.

lastName

(Conditional) Last name of the client.

Format: String; min length 2 characters, max length 80 characters.

phoneNumber

(Conditional) Mobile phone number of the client.

Format: String, max 32 characters. Allowed characters: 0-9 ( ) . - +

contactEmail

(Conditional) Email address of client.

Format: String; UTF-8; max length 48 characters.

Enrollment

Field

Description

tsp

(Required) Token service provider.

Format: It is one of the following values:

  • V - Visa
  • MC - Mastercard

paymentInstrument

(Conditional) Payment instrument. Only populated, if tsp is V.

Format: A paymentInstrument structure.

Payment Instrument

Field

Description

accountNumber

(Required) Primary account number of the card to be enrolled and provisioned.

Format: String; max length 19 characters.

Errors

The notification API is an asynchronous API and does not need the issuer to return anything to Visa. The issuer returns the following error statuses as appropriate with no response payload.

HTTP Code

HTTP Reason Code

Description

400

Bad Request

The request could not be understood by the server because of malformed syntax. The client should not repeat the request until modifications have been made.

401

Unauthorized

Authentication credentials were missing or incorrect.

404

Not Found

The server has not found anything matching the Request URI.

500

Internal Server Error

An unspecified server error has occurred. Visa should attempt to retry or contact issuer support.