Phase 14 completes the GoVisaX platform's public distribution layer — a fully documented, tier-gated Partner API that allows travel agencies, OTAs, and tech platforms to embed GoVisaX visa services into their own products, with zero Visa2Fly exposure at any integration point.
/partner/v1 namespace with HMAC-signed JWT auth.Four production-ready files delivered in Phase 14, completing the public API distribution layer.
| # | File | Type | Layer | Status | Key Responsibilities |
|---|---|---|---|---|---|
| P14-01 | PartnerApiController.java |
Java / Spring Boot | Backend REST | ✅ Delivered | 23 REST endpoints at /partner/v1; MFA JWT auth; rate limiting (Spring Bucket4j); role-based access; V2F reference stripping middleware |
| P14-02 | PartnerSDK.ts |
TypeScript / Node.js | SDK | ✅ Delivered | GoVisaX Node.js Partner SDK; HMAC-SHA256 webhook verification; auto token refresh; sandbox/production env switching; TypeScript interfaces for all 23 endpoints |
| P14-03 | GoVisaX_Phase14_DeveloperPortal.tsx |
React / Next.js | Frontend | ✅ Delivered (this report) | 6-tab interactive developer portal: Quick Start guide, full API Reference with expand/collapse, Live Sandbox (mocked), Webhook Simulator, SDK installation, 3-tier pricing table |
| P14-04 | GoVisaX_Phase14_Report.html |
HTML Report | Documentation | ✅ Delivered (this file) | Complete Phase 14 delivery report; API reference summary; tier pricing; security model; white-label audit; cumulative project manifest |
govisax-partner-sdk), PHP SDK, and Java Maven SDK are scaffolded in SDK comments within PartnerSDK.ts. Full implementation files for Python/PHP/Java were not yet separately generated. These can be Phase 15 deliverables if required by the engineering team.
All 23 partner endpoints grouped by category. Base URL: https://api.govisax.com/partner/v1 (Production) | https://sandbox.govisax.com/partner/v1 (Sandbox)
| Method | Path | Summary | Tier |
|---|---|---|---|
| POST | /auth/token |
Exchange API key + secret for access token (1h TTL, auto-refresh via SDK) | Starter |
| Method | Path | Summary | Tier |
|---|---|---|---|
| GET | /countries |
List all 23 supported destination countries with processing times and visa-on-arrival flags | Starter |
| GET | /countries/{code}/visa-types |
Get available visa types and retail pricing for a specific country | Starter |
| Method | Path | Summary | Tier |
|---|---|---|---|
| POST | /visa/applications |
Submit new visa application; returns GVXB- booking ID and payment link | Starter |
| GET | /visa/applications/{booking_id} |
Get application status, visa document URL (when approved), or rejection reason | Starter |
| GET | /visa/applications |
Paginated list of all applications with status filter | Starter |
| POST | /visa/applications/{booking_id}/documents |
Upload base64-encoded supporting document (passport scan, photo, etc.) | Starter |
| POST | /visa/applications/{booking_id}/cancel |
Cancel in-progress application; triggers refund workflow if eligible | Starter |
| Method | Path | Summary | Tier |
|---|---|---|---|
| GET | /otb/countries |
List 12 Gulf countries with OTB (On-Tap Border) support | Pro |
| POST | /otb/apply |
Submit Gulf border service request; returns GVXO-OTB- booking ID | Pro |
| Method | Path | Summary | Tier |
|---|---|---|---|
| GET | /insurance/plans |
Get IRDAI-compliant insurance plans by destination, duration, and traveller count | Pro |
| POST | /insurance/purchase |
Purchase travel insurance; returns GVXI- booking ID and policy PDF URL | Pro |
| Method | Path | Summary | Tier |
|---|---|---|---|
| GET | /partner/profile |
Partner account details, current tier, rate limits, and commission rate | Starter |
| GET | /partner/commissions |
Paginated commission statement with per-booking breakdown | Starter |
| POST | /partner/webhooks |
Register webhook endpoint for 8 event types; returns webhook ID | Starter |
| GET | /partner/analytics |
Conversion metrics, country breakdown, revenue, and margin analytics | Pro |
| GET | /partner/pricing |
Current pricing for all visa types including partner cost and margin percentage | Starter |
| Method | Path | Summary | Tier |
|---|---|---|---|
| GET | /utils/requirements/{country_code} |
Required documents, photos, and eligibility rules for a country | Starter |
| POST | /utils/eligibility-check |
Pre-check passport eligibility before full application submission | Starter |
| GET | /utils/exchange-rates |
Live INR exchange rates for all supported currencies (refreshed every 6h) | Starter |
| POST | /utils/bulk-price-check |
Check prices for up to 50 visa types in a single API call | Pro |
| GET | /utils/status |
API health check; returns status, version, and response latency | Starter |
| GET | /utils/changelog |
API version changelog and deprecation notices | Starter |
Three tiers govern API access. Tier upgrades are automatic when monthly booking thresholds are crossed. Enterprise requires a signed contract.
