Skip to content

rubailly/visa-apiMicroservice

Repository files navigation

Introduction to Visa Direct

The innovation race is on in the Financial services industry globally and it has manifested itself through the proliferation of Open API portals.

Networks, processors and banks are launching developer portals and inviting all developers to explore their Open APIs to build their own rendition of the next killer application.

The world of innovation is incredibly fast paced, and it is no longer possible to keep up, if we plan to ‘own’ every layer that makes up our products and services. We need to rely on services from other companies, our partners, or even competitors. While this may sound counterintuitive, there is no other alternative, as missing out on the innovation trends is equivalent to becoming irrelevant in the marketplace.

1.Introduction

Global investment in Fintech ventures tripled to $12.21 billion in 2014, clearly signifying that the digital revolution has arrived in the Financial services sector. It is still unclear whether this presents more of a challenge or an opportunity for the incumbents in the industry.

But established Financial services players are starting to take bold steps to engage with emerging innovations.

It is clear that the digital revolution in Financial services is under way, but the impact on current banking players is not as well defined.

Digital disruption has the potential to shrink the role and relevance of today’s banks, and simultaneously help them create better, faster, cheaper services that make them an even more essential part of everyday life for institutions and individuals.

To make the impact positive, banks are acknowledging that they need to shake themselves out of institutional complacency and recognize that merely navigating waves of regulation and waiting for interest rates to rise won’t protect them from obsolescence.

Emerging themes for banking players

Openness, Collaboration and Investment are the critical themes that emerge for existing banking players if they are to benefit from growth driven by new services and productivity.

Embracing these themes and creating the right foundations creates challenges to the rate of change and approach to risk that are hard- wired into the way banks currently adapt to innovation. This hands an advantage to challengers who only hit regulators’ radar once their new business models have found ways to cherry-pick services and customers.

The concepts of collaboration – or “co-innovation” – are becoming more important within the Financial services and Technology industries. Traditionally, financial services incumbents have been comfortable partnering with others in their own industry - especially where there is an opportunity to share processes or services that are considered “non-core”, and which help all collaborators either reduce their costs or create a new market opportunity.

Today, the concern is that established Financial services players are not doing enough to keep up to speed with this surge in new innovation investment. Legacy technology and the difficulty of deploying new technology fast is a big part of this issue. More worrying is the speed at which these banks implement new technology.

The expectations of a modern consumer have changed dramatically over the last few years, and consumers are asking for services that are more personalized, faster, cheaper, and more easily accessible. The queues at the retail bank branches are getting smaller, and the younger consumers wouldn’t even comprehend a bank that doesn’t have an app. As such, it is no longer enough to offer an app with basic account-based services (look up my balance, view my transactions, deposit my checks, etc.), the app competition has moved on to more innovative features.

Examples

i.) Capital One Bank

The U.S. bank Capital One launched in 2016 a developer portal and new open APIs in a move that signaled a significant shift in open banking platforms.

The new developer portal provides a single point of reference for the bank’s engagement with developers, listing their open APIs. The portal contains all the features that are now considered best practice for developer engagement including self-serve registration and instant API access, sandbox testing environments, documentation, code snippets, and reference applications with sample code.

capitalone

The developer portal gives developers what they are looking for: easy-to-integrate APIs, a robust testing environment, great documentation that is comprehensive and simple, and sample code and reference applications.

Capital One is one of the first banks around theworld going after developers as a new audience.

The portal will also become the home base for Capital One’s open source projects. Capital One’s foray into open source demonstrates both the company’s own internal reliance on APIs, and their willingness to share dev tools with the community.

ii.) Mondo

At Monzo they are building a new kind of bank, built for your smartphone. The company, founded in early 2015, now has over 60 employees. In August 2016 Monzo officially became a regulated bank and will be launching current accounts in a matter of months.

mondo

Over 60,000 people in the UK are using the Monzo app as part of our Beta, on iOS or on Android, with hundreds more joining every day.

iii.) Visa

Visa’s global network just got a whole lot more open for the developer community.

Visa announced in 2016 the launch of Visa Developer, which will enable software application developers to have open access to Visa’s payments technology, products and service. What this means is that, for the first time in Visa’s near 60 years of existence, it is now ensuring its retail payments network is an open platform to be a source that Visa believes will “drive innovation in payments in commerce.”

visa

The goal of the new developer platform is to assist financial institutions, merchants, and technology companies with meeting the demands of consumers and merchants who are increasingly relying on devices to not only shop, but pay and get paid.

