An outbound call is an HTTP callback. A project created with certain APIs on Visa Developer enables you to register the URLs on which you want to listen to the events. The callback triggers an HTTP POST to the configured URL when an event occurs. The client notified on the URL has the flexibility to take appropriate action on the notification.
Note: The outbound configuration is supported only over Two-Way SSL (Mutual Authentication). In order to configure an outbound configuration, you must be a registered user and have full access to the product.
To setup an outbound callback:
Once your outbound configuration is approved for a project, Visa Developer issues an HTTP POST request to the URL specified every time an associated event is triggered. The request's (outbound call) POST parameters will contain XML/JSON data relevant to the event that triggered the request.
You can edit the submitted configuration only after it has been approved by the Visa admin. Select the Details option available for your outbound configuration and select an Edit option (pencil icon), which will allow you to edit the Domain and Path. After you modify the Domain parameter, Visa will be notified of it and will review the request for approval. The configuration in the interim will be in “Pending” state. Post Visa approval, the configuration state is updated to “Approved” at which point the configuration is live.
Note: If you only change the Path parameter, it will not require a re-approval from Visa.
Visa may reject your submitted outbound configuration if there is an issue in verification. If rejected, you will see the configuration in “Rejected” state on Visa Developer and rejection comments will be available under Details.
Two-Way SSL (Mutual Authentication) requires certificate exchange for the client and server to identify themselves and establish a tunnel. Refer to the Mutual Authentication blog for more details.
Visa Developer allows you to test your outbound configuration and verify that the URL is reachable by sending a test payload.
Click on Test Outbound, which will send a payload to your application hosted at the URL specified, and your application response will be displayed on the test modal. Response would be either 200 Ok or 5xx error from your application.
You can submit outbound API configurations in certification and production from Visa Developer via project promotion request or from Configuration section of the project once it is promoted to certification or production environment.
You can also submit outbound API configurations for your project from Configuration section.
Note: For certification and production environment, your project promotion request should be Visa approved before you can access Configuration section.
To verify and activate Outbound Configuration, consider the following:
You can de-activate an active outbound configuration anytime from Visa Developer.
Note: The outbound configuration status remains “Approved” and only state changes to “Active”/”Inactive” via the toggle.
As your outbound configuration is activated and the state reflects as "Active", you can proceed to test the same using Ping Test.
To edit outbound configuration:
You can now proceed for testing the new configuration via Ping Test option.
To delete the outbound configuration, contact your Visa representative.
Note: Delete capability is not supported in the Production environment. You can edit the configuration, if required, from the Visa Developer dashboard.
Visa Admin will need to initiate the configuration deletion on your behalf. The SLA to complete a deletion is 3-4 days. You will not be able to submit a new outbound domain configuration until your delete request has entered the "Pending" state.
Visa has the right to reject an outbound configuration submitted by you if it finds that domain is not valid or it is not owned by you. Visa will provide rejection comments which will be visible to you on the Developer portal in “comments” field under “Details” modal.
The configuration status will be "Rejected" on Visa Developer dashboard.
You can correct the callback URL (domain/path) using the "Edit" option and re-submit the configuration.
The configuration will again undergo verification by Visa.
For the configuration setup to work:
The Primary Certificate - <<projectName>>_client_certificate.crt
The Intermediate Certificate - VICAIntermediateCA.crt
The Root Certificate - VICATrustedRoot.crt
Make sure to include the beginning and end tags on each certificate. The result should look as shown below:
<<Your client certificate: client_outbound_certificate.cert>>
<<Your Intermediate certificate: VICAIntermediateCA.cert>>
<<Your Root certificate: VICATrustedRoot.cert>>
Save the above file as your_project_domain_name.pem. You can now configure the certificate chain (.pem file) in trust store of your server.