Docs play_arrow Going Live

Going Live with Visa Developer Project

Once you are ready to promote your project from the sandbox to the certification or production environment, you may initiate the process to go live and commercialize your project! To submit your project to Visa for review and approval, and to request product pricing and a contract, simply go to the dashboard and select Going Live. The dashboard walks you through the detailed steps and processes to complete the application for the credentials for your project. Based on your profile and your project’s use case, you will be asked to provide specific details that will help Visa evaluate your request and provide you with commercial terms and pricing for the Visa capabilities that you identified for your project.

In the Going Live section on our dashboard, you will be asked to provide the following information.

Register Your Company

Use this form to provide your specific use case details. Visa requires this to evaluate how you intend to use Visa’s APIs in your project. 

  • If you already have an existing business relationship with Visa, you are not required to provide company information. You only need to provide your Visa BID.
  • If you do not have an existing relationship with Visa, you will need to provide information in order to create a Business Entity.
  • If you created a project in the past and are already associated with a Business Entity, you may choose to use the same Business Entity.

Provide Project Information

Use this form to provide your specific use case details. Visa requires this to evaluate how you intend to use Visa’s APIs in your project.

Client On-boarding Form

Use this form to provide specific configuration settings for your project.  

Note: Some products do not require any additional configuration settings.

Certificate Signing Request

The Certificate Signing Request (CSR) file is required to obtain a certificate if you are using a product (API) that uses Two-Way Mutual SSL authentication. A different CSR file is required for the certification and production environments. If an API requires certification prior to going live in the production environment, you will follow this process twice. Once to obtain credentials for certification, and then again to obtain credentials for production. Credentials for certification and production will be provided once a signed relevant contract is in place between you and Visa.

Create a CSR File for Visa Developer Project

Two common tools for requesting mutual authentication credentials are Keytool (for Java1 implementations) and OpenSSL.

Using Keytool

To create a credential request using Java Keytool:

1. Create a new clientkeystore.jks, using the following keytool command:

keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientkeystore.jks -storepass <password> -keypass <password> -dname "CN=<common name>, OU=<organizational unit>, O=<organization name>, L=<city/locality name>, ST=<state name>, C=<country name>, UID=<CSR unique Id>"

Note: Be sure to keep this keystore file and password secure.  You will need these to make runtime API calls in the certification or production environment.

Note: Only the following ACSII characters are allowed for all fields. 

  • Space character
  • Upper case A to Z
  • Lower case a to z
  • Digits 0 to 9
  • Dash (-)

Country Name

Two-letter International Standards Organization (ISO) 3166-1 country code. For example: US

State Name

Name of the state or province where the server is located. Spell out the name completely (Note: do not abbreviate).  For example: California

Locality Name

A valid city name. For example: San Francisco

Organization Name

Name of your organization. For example: Bank of USA

Organizational Unit Name

Name of your division within your organization. For example: Debit Card Processing Unit

Common Name

This field must be a fully qualified domain name. Format should be alias/hostname.domainname.com. This cannot have wildcard characters for hostname and hostname should not be “www”. For example: services.visa.com

UID

This should be the CSR Unique Id appended with ”-CERT” or “-PROD” to indicate the environment:

  • Certification environment: <UID>-CERT
  • Production environment: <UID>-PROD

To get the CSR Unique Id, go to the dashboard, select the Project Name for which you need to generate the CSR, and click on Settings.

2. Create a new CSR using the following keytool command:

keytool -certreq -alias client -keystore clientkeystore.jks -storepass <password> -keypass <password> -file certreq1.csr

3. Upload the CSR file (certreq1.csr) in the Going Live section of your project.

Using OpenSSL

To create a credential request using OpenSSL

1. Generate Key Pair

openssl genrsa -out example-key.pem 2048

For information about supplying a password to protect the key file, see the OpenSSL documentation.

Note: Be sure to keep this key file and password secure.  You will need these to make runtime API calls in the certification or production environment.

2. Create a new CSR using the following OpenSSL command:

openssl req -new -sha256 -key example-key.pem -out example.csr -subj /CN=<common name>/OU=<organization unit>/O=<organization name>/L=<city/locality name>/ST=<state name>/C=<country name>/UID=<CSR unique Id>

Note: For all fields, only the following ACSII characters are allowed.

  • Space character
  • Upper case A to Z
  • Lower case a to z
  • Digits 0 to 9
  • Dash (-)

Country Name

Two-letter International Standards Organization (ISO) 3166-1 country code. For example: US

State Name

Name of the state or province where the server is located. Spell out the name completely (Note: do not abbreviate). For example: California

Locality Name

A valid city name. For example: San Francisco

Organization Name

Name of your organization. For example: Bank of USA

Organizational Unit Name

Name of your division within your organization. For example: Debit Card Processing Unit

Common Name

This field must be a fully qualified domain name. Format should be alias/hostname.domainname.com. This cannot have wildcard characters for hostname and hostname should not be “www”. For example: services.visa.com

UID

This should be the CSR Unique Id appended with”-CERT” or “-PROD” to indicate the environment:

  • Certification environment: <CSR UID>-CERT
  • Production environment: <CSR UID>-PROD

To get the CSR Unique Id, go to dashboard, select the Project Name for which you need to generate the CSR, and click on Settings.