The rollout of the new platform will give the software developer community access to Visa’s payments technology, which includes services like: account holder identification, person-to-person payment capabilities, secure in-store and online payments services like Visa Checkout, currency conversion and consumer transaction alerts. More payment capabilities will be added during the year, according to Visa.

The Visa Developer Platform has been a multi-year initiative under the umbrella of Visa’s global product and technology teams. That team has been leading the charge to transform Visa’s payment products and services into APIs for developers to use.

iv.) Mastercard

At the beginning of 2016, the mission for Mastercard was to “move beyond the payment.” The idea was to continue the mission of enabling commerce for every device while at the same time build new ways for companies to build relationships and engagement with customers.

mastercard

This mission of enable and extend is taking a significant step forward from an implementation level. Mastercard announced that it has redeveloped and re-launched its developer platform to make it much easier for developers to integrate Mastercard APIs to handle all kinds of payments integration, customer intelligence, new device types and even financial inclusion.

The Mastercard Developers platform will includes application programming interfaces—some new, some old—and introduces several new features to make it easier to build with Mastercard technology.

2.0 Chamaconekt Visa

As Chamaconekt, we are leveraging on open APIs from Visa Inc. to help us build the next generation of products and services.

This repository integrates Chamaconekt with Visa’s payment system via APIs and brings with it a versatile and secure mobile payment solution powered by Visa.

Why Visa?

Visa is the world's largest global payments company. In 2015, Visa processed $4.9 trillion worth of payment volume on Visa branded cards globally.Visa has 2.4 billion cards in circulation and connects 36 million merchants locations with 14,000 plus financial institutions done approximately 150 million times a day on the globe.

Last year, Visa launched the Visa developer platform.

This was a transformational development for Visa. It is a significant change in the way Visa will design, build and deliver products going forward. It's the first time in Visa's 50 year history that they have made their network, data , risk services , value added services available to partners , clients and others as open APIs.

Visa has built one of the world’s most advanced processing networks. It's capable of handling more than 24,000 transactions per second, with reliability, convenience and security, including fraud protection for consumers and guaranteed payment for merchants.Integrating with Visa brings the advantages of Visa’s global network - security, reliability and global acceptance - and allows consumers to make payments both domestically and internationally.

Visa is giving more people in more places access to electronic payments. From the world’s major cities to remote areas without banks, people are increasingly relying on digital currency along with mobile technology to use their money any time, make purchases online , transfer funds across borders and access basic financial services. All of which makes their lives easier and grows economies.

Chamaconekt can now have an end-to-end platform that can steadily realize its dream for financial inclusion as we embrace innovation, at its best, to deliver superior services in the best way possible to our communities. Kenyans already understand the benefits of mobile payments, and this integration offers them a better way to pay and be paid, with a service which is not limited by the mobile network they have or the handset they use.

What APIs from Visa?

Chamaconekt Visa integrates with Visa Direct APIs from Visa Inc.

Visa Direct uses the push payment capability of Visa’s global payment system to enable new ways for clients and consumers to send money to over one billion eligible Visa accounts.

Visa Direct can be used to create both consumer and business services including person-to-person money transfers and credit card payments as well as corporate and merchant disbursements. The services can be offered over any channel (including personal computers, mobile phones, local bank branches, or ATMs) and can be funded from many sources (including bank accounts or payment cards). Merchants, government entities, or corporations can push payments to Visa accounts to disburse such things as tax refunds, insurance claims, rebates, affiliate and contractor payouts, or expense reimbursements.

Visa Direct also offers the capability to push payments to other U.S. debit networks using the Visa Push Payments Gateway Service (PPGS) and the Funds Transfer APIs. PPGS allows originators to send their PushFundsTransactions (OCTs) and PullFundsTransactions (AFTs) to Visa for routing to multiple U.S. debit networks. The service provides authorization, clearing, settlement, reporting, and exception processing support for debit networks. VisaNet translates and reformats the message into the correct network format, rather than an originator having to develop and maintain transaction formats for each debit network.

