Certain prerequisites and assumptions apply before consuming Visa Subscription Manager (VSM) APIs.
- The issuer has signed an applicable VDP API Agreement and qualified for production access to the Visa Developer Center to obtain the correct API credentials using the two- way Secure Socket Layer (SSL)/mutual authentication method.
- Issuers have provided a list of BIDs to Visa to get access to the VSM APIs.
- Issuers have completed the enrollment form, available on Visa Online (VOL), to configure BINs for VSM.
- API requests by the app will be managed through the Visa Developer Platform (VDP).
Data search and filtering is based on encrypted PAN values received in the API request. l The app requesting the API is registered in VDP:
- VDP assigns a unique App ID (VDP ID) and username/password along with the certificate key.
- The app logs in to the VDP portal using the assigned username/password to request API access.
- VDP client registration is stored on Visa side along with the client BID.
Service activation covers tasks related to Visa Developer Portal (VDP), Visa Account Updater (VAU), Digital Configuration Platform (DCP), Visa Digital Enablement Program (VDEP), and VisaNet.
- Clients must contact the Visa Representative to get a VDP API Specialist assigned to their project.
- Client and their respective development partners must schedule VDP testing and certification by coordinating with the VDP API Specialist.
- Client must be subscribed to VAU to communicate PAN updates and replacement information to Visa.
- The client application must be integrated with VDP to access the VSM APIs.
- The client's online or mobile banking application must be designed for its cardholders to provide a list of COF merchants, where they have transacted in the last 13 months, and stop unwanted recurring payments at any of these merchants.
- Client must complete the following documentation to request the activation of VSM for an issuer system.
- VDP agreement – Each issuer must have signed the VDP agreement.
- Enrollment Form – Each issuer BIN to be enrolled in VSM must be included in the form and will need to be activated in the V.I.P. Customer Online Repository (CORE). Download the form from Visa Online (VOL), or contact your regional Visa CSS or account representative.
- Visa Online – Each user requiring access to the reports will need to have the Visa Stop Payment Service (VSPS) application added to their VOL user profile.
For further information, contact the VDP API Specialist.
Click here to view more details on how to obtain a valid client certificate from Visa Developer.
Visa Subscription Manager (VSM) APIs use the mutual SSL authentication method and channel encryption.
The issuer must:
- Obtain a user ID and password
- Install the PKI certificate issued by Visa
- Get test credentials from the Project Dashboard for sandbox testing
- Get production credentials during the production onboarding process
For more information or to begin the production onboarding process, contact the VDP API Specialist.
Two-Way SSL
As one of the security protocols, Visa Developer sandbox secures its connections with clients by means of Two-Way SSL (Mutual Authentication) method. Refer to the link below to quickly learn about how to get credentials to start building with Two-Way SSL.
Visit the Two-way SSL Guide to learn more.
Message Level Encryption (MLE) is required for all Visa Subscription Manager API implementations. MLE provides an enhanced security for message payload by using asymmetric encryption technique (public-key cryptography). You can generate the encryption/decryption key pairs in the Sandbox, Certification, or Production environments. For details, refer to the Message Level Encryption Documentation.