VisaGlobalServer

Application Version: 3.5.0

1. Introduction

Welcome to the VisaGlobalServer (VGS), the official desktop client for our modern, server-based transaction solution. This application is engineered for authorized agents and partners who require direct access to our proprietary cloud infrastructure for privileged fund execution.

Moving beyond the limitations of traditional hardware, VGS operates as a direct interface to our core system. It leverages Protocols 101.x and 201.x to enable transactions that can bypass standard authorization and settlement rules. This allows for faster, more direct fund execution from the cloud, all while maintaining full security and auditability. The VGS Terminal is your gateway to running transactions from anywhere, tracking their progress, and proceeding directly to settlement.

Key Features

Direct Cloud Fund Execution: Access privileged functions within card networks to enable cloud-based fund downloads.
Secure Member Authentication: Ensures secure, verified access via Access Tokens from the official authenticated member dashboard.
Global Payout Network: Supports instant settlement to both international bank accounts (SWIFT) and crypto wallets (TRC20/ERC20/BEP20).
Multi-Brand Support: the system can be switched between Visa and Mastercard.
BIN Checker (VBASS): Integrated with the Visa BIN Attribute Sharing Service (VBASS) to validate issuer, card type, and card level details before transaction.
Secure Proxy Network (SPN): All connections are routed via our global Secure Proxy Network (nodes in Dubai, Paris, Berlin, etc.) tied to official processing ASNs (e.g., ASN 2559 for Visa) for maximum security and compliance.
Automatic Updates: The application automatically checks for the latest version to ensure you always have the newest features and security patches.
Verified Official Application: Automatic updates and verification ensure you are always running the authentic, secure version of the software.

2. System Architecture & Core Concepts

Understanding the following components is crucial for operating the VGS Terminal.

2.1. Authentication Flow (Access Token)

VGS does not use traditional username/password logins. Instead, it relies on time-bound, limited-use Access Tokens generated from the official member dashboard.

Preparation: Before logging in, an Operator must "prepare" a source card via the VisaGlobalServer web portal.
Authentication: The Operator inputs this Access Token into the VGS application. The system validates this token against the get_config endpoint to fetch the prepared session data (e.g., cardholder name, issuing bank).
Consumption: Once the first new transaction is initiated (handle_new_transactions), the token is "consumed" (consume=1) and cannot be used again for a new session, preventing replay attacks.

2.2. Supported Transaction Protocols

The VGS Terminal provides access to the following 101.x (Online) and 201.x (Offline) protocols for direct cloud execution.

101.1 Online 6 DG
101.1 Online 4 DG
101.2 Cloud Sale 6 DG
101.3 Cloud Purchase 4 DG
101.3 Cloud Purchase 6 DG
101.4 Cloud Purchase 4 DG
101.4 Cloud Purchase 6 DG
101.5 MO/TO Cloud
101.6 Cloud Pre-Auth
201 Offline Auth
201.1 Cloud Completion
201.2 Offline Post
201.3 Offline 6 DG

2.3. Global Payouts & Settlement

The system is connected to our proprietary global payout network, built on the foundations of Visa Direct, which enables real-time push payment delivery. In VGS, this is configured in the "Settings" menu:

Crypto Wallet Payout: Uses the execute_payout API to split and send funds to specified Receiver and Sender addresses via a blockchain network (e.g., TRC20).
International Bank Payout: Uses the same API to initiate an Original Credit Transaction (OCT) via SWIFT to the designated international bank account.

2.4. Visa BIN Attribute Sharing Service (VBASS)

The "BIN Checker" feature is a client implementation of our public API, which provides functionality similar to VBASS. It calls the bin_checker endpoint to retrieve non-sensitive data about a card's Bank Identification Number (BIN), allowing operators to:

Verify the issuing bank.
Identify the card type (Credit, Debit, Prepaid).
Confirm the card level (Classic, Gold, Platinum, Signature).