Key Features:

  • Push payments to over one billion eligible Visa accounts
  • Fund transfers from a variety of sources
  • Use APIs inside ATM, mobile, web, and in-branch applications

How does it work?

Visa Direct provides Originators (financial institutions and eligible third parties such as person-to-person payment service providers, merchants, corporations, financial technology companies, and service providers) with a mechanism to push payments directly onto Visa cards. This push payment capability is delivered through the use of the Original Credit Transaction (OCT), a Visa network transaction that enables eligible Visa cards to receive push payment credits. Visa Direct Originators can submit OCTs either as ISO-formatted messages through a network endpoint connection or directly into the Visa network as an API call using the Funds Transfer APIs. Originators can use this transaction and the underlying framework of rules and controls to create new consumer- and business-facing services.

How does it work?

As one of the means to fund a push payment, Visa Direct also supports the use of the Account Funding Transaction (AFT), a Visa network transaction that enables funds to be pulled from an eligible Visa card. As with the OCT, Visa Direct Originators can submit AFT transactions as either an ISO message or directly through an API call to the Funds Transfer APIs.

Originators can use the Funds Transfer APIs (or the OCT ISO transaction) to push funds into a Visa account using any source of funds available to them, including a pull from a Visa account or a bank account. The Funds Transfer APIs (or the AFT ISO transaction) can pull funds only from eligible Visa accounts. Once an OCT or AFT transaction is submitted via either method, it travels across the Visa network and uses existing clearing and settlement mechanisms to manage the movement of funds between the sending and receiving issuers.

Why Use It?

Use Visa’s familiar global network and distribution to create an entirely new class of services based on the push payment capability of Visa Direct. Some of the opportunities include:

  • P2P Money Transfer: Send funds to any eligible Visa account
  • Funds Disbursements: Send merchant, government, or corporate funds disbursements to a consumer’s Visa card.
  • Prepaid Load: Load funds to an eligible Visa reloadable prepaid card
  • Credit Card Bill Pay: Pay a Visa credit card bill

Through the mVisa API, Visa Direct also enables mobile-based merchant payments using push payments. mVisa is presently available only in select markets, so contact your Visa representative for details.

Using Visa Direct enables new money transfer services with:

  • Security: Risk controls and straight-through electronic processing capabilities
  • Reliability: The reliability of the Visa network and framework of rules and controls to handle exceptions, manage risk and fraud, and provide value-added services
  • Speed: Receive funds within 30 minutes from Fast Funds recipient issuers
  • Trust: Financial and anti-money laundering standards and ongoing due diligence

Who Can Use It?

  • Issuers
  • Acquirers
  • Merchants
  • Independent Developers
  • Governments and Corporations

3.0 API Design in Chamaconekt Visa

3.1 mVisa

The mVisa API has been optimized to push payments for mobile-to-mobile card-less merchant payments as well as for cash in or cash out to a Visa card.

Using the mVisa API

This capability is currently available only in select markets. Please contact your Visa representative for more information.

- Deposit API

THe Deposit API is an internal API that interacts with Visa's CashInPushPayments POST API

- Withdrawal API

The Withdrawal API is an internal API that interacts with Visa's CashOutPushPayments POST

- Payment API

The Payment API is an internal API that interacts with Visa's MerchantPushPayments POST that

This API is used for payment to small financial institutions for goods or services purchased, either face-to-face or remote.This is leveraged using a mobile phone which clients use to authenticate themselves and also provide payment instructions to the relevant institution. .Each and every institution has a unique ID and can be captured during payment via QR codes , key entry , NFC or other means

Upon receiving the payment instructions, the clients issuer (Bank that provided you your Visa card) sends payment instructions to the instructions bank account.

The institutions acquirer(a bank or financial institution that processes credit or debit card payments on behalf of a merchant) processes the Visa message, creates a record of merchant payment and reverts back with a response message containing the MerchantPushPayments Response Attributes.

An acquiring bank is a bank or financial institution that processes credit or debit card payments on behalf of a merchant.

3.2 Checkout

- Checkout API

The Checkout API is an internal API that interacts with Visa's Get Payment Data API that obtains clients payment information associated with a payment request from a Visa Checkout transaction.ChamaconektVisa processes the data as a convenience.This API retrieves the client's payment information for a particular order.

