### CyberSource Payment Processing Example (Bash) Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Demonstrates how to perform a payment authorization request using the CyberSource REST API in a sandbox environment. It includes request headers, payload structure, and an example of a successful response. The production endpoint is also provided for reference. ```bash curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -H "Date: Thu, 18 Jul 2019 00:18:03 GMT" \ -H "Host: apitest.cybersource.com" \ -H "Digest: SHA-256=base64_encoded_payload_hash" \ -H "Signature: keyid=\"your_key_id\", algorithm=\"HmacSHA256\", headers=\"host date (request-target) digest v-c-merchant-id\", signature=\"base64_signature\"" \ -d '{ "clientReferenceInformation": { "code": "TC50171_3" }, "processingInformation": { "commerceIndicator": "internet" }, "orderInformation": { "amountDetails": { "totalAmount": "102.21", "currency": "USD" }, "billTo": { "firstName": "John", "lastName": "Doe", "address1": "1 Market St", "locality": "San Francisco", "administrativeArea": "CA", "postalCode": "94105", "country": "US", "email": "test@cybs.com", "phoneNumber": "4158880000" } }, "paymentInformation": { "card": { "number": "4111111111111111", "expirationMonth": "12", "expirationYear": "2031" } } }' # Expected successful response (201 Created) # { # "id": "6307290923096508004002", # "submitTimeUtc": "2021-08-16T18:15:09Z", # "status": "AUTHORIZED", # "reconciliationId": "63072909230", # "clientReferenceInformation": { # "code": "TC50171_3" # }, # "processorInformation": { # "approvalCode": "888888", # "responseCode": "100", # "avs": { # "code": "Y" # } # }, # "orderInformation": { # "amountDetails": { # "authorizedAmount": "102.21", # "currency": "USD" # } # } # } # Production endpoint (change URL after testing) # https://api.cybersource.com/pts/v2/payments ``` -------------------------------- ### CyberSource HTTP Signature Authentication (Bash) Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Provides a step-by-step guide and example for generating HTTP Signature authentication headers required for CyberSource API requests. It illustrates how to construct the signature string, sign it using HMAC-SHA256 with a shared secret key, and include it in the curl request. ```bash # Generate HTTP Signature authentication headers # Step 1: Create the signature string with required headers # Format: "host: apitest.cybersource.com\ndate: Thu, 18 Jul 2019 00:18:03 GMT\n(request-target): post /pts/v2/payments\ndigest: SHA-256=hash\nv-c-merchant-id: merchant_id" # Step 2: Sign with HMAC-SHA256 using shared secret key # signature = base64(HMAC-SHA256(secret_key, signature_string)) # Example using OpenSSL to generate signature echo -n "host: apitest.cybersource.com date: $(date -u +"%a, %d %b %Y %H:%M:%S GMT") (request-target): post /pts/v2/payments digest: SHA-256=$(echo -n '{\"clientReferenceInformation\":{\"code\":\"TEST\"}}' | openssl dgst -sha256 -binary | base64) v-c-merchant-id: your_merchant_id" | \ openssl dgst -sha256 -hmac "your_shared_secret_key" -binary | base64 # Complete request with generated signature curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "v-c-merchant-id: your_merchant_id" \ -H "Date: Thu, 18 Jul 2019 00:18:03 GMT" \ -H "Host: apitest.cybersource.com" \ -H "Digest: SHA-256=RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o=" \ -H "Signature: keyid=\"your_key_id\", algorithm=\"HmacSHA256\", headers=\"host date (request-target) digest v-c-merchant-id\", signature=\"generated_signature_here\"" \ -H "Content-Type: application/json" \ -d '{\"clientReferenceInformation\":{\"code\":\"TEST\"}}' # Authentication failure response (401) # { # "response": { # "rmsg": "Authentication Failed" # } # } ``` -------------------------------- ### Declined Transaction Response Example Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Provides an example of a response object when a transaction is declined by the payment processor. This includes the transaction ID, status, and reasons for the