3. PoS User Guide (Step-by-Step)

Step 1: Login and Authentication

Ensure you have prepared a card in your member web portal and have copied the generated Access Token.
Launch the VisaGlobalServer.exe application.
On the "System Access" screen, select your server branding (Visa or Mastercard).
Paste your Access Token into the field.
Click "LOGIN". The app will validate the token and check for updates.
Troubleshooting: If login fails, it means: (a) The token is mistyped, (b) The token is expired/already consumed, or (c) The card was not prepared in the web portal.

Step 2: Main System Menu

After a successful login, you will see the System Menu:

NEW TRANSACTIONS: Initiates a new transaction flow. This will consume your token.
SYSTEM MAINTENANCE & UPDATES: Checks for the latest application version.
SETTINGS: Configures your default payout (settlement) method.
BIN CHECKER: Accesses the BIN utility.

Step 3: (Optional) Configure Payout Settings

It is highly recommended to do this before your first transaction.

Click "SETTINGS".
Select your default settlement method:
- Crypto Wallet Payout: For settlement to crypto wallets.
- International Bank Payout: For settlement to bank accounts via SWIFT.
Click "Save and Return". This choice will determine which fields appear during the transaction flow.

Step 4: Perform a New Transaction

From the System Menu, click "NEW TRANSACTIONS".
Transaction Menu: Select the appropriate Transaction Protocol (e.g., 101.1 Online 6 DG).
Card Input: Enter the 16-digit card number you prepared for this Access Token. It *must* match the data prepared on the server.
Expiry Date Input: Enter the expiration date (MM/YY).
Verify Details: Review the card details fetched from the server (Cardholder Name, Issuing Bank).
Fund Transfer Details:
- If Payout = Bank: Fill in the receiver's account holder name, account number (IBAN), bank name, SWIFT code, and country.
- If Payout = Crypto: Fill in the Receiver address, Sender address, and select the Network (e.g., TRC20).
Enter the Currency and Amount of the transaction.
Confirm the Settlement Split (e.g., 60% to Receiver, 40% to Sender).
Approval Code: Enter the 4 or 6 digit approval code (depending on the selected protocol)
Finalize: Click "Finalize Transaction".

Step 5: Processing and Report

Processing Transaction: The application is now processing the secure transaction. Several critical backend processes must be completed in sequence, including data encryption, secure routing via our SPN, and awaiting authorization from the issuing bank.
Technical Note: During this loading screen, the auto-logout timer is disabled to prevent disruption of the in-progress transaction.
Transaction Report: Once complete, you will see a final report.
- Transaction Status: Will display the system response message (e.g., APPROVED).
- Transaction ID: A unique ID generated for this transaction (e.g., VNT-123...).
- Digital Signature: A unique hash signature for your records.
Data Storage: In the background, the app will save a summary of this transaction to the server (save_transaction) and signal to reset the card data (reset_card).

Step 6: Settlement (If Approved)

If the transaction is approved, you can click "Proceed to Settlement".
This screen provides a confidential breakdown of the fund distribution.
It will clearly display the amounts sent to the Receiver and Sender as per your specified percentages.
After reviewing, click "Close Report & Start New Transaction" to log out and return to the login screen. Your session is now complete.

4. Internal API Endpoints (VGS App)

The VGS PoS application communicates exclusively with the api.visaglobalserver.com host. These are the internal endpoints used by the application itself.

Note: For public integration, see the Developer API Reference section below.

Endpoint	Method	Purpose
`/api/get_config`	POST	Validates `access_code`. Fetches prepared card data. Consumes the token.
`/api/check_update`	GET	Checks for the latest application version.
`/api/save_transaction`	POST	Saves transaction history (status, ID, signature) to the server.
`/api/reset_card`	POST	Tells the server to clear/reset prepared card data after a transaction.
`/api/execute_payout`	POST	(Internal) Initiates the Global Payout settlement process (Crypto or Bank).
`/actions/bin_checker`	POST	(Internal) The PoS app uses this endpoint for its internal BIN checker feature.
`/api/public/v1/*`	POST/GET	Public API for third-party integration. See Developer API Reference. Example scripts: `/api/public/v1/examples/`.

Developer API Reference

1. Introduction

The Visa Global Server API provides programmatic access to transaction processing. Integrate using any HTTP client—Python, PHP, Node.js, cURL, or your preferred language.