- Validate-checkout API

The Validate-checkout API is an internal API that interacts with Visa's Update Payment Information API to provide other Chamaconekt microservices with the status of the transaction and final payment amounts a client is making in the Visa Checkout .This API confirms, and if needed modify, the amounts the client specified in the Visa Checkout for a transaction.

3.3 Funds Transfer API v1

The Funds Transfer API pulls funds from a sender’s Visa account (usually to fund a push payment to a recipient’s account) by initiating an Account Funding Transaction.

It can then be followed by a push payment to a recipient’s Visa account that initiates an Original Credit Transaction.

Push payment is a standalone capability and can be used either in conjunction with a pull payment (if the source of funds is a Visa card) or independently (if the source of funds is not a Visa card). Should a push payment be declined, the Funds Transfer API can also be used to return the funds to the sender’s funding source.

Using the Funds Transfer API 1

- PullFundsTransactions POST

This API debits (pulls) funds from a Sender's Visa account in preparation for crediting (pushing) funds to a recipient's account by initiating a financial message called an Account Funding Transaction (AFT).

It initiates an operation for a single operation.

- PullFundsTransactions GET

This API gets the status and details for a specific pull(debit) fund single transaction from a sender's Visa account.

- MultiPullFundsTransactions POST

This API debits (pulls) funds from multiple sender's Visa accounts in preparation for crediting(pushing) funds to one or many recipient’s accounts by initiating an extension of the Account Funding Transaction(AFT) financial message.

This API can be used to submit large API requests with multiple transactions to gain operational effeciencies.

This API is initiated for multiple transactions.

- MultiPullFundsTransactions GET

This API gets the status and details from multiple sender's Visa accounts.

Using the Funds Transfer API 2

- PushFundsTransactions POST

This API credits(pushes) funds to a recipient's Visa account by initiating a financial message called an Original Credit Transaction(OCT).

This is initiated for a single transaction.

- PushFundsTransactions GET

This API gets the status and details for ....

- MultiPushFundsTransactions POST

This API credits(pushes) funds to multiple recepient's Visa accounts.

- MultiPushFundsTransactions GET

This API gets the status and details for a specific MultiPushFundsTransactions POST request

- ReverseFundsTransactions POST

This API credits (pushes back) funds to the sender's Visa account by initiating a financial message called an Accounting Funding Transaction Reversal(AFTR)

ReverseFundsTransactions GET

This API gets the status and details for a specific ReverseFundsTransactions POST request.

- MultiReverseFundsTransactions POST

This API credits(pushes back) funds to multiple sender's Visa accounts by initiating an extension of the Account Funding Transaction Reversal(AFTR) financial message.

- MultiReverseFundsTransactions GET

This API gets the status and details for a MultiReverseFundsTransactions POST request.

3.4 Watch List Screening

The Watch List Screening API provides a score that evaluates how closely an individual's name, city, and country match to entries in the OFAC SDN watch list. It also provides a status value that indicates if Visa would likely decline a cross-border transaction involving this individual.

3.5 Reports (Beta)

The Reports API provides reporting capabilities such as transaction reconciliation data in the API response. The data needed for reconciliation includes both push (OCT) and pull (AFT) transaction details and any exceptions such as chargebacks and reversals. This data is provided to allow you to reconcile the transactions sent by your systems with what was processed through VisaNet and may be used solely for such purposes.

4.0 Implementation

The API service has been described using the goa design language under the directory called design.It has the following files; goagen generates a tool by compiling the command specific code generation algorithm together with the design package.

  • Generate the bootstrap code using goagen goagen bootstrap -d ChamaconektVisa/design

  • Build the code generated from the design go build

  • Run the code ./ChamaconektVisa

How to access the APIs via the CLI(command line) tool.

  • Change into the directory with the CLI

    cd ChamaconektVisa/tool/chamaconektvisa-cli

  • Build the code

    go build

  • Call the code

    ./chamaconektvisa-cli

How to access the Swagger UI for API documentation.

