API Overview

Token Management Service Developer Guide
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners
- TERMS OF USE APPLICABLE TO CARD NETWORK TOKENS

Introduction to the Token Management Service
- Types of Tokens
  - Instrument Identifier Tokens
  - Customer Tokens
  - Shipping Address Tokens
  - Payment Instrument Tokens
  - Network Tokens

Token Management Service Workflows
- PAN Tokenization Process Using TMS
- Network Token Tokenization Process
- Push Provisioning Process
- Network Token Provisioning for Merchants
- Network Token CIT for Merchants
- Network Token MIT for Merchants
- Network Token Provisioning for Partners
- Network Token CIT for Partners
- Network Token MIT for Partners

Requesting the Token Management Service API
- HTTP Response Headers
- Case Sensitivity
- Metadata
- Patching Considerations
  - Pagination
- Supported Processors
- Test Card Numbers

Token Management Service Onboarding
- Merchant ID Hierarchy
- Merchant ID Registration
- Portfolio MIDs for Partners
- Token Vault Management
  - Configure the Token Vault Settings Using the Business Center
  - Configure the Token Vault Access Using the Business Center
  - Configure Network Tokenization Using the Business Center
- Message-Level Encryption Keys
  - Creating a Message-Level Encryption Key

Network Tokenization
- Network Token Enablement
- Network Token Onboarding—Partner Model
- Network Token Life-Cycle Management
- Network Token Life-Cycle Management Reports
- Manage Webhook Subscriptions
  - Create a Digital Signature Key
  - Create Webhook Subscription
  - Retrieve the Details of a Webhook Subscription
  - Update Webhook Subscription
  - Delete Webhook Subscription
  - Network Token Life-Cycle Management Notification Examples
- Token Requestor IDs

Network Tokens
- Authorize a Payment While Ignoring Network Token
- Update Merchant-Initiated Transaction Authorization Options
- Provision a Network Token for a Card Number
- Provision a Network Token for an Existing Instrument Identifier
- Provision a Network Token for a Customer
- Provision a Network Token for a Token
- Retrieve a Standalone Network Token
- Delete a Standalone Network Token
- Retrieve Network Token Payment Credentials
- Retrieve Network Token AFT Payment Credentials
- Provision a Network Token with Push Provisioning
- Simulate Life-Cycle Management Events
  - Available Fields for Simulating Life-Cycle Management Events
  - REST Example: Simulating Life-Cycle Management Events
- Network Token Provision Failures

Create Multiple Tokens

Instrument Identifier Tokens
- Manage Instrument Identifier Tokens
  - Create an Instrument Identifier
  - Create an Instrument Identifier for Enrollable Network Tokens
  - Create an Instrument Identifier and Network Token Using EMV Tags
  - Retrieve an Instrument Identifier
  - Update an Instrument Identifier
  - Retrieve an Instrument Identifier's Payment Instruments
  - Retrieve an Instrument Identifier with an Unmasked Card Number
  - Delete an Instrument Identifier
- Payments with Instrument Identifier Tokens
  - Create an Instrument Identifier Token with Validated Payment Details
  - Authorize a Payment with an Instrument Identifier
  - Making a Credit with an Instrument Identifier

Payment Instrument Tokens
- Manage Payment Instrument Tokens
  - Create a Payment Instrument
  - Retrieve a Payment Instrument
  - Find Payment Instruments by Card Number
  - Retrieve a Payment Instrument with an Unmasked Card Number
  - Update a Payment Instrument
  - Delete a Payment Instrument
- Payments with Payment Instrument Tokens
  - Authorizing a Payment with a Payment Instrument
  - Making a Credit with a Payment Instrument

Customer Tokens
- Manage Customer Tokens
  - Create a Customer
  - Retrieve a Customer
  - Update a Customer
  - Delete a Customer
  - Retrieve a Customer's Default Payment with an Unmasked Card Number
  - Retrieve a Customer's Default Payment and Shipping Details
- Payments with Customer Tokens
  - Create a Customer Token with Validated Payment Details
  - Authorizing a Payment with a Customer Token
  - Making a Credit with a Customer Token
- Shipping Address Tokens
  - Manage Shipping Address Tokens
  - Create a Customer Shipping Address
  - Add a Default Shipping Address
  - Add a Non-Default Shipping Address
  - Change a Default Shipping Address
  - Retrieve a Customer Shipping Address
  - Retrieve All Customer Shipping Addresses
  - Update a Customer Shipping Address
  - Delete a Customer Shipping Address
  - Payments with Shipping Address Tokens
  - Authorizing a Payment with a Non-Default Shipping Address
- Customer Payment Instruments
  - Manage Customer Payment Instruments
    - Create a Customer Payment Instrument
    - Add a Default Payment Instrument Using Instrument Identifier
    - Add a Default Payment Instrument with Validated Payment
    - Add a Non-Default Payment Instrument Using Instrument Identifier
    - Add a Non-Default Payment Instrument with Validated Payment
    - Change a Customer's Default Payment Instrument
    - Retrieve a Customer Payment Instrument
    - Retrieve a Customer Payment Instrument with an Unmasked Card Number
    - List Payment Instruments for a Customer
    - Update a Customer Payment Instrument
    - Delete a Customer Payment Instrument
  - Payments with Customer Payment Instruments
    - Authorizing a Payment with a Non-Default Payment Instrument
    - Making a Credit with a Non-Default Payment Instrument

