Frequently Asked Questions

  • How do I fix registration/login issues?
  • Here are some tips to resolve problems with logging in and registering at the Visa Developer Center.

    Email Confirmation Issues

    When you register at the Visa Developer Center, you will need to confirm your email address. In some cases, the email might get caught in a spam filter and you won't receive the email to complete your registration. You can always send yourself another email by going to: the Visa Developer Center > Login. This will send out another email confirmation message to your registered email address. From there, you can confirm your email and login with your email address as your user ID, and use your established password.

    Password Resets

    If you are having issues with login, you can also reset your password by going to: Visa Developer Center > Login. This will allow you to change your password through an email delivered to your inbox.

    Account Lockouts

    If you enter an incorrect password several times, your account will be locked out and you will be forced to reset your password to get back into your account. You can reset your password by going to Visa Developer Center > Login. This will allow you to change your password through an email delivered to your inbox.

  • How do I create and submit a Certificate Signing Request for Two-Way SSL authentication?
  • The Certificate Signing Request (CSR) is a prerequisite to get your project certificate (cert.pem), which is required to establish a Two-Way SSL connection. Additionally, you will need a root certificate (VICA-SBX.pem) and your private key.

    To generate a CSR to use in the sandbox, you have two options:

    • Visa generates a CSR for you
    • Generate your own CSR

    For details, refer to Getting Started > Testing Connectivity and Authentication. This section describes how to obtain a private key, client certificate, and Visa Developer certificate authority root certificate, as well as how to bundle the certificates into keystores, using Java keytool or OpenSSL.

  • How do I fix issues with my test credentials?
  • To fix issue with your test credentials:

    1. Verify the client certificate being used in the certificate chain with the following command:
      OpenSSL> verify -verbose -CAfile VICA.pem client.pem
      You should receive:
      client.pem: OK
    2. Check the contents of keystore by using the following command:
      keytool -list -keystore <JKS_File_Path>
      The above command displays the three entries related to Visa Developer as following:
      • Single Private key entry. The private key entry comprises of environment private key and the environment client certificate. The private key should be the same that the client has used for generating Certificate Signing Request for the requested environment. Please ensure that the correct environment certificates are being used.
      • Visa Development Platform Intermediate Certificate.                          
      • Visa Development Platform Root Certificate

    You can download all these three certificates from the project details page under the appropriate environment (for example, Certification or Production) tab.

  • How do I fix connectivity issues with Authentication for API Requests?
  • The easiest way to troubleshoot connectivity issues is to use the SOAPUI tool. Refer to Testing Two-Way SSL Connectivity Using SOAPUI section in Getting Started > Two-Way SSL that includes steps to access the helloworld project. This is the fastest way to test your access credentials and to create sample HTTP requests that work. Once you get your SOAPUI connection to work, review the raw HTTP request – you will get the exact value of an encoded username and a password that works. You can then compare the working value with the value you generate in your IDE.

  • What endpoints should I use during the development and testing process?
  • Use the following endpoints for:

    • Sandbox:
    • Projects requiring testing in the Certification environment:
    • Production:
  • How do I fix connectivity issues with the from the Data Power?
  • To fix the connectivity issues with the Sandbox: from the Data Power:

    1. Create a project
    2. Download the private key during project creation
    3. Get your API credentials
    4. Download the GeoTrust Certificate and Project Certificate (cert.pem)
    5.  In the Trusted Certificates section of Data Power appliance configuration; add Geotrust.pem and sandbox.pem (Notesandbox.pem is optional and may be needed if hostname verification is enabled)
    6. Run the command for sandbox.pem 
      openssl s_client -showcerts -connect
    7. In the Client Configuration section, add the private key in the client private key field and cert.pem in the client certificate field as shown below:

  • I’m getting Error 401 – Unauthorized. What does this mean and how can I resolve this?
  • The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource (or endpoint). Visa Developer supports multiple authentication and authorization methods. The request could fail due to one of the following reasons:


    Common Root Causes:

    • Token is either not properly formatted or contains incorrect or incomplete information e.g. timestamp is not valid UTC timestamp
    • Token has expired
    • Token version is deprecated
    • The request contains multiple authentication token
    • The target resource does not support X-pay Token based authentication


    1. Check your Keys/API link in your VDP project to validate the Status is “Active”
    2. If “Inactive”, select the “Activate” option and confirm status is “Active”
    3. If the above is unsuccessful, try creating a new VDP project with the same API’s
    4. Verify that you have followed the required steps to generate X-Pay-Token as described in API Key - Shared Secret (X-Pay-Token) section.

