Visa will continue to offer authentication via Two-way SSL and X-Pay Token but will soon offer developers the ability to select from those authentication methods. The option to select one or both of our authentication methods will be available during project creation and, later, while promoting into our higher environments (Certification and Production). Visa wants to empower developers with the flexibility to choose what works best for them and their use case.
This change will include the below capabilities:
Developers will be able to select oneor both of the available authentication methods at the time of project creation or during project promotion. Based on what is selected, the below limits may apply:
Developers that select Two-way SSL as their authentication method will be allowed to have only one (1) Two-way SSL credential and up to five (5) X-Pay Tokens active in their project at any time. Available now.
Developers that select Two-way SSL as their authentication method can have up to three (3) Two-way SSL credentials and up to five (5) X-Pay Tokens active in their project at any time. Availability slated for Q3*.
How do I use this capability?
The choice will be available for developers at the time of project creation, and again during the Go Live flow into each higher environment.
During project creation, developers will see a “Select Auth Method(s)” action in which Two-way SSL or/and X-Pay Token can be chosen for their Visa API project. Developers will be able to view their selected authentication method in the Credentials tab of their project. In this tab, developers will be able to modify their mechanism selection, revoke credentials, and create new credentials as needed. Guides are available to give users detailed direction on how to use credential types offered.
When promoting your project to Certification or Production, you will be asked to select your requested authentication method, submit a new CSR if applicable, enter additional client information, and agree to the Visa Subscriber Agreement.
Visa reserves the right to accept or reject a selected authentication method.
Frequently Asked Questions
Can developers select both Two-way SSL and X-Pay Token for their API Project?
Developers may use both authentication methods and have multiple credentials active per method, though limits do apply (see the bullet points above).
Can the authentication method be different for each environment (Sandbox, Certification, Production)?
Yes. Developers will be able to select different or additional authentication methods in Sandbox, Certification, and Production.
Can the authentication method(s) be changed or added for an existing project?
Yes. This will be available in the Credentials tab of your project. However, please note that Token related projects will continue to require X-Pay Token until Q4 of 2021*
Would any project/ API require both authentication methods or one specific authentication method?
Token related projects will continue to require X-Pay Token until Q4 of 2021*
Are there any pricing implications when selecting an authentication method?
No. X-Pay Token and Two-way SSL are both currently free of charge for API Projects.
Please reach out to firstname.lastname@example.org or comment on this blog for additional information regarding deactivating credentials.
Find this helpful? Leave a comment and let us know what you think!