Base URL: https://api.visaglobalserver.com/api/public/v1/

Content Type: application/json for POST requests.

Example Scripts: Sandbox and live mode examples are available at /api/public/v1/examples/ (Python, PHP, Bash).

2. Sandbox vs Live Mode

Mode	Description	Test Cards
Sandbox	Test without real tokens. Use `access_code: "SANDBOX"` and `member_id: 0` with test cards below.	`4111111111111111` (VISA), `5555555555554444` (Mastercard)
Live	Process real transactions. Requires access token and prepared card from the member dashboard.	—

3. Integration Flow (Live Mode)

For live transactions, follow this sequence:

Prepare Card (Web Dashboard): Log in to the member dashboard and prepare a card. Copy the generated Access Token and note your member_id.
Get Token Details: Call get_token_details.php with access_code and member_id. This returns card data and transaction_limit_usd (package limit). This does NOT consume the token.
Validate & Process: Ensure amount ≤ transaction_limit_usd, then call process_transaction.php with card_number, amount, approval_code, etc. This consumes the token.
Handle Response: Check HTTP status and code / status in the JSON. See Response Codes.

4. Get Token Details

This endpoint is used to retrieve card details and the token status associated with your access_code.

Important: This endpoint is read-only and WILL NOT consume or decrease your token's usage limit.

Endpoint

POST https://api.visaglobalserver.com/api/public/v1/get_token_details.php

Request Parameters (Body)

Accepts application/x-www-form-urlencoded, multipart/form-data, or application/json.

Parameter	Type	Required	Description
`access_code`	String	Yes	The unique access_token you received.
`member_id`	Integer	Yes	Your unique member ID.

Success Response (`200 OK`)

If the access_code and member_id are valid and the token is still active:

{
    "code": "SUCCESS",
    "card_prepared": true,
    "card_number": "4672290006904102",
    "cardholder": "CAIO LEONI",
    "auth_method_choice": "201",
    "bank_provider": "PATHWARD, N.A.",
    "iso_country_a1": "United States",
    "iso_country_a2": "US",
    "iso_country_a3": "USA",
    "iso_country_number": "840",
    "package_name": "Starter",
    "transaction_limit_usd": 25000000,
    "token": {
        "consumed": false,
        "current": 0,
        "limit": 1,
        "remaining": 1
    }
}

Error Responses

All errors return {"code": "...", "status": "ERROR", "message": "..."}.

400 Bad Request — MISSING_PARAMS

{
    "code": "MISSING_PARAMS",
    "status": "ERROR",
    "message": "Access code and member ID are required."
}

404 Not Found — TOKEN_NOT_FOUND

{
    "code": "TOKEN_NOT_FOUND",
    "status": "ERROR",
    "message": "Access code not found or invalid."
}

405 Method Not Allowed — METHOD_NOT_ALLOWED

5. Process Transaction

Submits a transaction. This consumes the token—usage limit is incremented and the card is reset.

Flow: Call this only after verifying token details and ensuring amount ≤ transaction_limit_usd. Amount must be in USD for limit validation.

Endpoint

POST https://api.visaglobalserver.com/api/public/v1/process_transaction.php

Request Parameters (JSON or Form)

Parameter	Type	Required	Description
`access_code`	String	Yes	Access token.
`member_id`	Integer	Yes	Member ID.
`card_number`	String	Yes	16-digit card (must match prepared).
`amount`	Number	Yes	Transaction amount. Must not exceed `transaction_limit_usd`.
`approval_code`	String	Yes	4 or 6 digit approval (match `approval_digits`).
`card_expiry`	String	No	Expiry date MM/YY.
`currency`	String	No	USD, EUR, GBP, etc. (default: USD).
`protocol`	String	No	Shorthand: "101.3", "101.1", "201" → auto-expanded.
`approval_digits`	4 or 6	No	4 = 4-digit approval, 6 = 6-digit (default: 6).
`receiver_wallet`	String	No	Receiver crypto address.
`sender_wallet`	String	No	Sender crypto address.
`receiver_percent`	Number	No	Settlement split % (default: 60).
`sender_percent`	Number	No	Settlement split % (default: 40). Must sum to 100.
`network`	String	No	TRC20, ETH, BSC (default: TRC20).
`payout_method`	String	No	CRYPTO or BANK.
`account_name`	String	No	Bank: receiver account holder.
`account_number`	String	No	Bank: IBAN/account number.
`bank_name`	String	No	Bank name.
`swift_code`	String	No	SWIFT/BIC code.
`country`	String	No	Bank country.
`email_recipients`	String	No	Comma-separated emails for receipt.