  • Add the following code on resources.go
var _ = Resource("swagger", func() {
	Description("The API Swagger specification")

	Files("/swagger.json", "swagger/swagger.json")
	Files("/swagger-ui/*filepath", "swagger-ui/")
})
  • Clone the swagger-ui from GitHub in your home directory

  • Copy the Swagger UI folder that you cloned above into the project repository

  • Rebuild the code

    go build

  • Relaunch the code

    ./chamaconektvisa

  • The output in the terminal looks like this.

william@william-Compaq-610:~/chamaconekt/gocode/src/ChamaconektVisa$ ./ChamaconektVisa
2017/01/13 16:18:39 [INFO] mount ctrl=Deposit action=Create route=POST /deposit
2017/01/13 16:18:39 [INFO] mount ctrl=Deposit action=Show route=GET /deposit/:id
2017/01/13 16:18:39 [INFO] mount ctrl=Payment action=Create route=POST /payment
2017/01/13 16:18:39 [INFO] mount ctrl=Payment action=Show route=GET /payment/:id
2017/01/13 16:18:39 [INFO] mount ctrl=Swagger files=swagger-ui/ route=GET /swagger-ui/*filepath
2017/01/13 16:18:39 [INFO] mount ctrl=Swagger files=swagger/swagger.json route=GET /swagger.json
2017/01/13 16:18:39 [INFO] mount ctrl=Swagger files=swagger-ui/index.html route=GET /swagger-ui/
2017/01/13 16:18:39 [INFO] mount ctrl=Withdrawal action=Create route=POST /withdrawal
2017/01/13 16:18:39 [INFO] mount ctrl=Withdrawal action=Show route=GET /withdrawal/:id
2017/01/13 16:18:39 [INFO] listen transport=http addr=:8080

Notice there are two new endpoints that our API is exposing; The swagger-ui and the swagger.json . The content of the app package. In the app packages is where the bindings happen between the Go http server and the code.

controllers.go Contains the controller interface type definitions. There is one such interface per resource defined in the design language. The file also contains the code that “mounts” implementations of these controller interfaces onto the service. The exact meaning of “mounting” a controller is discussed further below.

contexts.go Contains the context data structure definitions. Contexts play a similar role to Martini’s martini.Context, goji’s web.C or echo’s echo.Context to take a few arbitrary examples: they are given as first argument to all controller actions and provide helper methods to access the request state and write the response.

hrefs.go Provide global functions for building resource hrefs. Resource hrefs make it possible for responses to link to related resources. goa knows how to build these hrefs by looking at the request path for the resource “canonical” action (by default the show action).

media_types.go Contains the media type data structures used by resource actions to build the responses. There is one such data structure generated per view defined in the design.

user_types.go Contains the data structures defined via the Type design language function. Such types may be used to define request payloads and response media types.

test/ contains test helpers that make it convenient to test the controller code by making it possible to call the action implementations with controller input and validate the resulting media types.

Running locally

Assuming a working Go setup:

go install github.com/chamaconekt/ChamaconektVisa
goa-ChamaconektVisa

Once running goa-ChamaconektVisa listens on port 8080.

5.0 Contributing

How to contribute

We're striving to keep master's history with minimal merge bubbles. To achieve this, we're asking pull requests to be submitted on top of master.

Finding things to work on

The first place to start is always looking over the current github issues for the project you are interested in contributing to.Issues marked with help wanted are usually pretty self contained and a good place to get started. Chamaconekt also uses these same github issues to keep track of what we are working on.If you see any issues that are assigned to a particular person that means someone is currently working on that issue.Of course feel free to make your own issues if you think something needs to be added or fixed.

Basic quality checks

Please ensure that all tests pass before submitting changes.Try to separate logically distinct changes into separate commits and thematically distinct commits into separate pull requests.

Submitting changes

Please sign the Contributor License Agreement. All content, comments, and pull requests must follow the Chamaconekt Community Guidelines

Submit a pull request on top of master

  • Include a descriptive commit message
  • Changes contributed via pull requests should focus on a sigle issues at a time.

At this point you're waiting on us.We like to at least comment on pull requests within one week (and typically, three business days). We may suggest some changes or improvements or alternatives.

6.0 Versioning

We use SemVer for versioning.

7.0 Authors

8.0 License

This project is licensed under the Apache 2.0 License

9.0 Resources

  1. Visa Developer Summit at MWC 2016

  2. Building Microservice Architectures with Go

  3. Principles Of Microservices by Sam Newman

  4. GOTO 2014 • Microservices • Martin Fowler

About

Visa API

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published