Payment Passkey
- Iframe Requirements
- Create Tokenized Card Authentication Options
- Authenticate with Passkey
  - Step 1: Cardholder authentication with FIDO
  - Step 2: Create payment credentials with FIDO data
- Register a Passkey and Authenticate
  - Step 1: Determine FIDO availability
  - Step 2: Cardholder authentication with FIDO
  - Step 3: Create payment credentials with FIDO data
- Step-up Authentication for Registration
  - Step-Up Authentication Methods
  - Step-up Authentication for Web Application or Phone
    - Step 1: Determine FIDO availability
    - Step 2: Cardholder authentication with FIDO
    - Step 3: Create payment credentials with FIDO data
  - Step-up Authentication for External Web Application
    - Step 1: Validate the one-time password code
    - Step 2: Determine FIDO availability
    - Step 3: Cardholder authentication with FIDO
    - Step 4: Create payment credentials with FIDO data
  - Step-up Authentication for One-Time Passwords
    - Step 1: Issuer sends a one-time password code
    - Step 2: Validate the one-time password code
    - Step 3: Determine FIDO availability
    - Step 4: Cardholder authentication with FIDO
    - Step 5: Create payment credentials with FIDO data

Tap to Add Card

Card Art
- Retrieve Card Art

BIN Lookup Service and TMS
- REST Example: Retrieving an Instrument Identifier with BIN Details

Using Token Management Service with Wallet Apps
- Manage Tokens with Wallet Apps
  - Create a New Customer Account
  - Add a New Shipping Address
  - Edit or Delete a Shipping Address
  - Create a New Payment Instrument with the Payments API
  - Edit or Delete a Payment Method
  - Change the Default Payment Method
  - Add a New Payment Method Address
  - View Wallet
- Payments with Tokens and Wallet Apps
  - Authorize a Payment

Reference Information
- Encrypt and Decrypt Data
- HTTP Status Codes

On This Page

Step-up Authentication for Registration

When you request authentication options for a tokenized card, the response indicates which Payment Passkey sequence to take for the current device and token combination:

AUTHENTICATE

AUTHENTICATION_REGISTRATION

STEP_UP_AUTHENTICATION

This section describes what to do when the

action

field in your request to the

/tms/v2/tokenized-cards/{tokenId}
/authentication-options

endpoint returns a value of

STEP_UP_AUTHENTICATION

. When the response returns

STEP_UP_AUTHENTICATION

, the issuer requires additional verification before the device can be approved and passkey registration can proceed. Example verification includes one-time password (OTP), issuer application approval, or phone verification. For information about the Payment Passkey flow, see Payment Passkey.

These step-up options are available:

One-time password (OTP): You can get a one-time password using these methods:
Email OTP
:
stepUpOptions.method
is set to
OTP_EMAIL
.
Issuer account OTP
:
stepUpOptions.method
is set to
OTP_ONLINE_BANKING
.
SMS OTP
:
stepUpOptions.method
is set to
OTP_SMS
.

Issuer Application: You can authenticate in an issuer application using these methods:
Issuer application with backend Visa integration
:
stepUpOptions.method
is set to
APP_TO_APP
.
Issuer application returns issuer authentication code
:
stepUpOptions.method
is set to
APP_TO_APP
.
Issuer 3-D Secure
:
stepUpOptions.method
is set to
APP_TO_APP
and
deviceInformation.platformType
is set to
WEB
.
Phone Issuer: You can authenticate over the phone using these methods:
Cardholder calls issuer call center
:
stepUpOptions.method
is set to
CUSTOMERSERVICE
.
Issuer calls cardholder
:
stepUpOptions.method
is set to
OUTBOUNDCALL
.

Back to top