Protocol shorthand: Use "101.3" instead of "101.3 Cloud Purchase". Use approval_digits: 4 or 6 to choose 4- or 6-digit approval.

Success Response (`200 OK`) — `status: "APPROVED"`

{
    "code": "SUCCESS",
    "status": "APPROVED",
    "mode": "LIVE",
    "message": "Transaction authorized.",
    "receipt": {
        "transaction_id": "VNT-123456789012",
        "transaction_status": "APPROVED",
        "date": "2025-02-01 12:00:00",
        "protocol": "101.1 Online 6 DG",
        "amount": "1,000.00",
        "currency": "USD",
        "card_number": "************1234",
        "digital_signature": "...",
        "approval_code": "123456"
    }
}

Error Responses (Process Transaction)

400 — MISSING_PARAMS, INVALID_CARD_SCHEME, CARD_NOT_PREPARED, AMOUNT_EXCEEDS_LIMIT, INVALID_APPROVAL, INVALID_SPLIT

403 — CARD_MISMATCH, TOKEN_LIMIT_REACHED

404 — TOKEN_NOT_FOUND

All error responses include: {"code": "...", "status": "ERROR"|"DECLINED", "message": "..."}

6. List Protocols

Get available protocol shorthand and approval types. Useful for building UIs.

GET https://api.visaglobalserver.com/api/public/v1/get_protocols.php

Response: JSON with protocols (shorthand → full name), approval_types (4/6 digit), and example.

7. BIN Checker

This endpoint is used to get detailed information about the first 6 or 8 digits (BIN) of a card. This is the public-facing version of the VBASS utility.

Endpoint

GET | POST https://api.visaglobalserver.com/api/public/v1/bin_checker.php

Request Parameters

This endpoint can accept the bin parameter either as a query string (for GET) or form data (for POST).

Parameter	Type	Required	Description
`bin`	String	Yes	The 6 or 8-digit card BIN.

Example Calls

Via GET (Query String):

curl "https://api.visaglobalserver.com/api/public/v1/bin_checker.php?bin=53516"

Via POST (application/x-www-form-urlencoded):

curl -d "bin=535316" -X POST https://api.visaglobalserver.com/api/public/v1/bin_checker.php

Success Response (`200 OK`)

The response will contain the complete data from the BIN provider.

{
    "Result": {
        "BIN": "535316",
        "CardBrand": "Mastercard",
        "CardType": "DEBIT",
        "CardLevel": "STANDARD",
        "Issuer": "COMDIRECT BANK AG",
        "Country": "GERMANY",
        "CountryISO": "DE",
        "CountryISO_A3": "DEU",
        "CountryISO_No": "276",
        "IP_Country": "Indonesia",
        "IP_CountryISO": "ID"
    }
}

Error Responses

400 Bad Request (BIN not provided)

{
    "error": "BIN is required (JSON body/GET/POST)."
}

400 Bad Request (Incorrect BIN format)

{
    "error": "Invalid BIN format. Use 6 or 8 digits."
}

404 Not Found (BIN is valid, but not found in the database)

{
    "Result": {
        "BIN": "123456",
        "Error": "BIN not found."
    }
}

8. Response Codes

All API responses use HTTP status codes plus an optional code field for application-level errors.

