Recent Revisions to This Document

About This Guide

VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introduction to REST
- Secure Communication Requirements
- REST Set-Up Workflow

Signing Up for a Sandbox Account

Obtaining a P12 Certificate
- Creating a P12 File
- Testing the Shared Secret Key Pair
- Extracting the Private Key from the P12 Certificate

Obtaining a Shared Secret Key Pair
- Creating a Shared Secret Key Pair
- Testing the Shared Secret Key Pair

Constructing Messages Using JSON Web Tokens
- Elements of a JSON Web Token Message
- Generating the Token Header
- Generating a Hash of the Claim Set
- Generating the Message Body
- Generating a Token Signature
- Generating a JSON Web Token

Constructing Messages Using HTTP Signature Security
- Elements of an HTTP Message
- Generating a Hash of the Message Body
- Generating the Signature Hash
- Updating Header Fields

Enabling Message-Level Encryption
- Message-Level Encryption Using JSON Web Tokens
- Message-Level Encryption Using HTTP Signature Authentication

Going Live
- Creating a Merchant ID
- Activating your Merchant ID

On This Page

REST API

Generating the Token Header

The token header is encrypted with a URL safe base64 algorithm. The following three header fields must be included in the header.

kid: The ID of the key used to digitally sign the JWT.
alg: Algorithm used to sign the token header.
v-c-merchant-id: Merchant ID used in the request transaction. To obtain the merchant ID, see Signing Up for a Sandbox Account.

Example: Token Header

eyJ2LWMtbWVyY2hhbnQtaWQiOiJtZXJjaGFudElEIiwiYWxnIjoiUlMyNTYiLCJraWQiOiI3MDc4NjMzMjg1MjUwMTc3MDQxNDk5In0

Code Example: Generating the Token Header with Python

Encode the header data and then remove any padding added during the encryption process.

import base64

# open file in binary mode
data = b'{"v-c-merchant-id":"merchantID","alg":"RS256","kid":"7078633285250177041499"}'
encoded = base64.urlsafe_b64encode(data)
stripped = encoded.decode('ascii').strip('=')

print(stripped)