Getting Started
Prerequisites, tenant configuration, and consent requirements for enabling Visa Click to Pay on your prepaid program.
Prerequisites
Before integrating Click to Pay, ensure the following are in place:
1. Platform Registration
Your customers must be registered on the M2P Prepaid platform with at least one kit assigned.
| Registration API | Description |
|---|---|
POST /registration-manager/v3/register | Single-call registration with card issuance |
POST /registration-manager/v4/register | Structured registration with kit, address, KYC, and date info |
2. Visa CTP Program Enablement
Click to Pay must be enabled for your tenant by the M2P operations team.
CTP is not enabled by default. Contact your M2P account manager to request activation for your tenant. Provide your tenant code and the card programs (BIN ranges) you want to enable for CTP.
3. Kit Assignment
Each card you want to enroll must be assigned to the customer. Use POST /business-entity-manager/addCard if the card was not assigned during registration.
4. API Access
Ensure you have valid API credentials (Basic Auth or JWT) and the correct TENANT header for your program.
Tenant Configuration
The following configuration is required for CTP enablement:
| Configuration | Description | Set By |
|---|---|---|
| CTP Program Flag | Enables CTP APIs for the tenant | M2P Operations |
| Visa VTS Credentials | Visa Token Service integration credentials | M2P Operations |
| Consent Presenter | Default brand name for consent records | Issuer (via M2P) |
| Callback URL | Async notification endpoint for CTP status updates | Issuer (via M2P) |
Consent Requirements
Visa mandates that explicit cardholder consent must be obtained before enrolling a card in Click to Pay.
Consent Object
Every registerEntityAndKit request must include a consent object:
{
"consent": {
"version": "1.0",
"presenter": "YourBrandName",
"timeOfConsent": "2026-05-14T10:23:39.930Z"
}
}| Field | Type | Description |
|---|---|---|
version | String | Version of the consent text shown to the cardholder |
presenter | String | Entity that presented the consent (your brand/program name) |
timeOfConsent | String | ISO 8601 timestamp of when the cardholder agreed |
Consent Best Practices
- Display a clear, unambiguous consent message to the cardholder before enrollment
- Record the consent timestamp on your side for audit purposes
- Allow cardholders to review and withdraw consent at any time
- Use the
removeEntityAPI when a cardholder withdraws consent
M2P does not collect consent on behalf of issuers. The issuer application is responsible for obtaining, recording, and managing cardholder consent.
Environment URLs
| Environment | Base URL |
|---|---|
| SIT | https://sandbox.cardpay.m2p.com |
| UAT | https://uat-api.m2p.com/Yappay |
| Production | https://api.m2p.com/Yappay |
Common Headers
All CTP API requests require these headers:
| Header | Value | Description |
|---|---|---|
Authorization | Basic <credentials> or Bearer <token> | API authentication |
Content-Type | application/json | Request body format |
TENANT | Your tenant code (e.g., ENBDTABBY) | Tenant identification |
Setup Checklist
Confirm CTP enablement
Contact M2P operations to enable Click to Pay for your tenant and card programs.
Configure consent flow
Implement a consent capture UI in your application with version tracking and timestamp recording.
Test in SIT environment
Use the SIT environment to validate the full CTP enrollment flow end-to-end.
Move to UAT
Complete UAT certification with M2P before going live.
Go live
Once UAT is certified, M2P will enable CTP on your production tenant.