Visa just announced to the developer community the general availability of the largest payment network in the form of a developer API ecosystem called Visa Developer. The Visa Developer API is a one-stop-shop for all your payment needs and would serve you in three specific categories:
- Payment Methods – the payment methods (named CyberSource) API lets you do secure payments, simple and easy checkouts, and also do Visa Direct fund transfers.
- General Services – under this section the API allows you to perform generic queries, like figuring out FOREX rates, fetch key attributes of a payment account, locate Visa supported ATMs across the globe, and, of course, validate payment accounts.
- Risk and Fraud – this is the final category in the API sub system that allows you to build payment systems that can protect consumers from fraudulent transactions. It uses geolocation intelligence to locate phone numbers involved in transactions. You can also get instant alerts on the transactions and there is a token service to reduce the risk of fraud using tokens.
There is also a Trial category where Visa would plan to publish APIs only available on the Visa Developer sandbox platform and are not generally available. You can use APIs under this category for experimental purposes and provide feedback to Visa. There is a Micro Transactions API available in the sandbox that you can use to experiment with virtual currency commerce.
You can register with the Visa Developer program to get the API Key and the Shared Secret. You can then use the sandbox to test payment processing. For example, if you are trying to use the CyberSource API to authorize a test payment transaction, you can fire an HTTPS POST against the following URI:
In the POST message, you can form a JSON using amount, currency, payment, and the cardNumber attributes. You also need to add an x-pay-token header which could be generated using your shared secret, the current timestamp, the API URI, the query string parameter, and the POST body.
An important aspect to note is that this code most likely will execute in your backend, so you will have to get your servers PCI compliant to run them.