 Upload the CSR file (example.csr) in the Going Live section of your project.

Request Product Pricing

Once you determine which product(s) you want to commercialize in your project, Contact Us for pricing details.

Request a Contract

Once you determine which product(s) you want to commercialize in your project, Contact Us for a contract.

Note: If you are only using Foreign Exchange Rates API in your project, you can now complete and submit all Going Live tasks at one time, including price acceptance and contract completion and signing. You will be prompted to initiate contract completion and signing during the Going Live flow from the Visa Developer dashboard. Once the signed contract is uploaded to Visa Developer you can complete your project submission.

Disclaimer: This contract has no binding effect for Visa until Visa provides Company with a countersigned version of the contract.

After Going Live

Once you submit all the required information, you will receive an email. If Visa needs any additional details, the email will outline the information required and will include a contract with terms and pricing for your signature if you haven’t already signed a contract with the relevant provisions provided to you by your Visa business contact.

If the submitted information is complete, Visa will process your request and if Visa approves and a signed relevant contract is in place, you will receive an email when your project credentials are available.

If your project uses products (APIs) that use Two-Way Mutual SSL authentication, you will need to download and add your new project certificate to a keystore.

Create Keystores

A keystore is a repository where private keys and certificates can be stored.

If you used Java Keytool to create the CSR (as described above in Creating a CSR File for Visa Developer Project section), then follow the instructions for Java Keytool below.  If you used OpenSSL, then follow the instructions for OpenSSL below.

Using Java Keytool

Once the Visa representative informs you that the certification or production environment certificate is ready, login to the Visa Developer Platform.

1. Open the project for which certification or production credentials are required.

2. Select the Certification or Production environment from the dropdown at the top right within that project.

3. Request one time password (OTP) by clicking Request One Time Password. You will receive an email with the OTP.

4. Enter the OTP value into the text box and click Submit. This displays certification or production environment credentials and certificates.

5. Copy the User ID and Password, because you will need them to invoke an API using Two-Way SSL.

6. Download the certificates (root - VDPCA.pem, interim - VDPCAI.pem and project-specific certificate – cert.pem).

7. To chain the certificates for making the runtime calls:

keytool -import -alias root -keystore clientkeystore.jks -file VDPCA.pem -storepass <password>

keytool -import -alias interm -keystore clientkeystore.jks -file VDPCAI.pem -storepass <password>

keytool -import -alias client -keystore clientkeystore.jks -file cert.pem -storepass <password>

Noteclientkeystore.jks is the file that you created earlier (as described above in Creating a CSR File for Visa Developer Project Using Keytool section)

8. Now use the clientkeystore.jks file to make the runtime calls for the respective API. Use the following endpoint:

where <URI> is the URI of the API endpoint.

9. Include the User ID and password (from project details page) in the header using the Authorization field set to "Basic " + the base64 encoded concatenated string userid+":"+password (e.g. "Authorization: Basic R0ZUFBFTjVaTEUy)

Using OpenSSL

Once the Visa representative informs you that the certification or production environment certificate is ready, login to the Visa Developer Platform.

1.. Open the project for which certification or production credentials are required.

2. Select the Certification or Production environment from the dropdown at the top right within that project.

3. Request one time password (OTP) by clicking the Request One Time Password button. You will receive an email with the OTP. Once you get the OTP via email, enter the OTP value into the text box and click Submit.

4. This will display certification or production environment credentials and certificates.

5. Copy the User ID and Password, because you will need them to invoke an API using Two-Way SSL

6. Download the project-specific certificate – cert.pem.

7.  Concatenate the certificate with the key file.

Unix and Mac command:

cat example-key.pem cert.pem > example.pem 

or

Windows command:

type example-key.pem cert.pem > example.pem 

Noteexample-key.pem is the file that you created earlier (as described above in Creating a CSR File for Visa Developer Project Using OpenSSL section).

8. Create PKCS#12 file:

openssl pkcs12 -export -in example.pem -out example.pkcs12 -name "example"

Enter Export Password:

Now use the example.pkcs12 file to make the runtime calls for an API using Two-Way SSL.

Use the following endpoint:

where <URI> is the URI of the API endpoint.

9. Include the User ID and password (from project details page) in the header using the Authorization field set to "Basic " + the base64 encoded concatenated string userid+":"+password (e.g. "Authorization: Basic R0ZUFBFTjVaTEUy)

Project Testing and Production Validation

Once you have integrated the credentials into your project, you are all set to begin the testing and/or the production validation processes!

--

[1] Java is a registered trademark of Oracle and/or its affiliates