| Commission Tier | Monthly Bookings Threshold | Commission Rate | Auto-Upgrade Trigger | GoVisaX Min Margin |
|---|---|---|---|---|
| 🥉 Bronze | 0 – 49 | 20% | After booking #50 in calendar month | ₹99 floor maintained |
| 🥈 Silver | 50 – 199 | 28% | After booking #200 in calendar month | ₹99 floor maintained |
| 🥇 Gold | 200 – 499 | 35% | After booking #500 in calendar month | ₹99 floor maintained |
| 💎 Platinum | 500+ | 42% | Manual review for rates above 42% | ₹99 floor maintained |
GoVisaX dispatches 8 webhook event types to registered partner endpoints. All payloads are signed with HMAC-SHA256 using the partner's webhook secret. Verify every signature before processing.
| Event Type | When Fired | Key Payload Fields |
|---|---|---|
application.submitted |
Application received and queued | booking_id, status, timestamp |
application.processing |
Application under review by authority | booking_id, status, estimated_completion |
application.approved |
Visa approved; document URL ready | booking_id, status, visa_document_url, approved_at |
application.rejected |
Visa application rejected | booking_id, status, rejection_reason |
application.cancelled |
Application cancelled | booking_id, refund_amount_inr, refund_eta_days |
payment.received |
Payment confirmed for an application | booking_id, amount_inr, payment_id, payment_method |
document.uploaded |
Supporting document accepted and validated | booking_id, document_id, document_type, validated |
partner.tier_upgraded |
Partner's commission tier automatically increased | partner_id, old_tier, new_tier, effective_from |
The Partner API layer maintains all 8 white-label isolation controls defined in Phase 1. No Visa2Fly reference can appear in any API response, SDK output, or developer documentation.
visa:read visa:apply otb:apply ins:read ins:purchasevisa2fly_* fields before partner responseRetry-After headerThe DeveloperPortal.tsx is a self-contained Next.js/React component with 6 interactive tabs. No external API calls are made from the portal itself — the sandbox tab makes simulated requests only.
Complete inventory of every file delivered across all 14 phases of the GoVisaX × Visa2Fly integration project.
