Authentication Method for Visa Payment Processing

The VPP APIs require Two-Way SSL (Mutual Authentication) method. This authentication method calls for client and server to authenticate and validate each others identities. The authentication message exchange between client and server is called an SSL handshake. During the SSL handshake, both client and server verify each other certificates and if successful, the server grants access to the resource requested by the client.

Click here to view more details on how to obtain a valid client certificate from Visa Developer.

In addition to message authentication credentials, Visa requires encryption of the sensitive data such as PAN or cardholder name and address included in request and response messages. You must appropriately encrypt sensitive data before sending an API request to Visa and you will have to decrypt sensitive data in API responses before using it for processing.

For more information about how to encrypt/decrypt data in the VPP APIs messages, contact [email protected].

Two-Way SSL

As one of the security protocols, Visa Developer sandbox secures its connections with clients by means of Two-Way SSL (Mutual Authentication) method. Refer to the link below to quickly learn about how to get credentials to start building with Two-Way SSL.

Visit the Two-way SSL Guide to learn more.

Message Level Encryption

Message Level Encryption (MLE) is required for all Visa Payments Processing APIs implementations. MLE provides an enhanced security for message payload by using asymmetric encryption technique (public-key cryptography). You can generate the encryption/decryption key pairs in the Sandbox, Certification, or Production environments. For details, refer to the Message Level Encryption Documentation.