Hello @Manu_Ashok, 

 

The Visa Offers Platform (VOP) provides partners access to qualified Visa transaction data of enrolled cardholders. By integrating with the Visa Offers Platform, partners can enhance their own loyalty and offer programs in new and powerful ways. The Visa Offers Platform accesses the VisaNet authorization stream to monitor enrolled cardholder transactions in real time and send relevant notifications to partners. Also, it monitors the settlement stream for settled transactions and sends relevant notifications to the partners. Using these APIs, partners can integrate Visa Offers Platform capabilities and transaction data into their own web and mobile applications.

 

The VOP APIs use mutual SSL authentication and channel encryption, which requires you to obtain a user ID and password as well as, install a PKI certificate issued by Visa. You can get test credentials online in the Application Console for sandbox testing. Production credentials will be supplied to you as part of the production client on-boarding process.

All program providers must be PCI compliant to use Visa’s Web services APIs. A third-party consulting organization must perform a PCI audit on an annual basis in order to demonstrate compliance. Please refer to the PCI Security Compliance Standards for more information.

 

PCI compliance is not required for working in the sandbox environment, as this area only uses test card numbers.

 

If you are looking to integrate with payment methods using token authentication, please look at the following APIs. 

 

CyberSource Payments - https://developer.visa.com/capabilities/cybersource/docs

Visa Checkout - https://developer.visa.com/capabilities/visa_checkout

 

In addition, please check our website for specific APIs relevant to your business case

https://developer.visa.com/

https://developer.visa.com/apibrowser

 

Please let me know if you have any questions. 

 

Thank you, 

Vaibhav 

Hi Vaibhav



Many thanks for the valuable information you have shared. Thanks for connecting me to the Cybersource Payments API documents and they proved to be very helpful at this stage of the project.



My question here is since we do not wish to use the actual card nos on the VOP APIs e.g. say for CardenrollAPI of a customer, instead of sending the card number in request, we wish to send the token and deal with tokens only to identify the member and their transactions. So, is it possible? Considering a use case of cardholder enrolment on VOP, can i

1. Call the Cybersource APIs to get the token no of the cardholder.

2. Then use this token to send request to Enrollment API?



If this is possible, what is the complexity to manage these tokens. Are these fixed token valid throughout the card lifetimne or do they keep changing. I have heard that payment tokens expire after n transactions and in case if one wants to use these tokens, the provisioning and lifecycle management of a token is a project in itself.

Could you please share your thoughts on these as well.

The Visa Token Service (VTS), a new security technology from Visa, replaces sensitive account information, such as the 16-digit primary account number, with a unique digital identifier called a token. The token allows payments to be processed without exposing actual account details.