Going Live

Navigate to...
keyboard_arrow_down

Going Live

Once you are ready to promote your project from the sandbox to the certification or production environment, you may initiate the process to go live and commercialize your project! To submit your project to Visa for review and approval, and to request product pricing and a contract, simply go to the dashboard and select Going Live. The dashboard walks you through the detailed steps and processes to complete the application for the credentials for your project. Based on your profile and your project’s use case, you will be asked to provide specific details that will help Visa evaluate your request and provide you with commercial terms and pricing for the Visa capabilities that you identified for your project.

In the Going Live section on our dashboard, you will be asked to provide the following information.

Register Your Company

Use this form to provide your specific use case details. Visa requires this to evaluate how you intend to use Visa’s APIs in your project. 

  • If you already have an existing business relationship with Visa, you are not required to provide company information. You only need to provide your Visa BID.
  • If you do not have an existing relationship with Visa, you will need to provide information in order to create a Business Entity.
  • If you created a project in the past and are already associated with a Business Entity, you may choose to use the same Business Entity.

Provide Project Information

Use this form to provide your specific use case details. Visa requires this to evaluate how you intend to use Visa’s APIs in your project.

Client On-boarding Form

Use this form to provide specific configuration settings for your project.

Note: Some products do not require any additional configuration settings.

Select Authentication Method

You may select between X-Pay Token or Two-Way SSL or you may select both. If you have selected Two-Way SSL you will be prompted to upload a certificate signing request (CSR).

Certificate Signing Request

The Certificate Signing Request (CSR) file is required to obtain a certificate if you are using a product (API) that uses Two-Way Mutual SSL authentication. A different CSR file is required for the certification and production environments. If an API requires certification prior to going live in the production environment, you will follow this process twice. Once to obtain credentials for certification, and then again to obtain credentials for production. Credentials for certification and production will be provided once a signed relevant contract is in place between you and Visa.

Create a CSR File for Visa Developer Project


Two common tools for requesting mutual authentication credentials are Keytool (for Java1 implementations) and OpenSSL.

Using Keytool

To create a credential request using Java Keytool:

1.

Create a new clientkeystore.jks, using the following keytool command (replace the < > characters and the enclosed values with your own values):

keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientkeystore.jks -storepass <password> -keypass <password> -dname "CN=<common name>, OU=<organizational unit>, O=<organization name>, L=<city/locality name>, ST=<state name>, C=<country name>, UID=<CSR unique Id>"
		

Note: Be sure to keep this key file and password secure. You will need these to make runtime API calls in the certification or production environment.

Note: Only the following ACSII characters are allowed for all fields.

  • Space character
  • Upper case A to Z
  • Lower case a to z
  • Digits 0 to 9
  • Dash (-)

Country Name
Two-letter International Standards Organization (ISO) 3166-1 country code. For example: US

State Name
Name of the state or province where the server is located. Spell out the name completely (Note: do not abbreviate).  For example: California

Locality Name
A valid city name. For example: San Francisco

Organization Name
Name of your organization. For example: Bank of USA

Organizational Unit Name
Name of your division within your organization. For example: Debit Card Processing Unit

Common Name

This field must be a fully qualified domain name. Format should be alias/hostname.domainname.com. This cannot have wildcard characters for hostname and hostname should not be “www”. For example: services.visa.com

UID
This should be the CSR Unique Id appended with ”-CERT” or “-PROD” to indicate the environment:

  • Certification environment: <UID>-CERT
  • Production environment: <UID>-PROD

To get the CSR Unique Id, go to the dashboard, select the Project Name for which you need to generate the CSR, and click on Settings.

2.

 Create a new CSR using the following keytool command:

keytool -certreq -alias client -keystore clientkeystore.jks -storepass <password> -keypass <password> -file certreq1.csr
		

3.

Upload the CSR file (certreq1.csr) in the Going Live section of your project.

Using OpenSSL

To create a credential request using OpenSSL:

1.

Generate Key Pair

openssl genrsa -out example-key.pem 2048
		

For information about supplying a password to protect the key file, see the OpenSSL documentation.

Note: Be sure to keep this key file and password secure. You will need these to make runtime API calls in the certification or production environment.

2.

Create a new CSR using the following OpenSSL command:

openssl req -new -sha256 -key example-key.pem -out example.csr -subj "/CN=<common name>/OU=<organization unit>/O=<organization name>/L=<city/locality name>/ST=<state name>/C=<country name>/UID=<CSR unique Id>
		

Note: For all fields, only the following ACSII characters are allowed.

  • Space character
  • Upper case A to Z
  • Lower case a to z
  • Digits 0 to 9
  • Dash (-)

Country Name
Two-letter International Standards Organization (ISO) 3166-1 country code. For example: US

State Name
Name of the state or province where the server is located. Spell out the name completely (Note: do not abbreviate). For example: California

Locality Name
A valid city name. For example: San Francisco

Organization Name
Name of your organization. For example: Bank of USA

Organizational Unit Name
Name of your division within your organization. For example: Debit Card Processing Unit

Common Name
This field must be a fully qualified domain name. Format should be alias/hostname.domainname.com. This cannot have wildcard characters for hostname and hostname should not be “www”. For example: services.visa.com

UID
This should be the CSR Unique Id appended with”-CERT” or “-PROD” to indicate the environment:

  • Certification environment: <CSR UID>-CERT
  • Production environment: <CSR UID>-PROD

To get the CSR Unique Id, go to dashboard, select the Project Name for which you need to generate the CSR, and click on Settings.

Upload the CSR file (example.csr) in the Going Live section of your project.

Request Product Pricing

Once you determine which product(s) you want to commercialize in your project, Contact Us for pricing details.