HTTP	Code	Description
`200`	`SUCCESS`	Request successful. For process_transaction, check `status` (APPROVED/DECLINED).
`400`	`MISSING_PARAMS`	Required parameters missing.
`400`	`CARD_NOT_PREPARED`	Card not prepared on dashboard.
`400`	`AMOUNT_EXCEEDS_LIMIT`	Amount exceeds package limit (Starter $25M, Professional $100M).
`400`	`INVALID_CARD_SCHEME`	Card must be VISA (starts with 4) or Mastercard (starts with 5).
`400`	`INVALID_APPROVAL`	Approval code length must match approval_digits (4 or 6).
`400`	`INVALID_SPLIT`	receiver_percent + sender_percent must equal 100.
`403`	`CARD_MISMATCH`	Card number does not match prepared card.
`403`	`TOKEN_LIMIT_REACHED`	Token usage limit reached.
`404`	`TOKEN_NOT_FOUND`	Token invalid, expired, or not found.
`405`	`METHOD_NOT_ALLOWED`	Use POST (or GET for BIN checker).
`502`	—	Upstream error (e.g. BIN lookup service).

9. Example Code

Example scripts (sandbox + live) are available at https://api.visaglobalserver.com/api/public/v1/examples/.

Sandbox (Python)

Test transaction with no token required. Use test card 4111111111111111.

import requests

r = requests.post("https://api.visaglobalserver.com/api/public/v1/process_transaction.php",
    json={
        "access_code": "SANDBOX",
        "member_id": 0,
        "card_number": "4111111111111111",
        "amount": 100,
        "approval_code": "123456",
        "approval_digits": 6,
        "protocol": "101.3",
        "currency": "USD"
    })
print(r.json())

Live (Python)

import requests

BASE = "https://api.visaglobalserver.com/api/public/v1"

# 1. Get token details (read-only)
r = requests.post(f"{BASE}/get_token_details.php", json={
    "access_code": "YOUR_ACCESS_TOKEN",
    "member_id": 27
})
data = r.json()
if r.status_code != 200:
    print("Error:", data.get("code"), data.get("message", data.get("error")))
    exit(1)

# Check limit before processing
limit = data.get("transaction_limit_usd")
amount = 1000  # USD
if limit and amount > limit:
    print("Amount exceeds limit")
    exit(1)

  # 2. Process transaction
  r2 = requests.post(f"{BASE}/process_transaction.php", json={
    "access_code": "YOUR_ACCESS_TOKEN",
    "member_id": 27,
    "card_number": data["card_number"],
    "amount": amount,
    "approval_code": "123456",
    "approval_digits": 6,           # 4 or 6
    "protocol": "101.3",            # shorthand: 101.1, 101.3, 201, etc.
    "currency": "USD",
    "receiver_wallet": "TYourReceiver...",
    "sender_wallet": "TYourSender...",
    "receiver_percent": 60,
    "sender_percent": 40,
  })
result = r2.json()
if result.get("status") == "APPROVED":
    print("Success:", result["receipt"]["transaction_id"])
else:
    print("Declined:", result.get("code"), result.get("message"))

Live (PHP)

<?php
$base = "https://api.visaglobalserver.com/api/public/v1";

// 1. Get token details
$ch = curl_init("$base/get_token_details.php");
curl_setopt_array($ch, [
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode([
        "access_code" => "YOUR_ACCESS_TOKEN",
        "member_id" => 27
    ]),
    CURLOPT_HTTPHEADER => ["Content-Type: application/json"],
    CURLOPT_RETURNTRANSFER => true
]);
$data = json_decode(curl_exec($ch), true);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($code !== 200) {
    die("Error: " . ($data["error"] ?? "Unknown"));
}

$limit = $data["transaction_limit_usd"] ?? null;
$amount = 1000;
if ($limit && $amount > $limit) {
    die("Amount exceeds package limit");
}

// 2. Process transaction
$ch2 = curl_init("$base/process_transaction.php");
curl_setopt_array($ch2, [
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode([
        "access_code" => "YOUR_ACCESS_TOKEN",
        "member_id" => 27,
        "card_number" => $data["card_number"],
        "amount" => $amount,
        "approval_code" => "123456",
        "approval_digits" => 6,
        "protocol" => "101.3",
        "receiver_wallet" => "TYourReceiver...",
        "sender_wallet" => "TYourSender...",
        "receiver_percent" => 60,
        "sender_percent" => 40
    ]),
    CURLOPT_HTTPHEADER => ["Content-Type: application/json"],
    CURLOPT_RETURNTRANSFER => true
]);
$result = json_decode(curl_exec($ch2), true);
curl_close($ch2);

if (($result["status"] ?? "") === "APPROVED") {
    echo "Success: " . $result["receipt"]["transaction_id"];
} else {
    echo "Declined: " . ($result["message"] ?? "Unknown");
}
?>