    Mutual SSL

    Common Root Causes:

    • Missing Authorization header in the request
    • Authorization header is in invalid format e.g.  does not start with 'Basic'
    •  Authorization header has invalid credentials e.g. either username or password is blank or incorrect
    • Certificate Chain validation failed


    1. Check that your User Name and Password information is correct
    2. Verify that you have followed the required steps to establish Two Way SSL as described in Two-Way SSL (Mutual Authentication) section. Specifically, ensure that you have added the certificates downloaded from VDP to the keystore (for example: clientkeystore.jks) that you generated while creating the CSR.
  • I’m getting Error 403 – Forbidden. What does this mean and how can I resolve this?
  • The 403 (Forbidden) HTTP Status code indicates that this project does not have permission to access the requested resource. This can happen if you are trying to invoke API request for a resource that is not part of your project e.g. if you have created a project with Visa Direct Product but are trying to use the same credentials to access Visa Consumer Transaction Controls.


    • Ensure that you are using a project and the credential for the project which includes the API being accessed
    • Create a project and receive Sandbox credentials for the API’s being called
    • Add the API being called (if not already included) to the project with credentials that are being used
  • X-CORRELATION-ID is a unique ID that system generates for every API request and is included in the Response Headers.  If you are using SOAP UI, you can see the X-CORRELATION-ID under Response section as shown below. This is helpful for debugging purposes when you report your issues to Visa Developer (

  • How much does it cost to purchase an API?
  • Visa Developer is an open platform. There is no cost to you to develop your project using any of the Visa APIs in the sandbox. When you are ready to transition to production to use the APIs, fees may apply. Fees are evaluated by project as they are a function of many elements, including the nature of your project and your relationship with any partner.

  • Why do I need to upgrade to TLS 1.2 (or higher)?
  • PCI DSS standard version 3.1 has been retired in October 2016 and the new PCI DSS version 3.2 mandates using TLS 1.2 (or higher) protocol and makes all older TLS versions (e.g. SSL v3, TLS 1.0, TLS 1.1) non-compliant. The standard requires the new TLS requirement to be implemented by June 2018.

    In preparation for this requirement, Visa plans to disable TLS 1.0 and TLS 1.1. These versions will be disabled first in Sandbox prior to Production to give you an opportunity to test these in Sandbox and ensure you are using TLS 1.2.

    For details, refer to the TLS Blog.

  • What should I do if I get an SSL exception related to mismatch in protocol version?
  • An SSL exception related to mismatch in protocol version may happen if the Transport Layer Protocol version is older than TLS 1.2.

    Refer to the TLS Blog for instructions on how to fix this issue.

  • Will my Sandbox credentials and or Production credentials still work after the account migration due to unification of Visa Digital Solutions platform with Visa Developer Center?
  • Yes, your sandbox credentials would still work.  You do not need to create or generate new API keys for Sandbox or Production.

  • After the unification of Visa Digital Solutions platform with Visa Developer Center, I tried to login and I was asked to activate my account. What is this?
  • As a part of migrating accounts to Visa Developer Center, for your protection we’d like you to simply revalidate your account.  You will receive an email to do so.  Just click on the link provided in the email and you’re done!

  • After the unification of Visa Digital Solutions platform with Visa Developer Center, how do I get access to my product profiles and configuration pages?
  • Your profile and configuration pages are located in your Project Dashboard via the “Configurations” link provided in the Left Navigation bar.  Once you select this option, you will see Visa Checkout or Visa Token Service listed in the main pane.  Select the accordion menu icon next to the API to reveal the links to the product specific profiles and configurations.

  • Why can I no longer select Visa Token Services during project creation?
  • Visa Token Service is a restricted product. If you’re interested in using Visa Token Service and believe you meet the requirements, please email us at

Looking for term definitions ? See the Glossary.

Can't find what you're looking for?

Ask the Community

Need to Talk to Visa?

Contact Us