| Phase | Files | Layer | Coverage Summary |
|---|---|---|---|
| Phase 1 | Integration_Report.html |
Report | Architecture blueprint, visa2fly.com scan, 9-step workflow, API map, 8 WL controls, risk register, 12-week roadmap |
| Phase 2 | MySQL_Schema.sql · MongoDB_Schema.js · Visa2FlyApiClient.java · ApplicationService.java · WebhookHandler.java · application.yml · Report.html | Backend DB + Core | 10 MySQL tables, 8 MongoDB collections, HMAC-SHA256 signing, Resilience4j circuit breaker, retry logic |
| Phase 3 | DocumentService.java · PdfPostProcessingService.java · NotificationService.java · PaymentService.java · ApplicationController.java · application.yml · Report.html | Backend Services | S3/AES-256/DPDP pipeline, PDFBox WL engine, 7-event/3-channel notifications, Razorpay HMAC, 17 REST endpoints |
| Phase 4 | OtbService.java · InsuranceService.java · MyBookings.tsx · Report.html | Backend + Web UI | 12 Gulf OTB countries, IRDAI-compliant insurance, SWR 30s tracking portal |
| Phase 5 | TestSuites.java · SOC2_ControlMapping.yml · Monitoring_GoLive.yml · Report.html | QA + Compliance | JUnit 5 full test suite, SOC2 CC1–CC9 controls, CloudWatch alarms, go-live runbook |
| Phase 6 | InfraStack.ts · CICD_Pipeline.yml · Final_Report.html | Infrastructure | AWS CDK v2 full stack, 7-stage GitHub Actions blue-green, WL smoke test gate, PagerDuty |
| Phase 7 | SubAgentService.java · AgentDashboard.tsx · Report.html | B2B Agent Portal | KYC onboarding, 4-tier commission, wallet, SHA-256 API keys, React agent dashboard |
| Phase 8 | DocValidator.py · Dockerfile · requirements.txt · Report.html | AI/ML Service | Python FastAPI: MRZ extraction, OpenCV photo validation, containerised for ECS |
| Phase 9 | AppNavigator.tsx · AuthStore_ApiClient.ts · HomeCountryScreens.tsx · ApplicationFormScreen.tsx · UploadPaymentScreens.tsx · AppConfig.json · Report.html | Mobile App | Expo SDK 51, SecureStore JWT, silent refresh, Zod validation, camera/gallery/PDF upload, EAS build config |
| Phase 10 | AdminPortal.tsx · AdminController.java · Report.html | Admin Dashboard | Recharts analytics, application queue, pricing editor with 10% markup floor, WL audit log, 14 admin endpoints, MFA JWT |
| Phase 11 | MultiCurrencyService.java · i18n_MultiCurrency.ts · Report.html | Internationalisation | Multi-currency pricing, i18n framework, live exchange rates |
| Phase 12 | LoyaltyService.java · LoyaltyDashboard.tsx · Report.html | Loyalty Engine | GoVisaX Miles earn/redeem, loyalty tier management, customer rewards dashboard |
| Phase 13 | PromoCodeService.java · PromoUI.tsx · MarketingEngine.tsx · Report.html | Marketing | 9 promo types, margin floor guard, SSR/ISR country landing pages, email campaign automation |
| Phase 14 | PartnerApiController.java · PartnerSDK.ts · DeveloperPortal.tsx · Phase14_Report.html | Public Partner API | 23 REST endpoints, Node.js SDK, 6-tab interactive developer portal, 3-tier pricing, webhook simulator |
Three carry-forward items remain from the checkpoint. The following actions are recommended to reach 100% project completion.
govisax-partner-sdk), PHP (govisax/partner-sdk), and Java Maven SDK. Full implementation files with HMAC webhook verification, auto-retry, and typed interfaces need to be generated as separate files. Say "Continue" to trigger Phase 15 if required.
GoVisaX_Phase9_UploadPaymentScreens.tsx (canonical) and GoVisaX_Phase9_PaymentUploadBookings.tsx (prior draft). Engineering team should verify and delete the draft before mobile build submission via EAS.
b2b.visa2fly.com/signup, (2) receiving production API keys, (3) populating AWS Secrets Manager with visa2fly/prod/api-key and visa2fly/prod/api-secret. This is the critical path blocker for go-live.
cdk deploy GoVisaX-Prod — full AWS stack in ~25 minutesmain — 7-stage CI/CD pipeline with mandatory WL scan gate