Read details and FAQ on Visa Developer Platform Production Environment Migration to a New API routing model.
What is happening?
In our effort to provide a high quality API performance, we will be migrating our Production gateway to a direct-routing model. This update should help lower API latency and increase overall performance for all of your VDP integrations. During our migration, we will be changing the infrastructure that hosts our api.visa.com endpoint and will need to update our external domain certificate.
What does this mean for me?
Our Visa Developer integration best practices recommend that client’s trust our endpoints by inspecting their root certificates only. If you are following our best practices, this migration will be completely transparent to your API integrations
We understand that some of our clients need to inspect our leaf or intermediate certificate. These clients will need to pre-trust our new endpoint certificates listed on our Visa Developer PKI page by 10/22/20.
https://developer.visa.com/pages/visa-developer-pki
If you have multiple application environments for multiple Visa API integrations, you will need to pre-trust our new certificates for each of those environments
What happens if I do not take action?
If you are only inspecting our root certificates, no action is needed.
If you are inspecting our leaf or intermediate certificate and do not take action by 10/22/20, your Visa API integrations will be impacted.
Frequently Asked Questions
Can I trust both old and new certificates at the same time?
Yes you can. There will be a period where we will need your environments to contain both our current and new certificates. This will allow us to seamlessly migrate to our new routing model, and account for any unlikely shifts in scheduling.
When can I remove the old certificate?
If you are following our best practices, no certificate removal would be necessary. If you have been inspecting our leaf or intermediate certificate, you will be able to remove the old certificate(s) on 12/01/20.
How can I tell if I am inspecting Visa’s leaf or intermediate certificate?
Your application development, IT, networking, or security organizations should be able to guide you through your specific implementation and configuration
Are these the certificates we use for mTLS authentication?
No. Your mTLS certificates that are used for API authentication are not affected by this migration. Only the certificate that is used to identify our production gateway domain – api.visa.com – is affected
If you have any further questions or need help comment below, use our forum or email us at developer@visa.com
