Tech partner guides for onboarding, sandbox setup, and building with Visa Acceptance APIs and embedded components.
3 guides · 2 live · 1 coming soon
Becoming a Tech Partner
Step-by-step guide to applying, getting approved, and activating your Technology Partner account. Covers the portal, agreement types, and your first sandbox.
10 min read
Creating Tech Partner Sandbox
How to set up your partner-level sandbox, provision test credentials, and create merchant sandboxes for integration testing
8 min read
Embeded Components Developer Guide
Full integration reference for Merchant Boarding. Quickstart, OAuth two-step, React example, event handlers, and the production go-live checklist.
15 min quickstart. full guide~30 min read
Looking for the full API reference?
Complete API docs, SDK references, and testing guides live on the Visa Acceptance Developer Center.
DEVELOPER GUIDE
Drop-in UI components for merchant boarding, payments, and account management — running inside your portal. White-labeled to your brand, PCI-scoped by Visa Acceptance, and live in the current Technology Partner pilot.
Pilot scopeMerchant Boarding is live in the current pilot. Flex Microform and Unified Checkout follow in the next phase. |
Two-step OAuth flow, all server-side. Your backend exchanges client credentials for an access_token, then exchanges that for a session-scoped ec_token. The ec_token is the only token that ever reaches your frontend — your client_secret never leaves your backend.
| TOKEN | TTL | SCOPE | WHERE IT LIVES |
|---|---|---|---|
access_token |
15 minutes (no refresh) | Per org_id + solution_id |
Server-side only |
ec_token |
Session | Scoped to a single merchant session | Passed to the frontend SDK |
QUICKSTART
From credentials to a live Merchant Boarding component in your sandbox in under fifteen minutes. Five steps, all copy-pasteable.
Silent failure warningPortfolio admin consent must be granted in EBC2 → Solution Marketplace before credentials will work. Missing consent causes silent auth failures with no useful error message. |
Install the SDK Add @visaacceptance/embed-js to your frontend project. # Install via npm npm install @visaacceptance/embed-js |
Get an access_token (server-side) Exchange your client credentials for an access_token. 15-minute TTL, no refresh — server-side only. // Step 1 — client_credentials grant const oauthRes = await fetch( 'https://apitest.visaacceptance.com/oauth2/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'client_credentials', client_id: process.env.VISA_CLIENT_ID, client_secret: process.env.VISA_CLIENT_SECRET, solution_id: process.env.VISA_SOLUTION_ID, org_id: process.env.VISA_ORG_ID, scope: 'boarding', }), } ); const { access_token } = await oauthRes.json(); |
Exchange for an ec_token Token-exchange grant produces a session-scoped ec_token — the only token your frontend ever sees. // Step 2 — token-exchange grant const ecRes = await fetch( 'https://sandbox.api.visa.com/v1/oauth2/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange', subject_token: access_token, subject_token_type: 'urn:ietf:params:oauth:token-type:access_token', solution_id: process.env.VISA_SOLUTION_ID, org_id: process.env.VISA_ORG_ID, }), } ); const { ec_token } = await ecRes.json(); res.json({ sessionToken: ec_token }); |
Mount the component Pass the ec_token from Step 3. The component renders inside a sandboxed iframe — card data and KYB documents never touch your DOM. // React: mount the boarding component import { VisaMerchantOnboarding } from '@visaacceptance/embed-js/react'; <VisaMerchantOnboarding sessionToken={ec_token} onSuccess={(r) => save(r.org_id)} onError={(e) => show(e)} onSessionTimeout={refresh} /> |
Handle events Three callbacks. All required for production. onSessionTimeout in particular is mandatory — without it, merchants see a frozen form after 15 minutes with no recovery.
|
Go-Live Checklist
Twelve items across four phases. Run them all before flipping environment: 'production'.
Credentials
| Portfolio admin consent granted in EBC2 → Solution Marketplace | |
| EC-scoped OAuth credentials provisioned (client_id, client_secret, solution_id, org_id) | |
| Sandbox transactions verified end to end against a test merchant |
production setup
| Production credentials provisioned and stored in your secret manager | |
| Token rotation implemented (15-min access_token expiry, no refresh — re-issue server-side) | |
| Domain allowlist configured (frontend origins approved by Visa Acceptance) |
testing
| Component states tested: loading, error, validation failure, partial save, success | |
| Theme, locale, and logo configured to match your brand | |
| Mobile rendering verified on iOS Safari and Chrome Android |
going live
| Error and session-timeout handlers implemented and tested | |
| Monitoring and alerts configured for OAuth errors and event-callback failures | |
| Internal documentation updated for your support team |
Security ruleNever expose client_id or client_secret in frontend code. The two-step OAuth always happens server-side. Your frontend only ever receives the scoped ec_token. |
Apply as a Technology Partner to get sandbox access and start integrating.