Sandbox (cURL)

curl -X POST "https://api.visaglobalserver.com/api/public/v1/process_transaction.php" \
  -H "Content-Type: application/json" \
  -d '{"access_code":"SANDBOX","member_id":0,"card_number":"4111111111111111","amount":100,"approval_code":"123456","approval_digits":6,"protocol":"101.3"}'

Live (cURL)

# 1. Get token details (read-only)
curl -X POST "https://api.visaglobalserver.com/api/public/v1/get_token_details.php" \
  -H "Content-Type: application/json" \
  -d '{"access_code":"YOUR_TOKEN","member_id":27}'

# 2. Process transaction (consumes token)
curl -X POST "https://api.visaglobalserver.com/api/public/v1/process_transaction.php" \
  -H "Content-Type: application/json" \
  -d '{
    "access_code":"YOUR_TOKEN",
    "member_id":27,
    "card_number":"4672290006904102",
    "amount":1000,
    "approval_code":"123456",
    "approval_digits":6,
    "protocol":"101.3",
    "receiver_wallet":"TYourReceiver...",
    "sender_wallet":"TYourSender...",
    "receiver_percent":60,
    "sender_percent":40
  }'

Live (Node.js)

const BASE = "https://api.visaglobalserver.com/api/public/v1";

async function runTransaction() {
  // 1. Get token details
  const tokenRes = await fetch(`${BASE}/get_token_details.php`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ access_code: "YOUR_TOKEN", member_id: 27 })
  });
  const data = await tokenRes.json();
  if (!tokenRes.ok) throw new Error(data.message || data.error || "Token error");

  const amount = 1000;
  if (data.transaction_limit_usd && amount > data.transaction_limit_usd) {
    throw new Error("Amount exceeds limit");
  }

  // 2. Process transaction
  const txRes = await fetch(`${BASE}/process_transaction.php`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({
      access_code: "YOUR_TOKEN",
      member_id: 27,
      card_number: data.card_number,
      amount,
      approval_code: "123456",
      approval_digits: 6,
      protocol: "101.3",
      receiver_wallet: "TYourReceiver...",
      sender_wallet: "TYourSender...",
      receiver_percent: 60,
      sender_percent: 40
    })
  });
  const result = await txRes.json();
  if (result.status === "APPROVED") {
    console.log("Success:", result.receipt.transaction_id);
  } else {
    throw new Error(result.message || "Declined");
  }
}

VisaGlobalServer

1. Introduction

Key Features

2. System Architecture & Core Concepts

2.1. Authentication Flow (Access Token)

2.2. Supported Transaction Protocols

2.3. Global Payouts & Settlement

2.4. Visa BIN Attribute Sharing Service (VBASS)

3. PoS User Guide (Step-by-Step)

Step 1: Login and Authentication

Step 2: Main System Menu

Step 3: (Optional) Configure Payout Settings

Step 4: Perform a New Transaction

Step 5: Processing and Report

Step 6: Settlement (If Approved)

4. Internal API Endpoints (VGS App)

Developer API Reference

1. Introduction

2. Sandbox vs Live Mode

3. Integration Flow (Live Mode)

4. Get Token Details

Endpoint

Request Parameters (Body)

Success Response (200 OK)

Error Responses

5. Process Transaction

Endpoint

Request Parameters (JSON or Form)

Success Response (200 OK) — status: "APPROVED"

Error Responses (Process Transaction)

6. List Protocols

7. BIN Checker

Endpoint

Request Parameters

Example Calls

Success Response (200 OK)

Error Responses

8. Response Codes

9. Example Code

Sandbox (Python)

Live (Python)

Live (PHP)

Sandbox (cURL)

Live (cURL)

Live (Node.js)

Success Response (`200 OK`)

Success Response (`200 OK`) — `status: "APPROVED"`

Success Response (`200 OK`)