Request a Contract

Once you determine which product(s) you want to commercialize in your project, Contact Us for a contract.

Note: If you are only using Foreign Exchange Rates API in your project, you can now complete and submit all Going Live tasks at one time, including price acceptance and contract completion and signing. You will be prompted to initiate contract completion and signing during the Going Live flow from the Visa Developer dashboard. Once the signed contract is uploaded to Visa Developer you can complete your project submission.

Disclaimer: This contract has no binding effect for Visa until Visa provides Company with a countersigned version of the contract.

After Going Live

Once you submit all the required information, you will receive an email. If Visa needs any additional details, the email will outline the information required and will include a contract with terms and pricing for your signature if you haven’t already signed a contract with the relevant provisions provided to you by your Visa business contact.

If the submitted information is complete, Visa will process your request and if Visa approves and a signed relevant contract is in place, you will receive an email when your project credentials are available.

If you opted to use Two-Way Mutual SSL authentication, you will need to download and add your new project certificate to a keystore.

Create Keystores


A keystore is a repository where private keys and certificates can be stored.

If you used Java Keytool to create the CSR (as described above in Creating a CSR File for Visa Developer Project section), then follow the instructions for Java Keytool below.  If you used OpenSSL, then follow the instructions for OpenSSL below.

Using Java Keytool

Once the Visa representative informs you that the certification or production environment certificate is ready, login to the Visa Developer Platform.

1.

Open the project for which certification or production credentials are required.


2.

On the left side, click Certification or Production and then Credentials.


3.

Request one time password (OTP) by clicking Request One Time Password. You will receive an email with the OTP.


4.

Enter the OTP value into the text box and click Submit. This displays certification or production environment credentials and certificates.


5.

Copy the User ID and Password, because you will need them to invoke an API using Two-Way SSL.


6.

Download the certificates (root - VDPCA.pem, interim - VDPCAI.pem and project-specific certificate – cert.pem).


7.

To chain the certificates for making the runtime calls:

keytool -import -alias root -keystore clientkeystore.jks -file VDPCA.pem -storepass <password>
keytool -import -alias interm -keystore clientkeystore.jks -file VDPCAI.pem -storepass <password>
keytool -import -alias client -keystore clientkeystore.jks -file cert.pem -storepass <password>
		

Note: clientkeystore.jks is the file that you created earlier (as described above in Creating a CSR File for Visa Developer Project Using Keytool section)

8.

Now use the clientkeystore.jks file to make the runtime calls for the respective API. Use the following endpoint:

   where <URI> is the URI of the API endpoint.


9.

Include the User ID and password (from project details page) in the header using the Authorization field set to "Basic " + the base64 encoded concatenated string userid+":"+password (e.g. "Authorization: Basic R0ZUFBFTjVaTEUy)


Using OpenSSL

Once the Visa representative informs you that the certification or production environment certificate is ready, login to the Visa Developer Platform.

1.

Open the project for which certification or production credentials are required.


2.

 On the left side, click Certification or Production and then Credentials.


3.

Request one time password (OTP) by clicking the Request One Time Password button. You will receive an email with the OTP. Once you get the OTP via email, enter the OTP value into the text box and click Submit.


4.

This will display certification or production environment credentials and certificates.


5.

Copy the User ID and Password, because you will need them to invoke an API using Two-Way SSL


6.

Download the project-specific certificate – cert.pem.


7.

Concatenate the certificate with the key file.

Unix and Mac command:

cat example-key.pem cert.pem > example.pem
		

Windows command:

type example-key.pem cert.pem > example.pem 
		

Note: example-key.pem is the file that you created earlier (as described above in Creating a CSR File for Visa Developer Project Using OpenSSL section).

8.

Create PKCS#12 file:

openssl pkcs12 -export -in example.pem -out example.pkcs12 -name "example"
		

Enter Export Password:

Now use the example.pkcs12 file to make the runtime calls for an API using Two-Way SSL. Use the following endpoint:

where <URI> is the URI of the API endpoint.


9.

Include the User ID and password (from project details page) in the header using the Authorization field set to "Basic " + the base64 encoded concatenated string userid+":"+password (e.g. "Authorization: Basic R0ZUFBFTjVaTEUy)


Import Root CA into Trust Store

Once you have setup your local trust store and imported your credentials you will need to import our Root certificate authority prior to interacting with our APIs. You may download our Root CA certificate in the ‘Credentials’ screen inside of your Visa Developer Project. Once downloaded you may import the certificate into your trust store by using the following command:  

keytool -import -alias digicert -keystore myProject_keyAndCertBundle.jks -file DigiCertGlobalRootCA.crt -storepass <password>
		

Edit Fully Promoted Project

Once your Visa Developer Project is fully promoted to the certification or production environment and you want to use additional Visa APIs, you can use Add APIs feature to promote the newly added APIs. Simply add the new Visa APIs in sandbox of your fully promoted project and once you are ready to promote your newly added APIs from the sandbox to the certification or production environment, initiate the process for going live and to commercialize your project.

The Going Live process would be shorter than before as you would not need to resubmit information which was submitted in the previous promotion flow. 

To submit your project to Visa for a review and approval, and to request product pricing and a contract, simply go to dashboard and select Going Live. The dashboard walks you through the detailed steps and processes to complete the application for the credentials for your project. Based on your profile and your project’s use case, you will be asked to provide specific details that will help Visa evaluate your request and provide you with commercial terms and pricing for the Visa capabilities that you identified for your project.

Project Testing and Production Validation

Once you have integrated the credentials into your project, you are all set to begin the testing and/or the production validation processes!

[1] Java is a registered trademark of Oracle and/or its affiliates