m2pfintech
Integration

Onboarding Guide

How to onboard a sponsor bank (tenant) and a partner (entity) in the CardPay multi-tenant platform

Multi-Tenant Architecture

CardPay uses a multi-tenant architecture where each sponsor bank is provisioned as a separate tenant with its own isolated data. Partners of a sponsor bank are configured as entities within that tenant.

How Tenancy Works

  1. Request Header: Every API request carries a TENANT header identifying the sponsor bank.
  2. Tenant Isolation: The platform isolates each tenant's data, ensuring complete separation between sponsor banks.
  3. Dynamic Routing: Requests are automatically routed to the correct tenant context based on the header.
  4. Entity Identification: Within a tenant, a partner/entity is identified by the entity or fromEntityId field in the API request.

Onboarding a Sponsor Bank (Tenant)

Provision the Tenant

M2P provisions a new isolated tenant environment for the sponsor bank, including data storage, configuration, and network connectivity.

Configure Network Credentials

The following credentials are configured for the tenant:

  • API credentials — Visa Direct API username and password
  • Mutual TLS certificates — Keystore with client certificate for secure communication
  • Message Level Encryption (MLE) — Public certificate and private key for JWE encryption (V2 APIs)
  • V2 API credentials — Separate credentials for Visa V2 endpoints (if enabled)

MasterCard Send uses per-partner configuration rather than tenant-level credentials. See the Partner Onboarding section below for details.

Register the Tenant

The tenant is registered in the platform's tenant registry, enabling routing of API requests based on the TENANT header.

Onboarding a New Partner (Entity)

VISA Direct Configuration

Each Visa Direct partner requires the following configuration to be set up by the M2P team:

ParameterDescriptionExample
Business Application IDUse case identifier (AA, PP, FD, CP, etc.)PP (Person-to-Person)
Acquiring BINVisa-assigned BIN for the acquirer/sponsor bankAssigned by Visa
Acquirer Country CodeISO numeric country code of the acquirer356 (India)
Merchant Category CodeMCC identifying the business type6012
Source of Funds CodeIndicates the origin of funds03 (Credit)
Card Acceptor DetailsPartner identification in the Visa ecosystemID, name, terminal, location
MLE EnabledWhether Message Level Encryption is activetrue for V2 APIs
POS Condition CodeTransaction origination context59 (Electronic Commerce)

Multiple use cases per partner

A partner can be configured for multiple Business Application IDs (e.g., PP, FD, CP) — each with its own set of default parameters. The platform automatically selects the correct configuration based on the businessApplicationId in the API request.

MasterCard Send Configuration

MasterCard Send partners require per-partner configuration for API authentication and encryption:

ParameterDescription
OAuth Consumer KeyOAuth 1.0a consumer key for Mastercard API authentication
Signing CertificatePKCS12 file for OAuth signature generation
ICAInterbank Card Association number — identifies the acquiring institution
Processor IDMastercard-assigned processor identifier
Partner IDMastercard-assigned partner ID
Payment TypeType of payment (BDB, P2P, etc.)
Funding SourceHow the transaction is funded (CREDIT, DEBIT, PREPAID)
Encryption KeyPublic key for JWE encryption of request payloads

API version

All MasterCard Send integrations use the Send 2.0 protocol. The platform validates this during request processing.

Per-Entity Settings

The following settings can be configured per partner entity:

SettingDefaultDescription
Network status pollingEnabledAutomatically poll the network for final status of pending transactions
Max polling retries5Maximum number of status check attempts
Auto-failure timeout6 hoursTime after which pending transactions are automatically declined
WebhooksConfigurableEnable real-time event notifications to partner webhook URL

Transaction Identifiers

Every transaction is assigned unique identifiers by the platform:

IdentifierDescription
RRN (Retrieval Reference Number)12-character unique reference for network reconciliation
STAN (Systems Trace Audit Number)6-digit trace number for transaction tracking
Transaction IDPlatform-generated unique identifier

Product Overview

Full capabilities matrix, OCT and AFT deep-dives, eligibility, status check, balance check, and card tokenization

Authentication

How partners authenticate with CardPay, and how CardPay authenticates with Visa and Mastercard networks

On this page

Multi-Tenant Architecture
How Tenancy Works
Onboarding a Sponsor Bank (Tenant)
Provision the Tenant
Configure Network Credentials
Register the Tenant
Onboarding a New Partner (Entity)
VISA Direct Configuration
MasterCard Send Configuration
Per-Entity Settings
Transaction Identifiers