decline. ```json # Response (201 Created but transaction declined) # { # "id": "6307290923096508004004", # "status": "DECLINED", # "errorInformation": { # "reason": "PROCESSOR_DECLINED", # "message": "Declined" # }, # "processorInformation": { # "responseCode": "481" # } # } ``` -------------------------------- ### Declined Transaction Example (cURL) Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Demonstrates a cURL request to process a payment that results in a declined transaction. It includes the request payload and the expected response indicating a declined status. ```shell curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -H "Signature: ..." \ -d '{ "paymentInformation": { "card": { "number": "4000000000000002" } } }' ``` -------------------------------- ### Flex Microform Server-Side Payment Request Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt This snippet shows how to process a payment on the server-side using a token generated by Flex Microform. It demonstrates a cURL command to make a POST request to the Cybersource payments API, including the tokenized card data in the payment information. The example also shows a typical successful response. ```bash # Server-side: Use Flex token in payment request curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -H "Date: Thu, 18 Jul 2019 00:18:03 GMT" \ -H "Signature: ..." \ -d '{ "clientReferenceInformation": { "code": "FLEX_TOKEN_001" }, "processingInformation": { "commerceIndicator": "internet" }, "orderInformation": { "amountDetails": { "totalAmount": "75.50", "currency": "USD" } }, "paymentInformation": { "fluidData": { "value": "7777777777777777" } } }' # Token payment response (201 Created) # { # "id": "6307290923096508004003", # "status": "AUTHORIZED", # "paymentInformation": { # "tokenizedCard": { # "type": "001" # } # } # } ``` -------------------------------- ### JWT Authentication with P12 Certificate Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt This snippet demonstrates the process of generating and using a JWT with a P12 certificate for authenticating API requests to Cybersource. It includes steps for extracting the private key, creating the JWT payload, signing the token, and making an API call. Note that the JWT payload and signature generation are examples and may require specific libraries. ```bash # JWT authentication flow with P12 certificate # Step 1: Extract private key from P12 certificate openssl pkcs12 -in your_certificate.p12 -nocerts -nodes -out private_key.pem -passin pass:your_p12_password # Step 2: Create JWT payload # { # "iss": "your_key_id", # "iat": 1563411483, # "exp": 1563415083, # "aud": "CyberSource", # "jti": "unique_request_id" # } # Step 3: Sign JWT with RS256 algorithm # Example using Node.js # const jwt = require('jsonwebtoken'); # const fs = require('fs'); # const privateKey = fs.readFileSync('private_key.pem'); # const token = jwt.sign(payload, privateKey, { algorithm: 'RS256' }); # Step 4: Make API request with JWT Bearer token curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ5b3VyX2tleV9pZCIsImlhdCI6MTU2MzQxMTQ4MywiZXhwIjoxNTYzNDE1MDgzLCJhdWQiOiJDeWJlclNvdXJjZSIsImp0aSI6InVuaXF1ZV9yZXF1ZXN0X2lkIn0.signature" \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -d '{ "clientReferenceInformation": { "code": "JWT_TEST_001" }, "processingInformation": { "commerceIndicator": "internet" }, "orderInformation": { "amountDetails": { "totalAmount": "50.00", "currency": "USD" } } }' # JWT expiration error (401) # { # "response": { # "rmsg": "JWT token has expired" # } # } ``` -------------------------------- ### Missing Field Error Example Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Illustrates a common error response format indicating that required fields are missing in the API request. This helps developers identify and correct issues with their request payloads. ```json # "reason": "MISSING_FIELD", # "message": "The request is missing one or more required fields", # "details": [ # { # "field": "processingInformation.commerceIndicator", # "reason": "MISSING_FIELD" # }, # { # "field": "orderInformation.amountDetails.totalAmount", # "reason": "INVALID_DATA" # } # ] # } ``` -------------------------------- ### Handle Validation Errors Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Demonstrates how to trigger and interpret a validation error response from the CyberSource API. This example sends an invalid amount, resulting in a 400 Bad Request status code and an error message. ```bash # Example request with validation error curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -H "Signature: ..." \ -d '{ "clientReferenceInformation": { "code": "ERROR_TEST" }, "orderInformation": { "amountDetails": { "totalAmount": "invalid_amount", "currency": "USD" } } }' ``` -------------------------------- ### Sandbox Configuration and Testing Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Instructions for configuring the sandbox environment and performing basic connectivity tests. ```APIDOC ### Sandbox Environment Setup Set the following environment variables to configure your sandbox environment: ```bash export CYBERSOURCE_MERCHANT_ID="testrest" export CYBERSOURCE_KEY="08c94330-f618-42a3-b09d-e1e43be5efda" export CYBERSOURCE_SECRET_KEY="yBJxy6LjM2TmcPGu+GaJrHtkke25fPpUX+UY6/L/1tE=" export CYBERSOURCE_ENDPOINT="https://apitest.cybersource.com" ``` ### Sandbox Connectivity Test Use the following command to test API connectivity with a simple payment request: ```bash curl -X POST $CYBERSOURCE_ENDPOINT/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: $CYBERSOURCE_MERCHANT_ID" \ -H "Date: $(date -u +"%a, %d %b %Y %H:%M:%S GMT")" \ -H "Host: apitest.cybersource.com" \ -d '{ \ "clientReferenceInformation": { \ "code": "SANDBOX_TEST_001" \ }, \ "processingInformation": { \ "commerceIndicator": "internet" \ }, \ "orderInformation": { \ "amountDetails": { \ "totalAmount": "10.00", \ "currency": "USD" \ } \ }, \ "paymentInformation": { \ "card": { \ "number": "4111111111111111", \ "expirationMonth": "12", \ "expirationYear": "2031", \ "securityCode": "123" \ } \ } \ }' ``` ### Test Scenarios with Control Cards CyberSource provides specific card numbers to test various transaction outcomes: - **Success (Visa):** `4111111111111111` - **Decline:** `4000000000000002` - **CVV Failure:** `4000000000000101` - **AVS Failure:** `4000000000000044` - **Fraud Review:** `4000000000000259` ### Production Endpoint To switch to the production environment after certification, update the endpoint: ```bash # export CYBERSOURCE_ENDPOINT="https://api.cybersource.com" # Update merchant credentials to production keys ``` ``` -------------------------------- ### Configure Sandbox Environment Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Sets environment variables for the CyberSource sandbox. This includes merchant ID, API keys, and the sandbox endpoint URL. These are essential for testing integrations without using real financial data. ```bash # Configure sandbox environment with default credentials export CYBERSOURCE_MERCHANT_ID="testrest" export CYBERSOURCE_KEY="08c94330-f618-42a3-b09d-e1e43be5efda" export CYBERSOURCE_SECRET_KEY="yBJxy6LjM2TmcPGu+GaJrHtkke25fPpUX+UY6/L/1tE=" export CYBERSOURCE_ENDPOINT="https://apitest.cybersource.com" ``` -------------------------------- ### Test API Connectivity (Sandbox) Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Performs a basic payment request to test the connectivity and configuration of the CyberSource sandbox environment. It uses environment variables for authentication and sends a simple payment payload. ```bash # Test API connectivity with simple request curl -X POST $CYBERSOURCE_ENDPOINT/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: $CYBERSOURCE_MERCHANT_ID" \ -H "Date: $(date -u +"%a, %d %b %Y %H:%M:%S GMT")" \ -H "Host: apitest.cybersource.com" \ -d '{ "clientReferenceInformation": { "code": "SANDBOX_TEST_001" }, "processingInformation": { "commerceIndicator": "internet" }, "orderInformation": { "amountDetails": { "totalAmount": "10.00", "currency": "USD" } }, "paymentInformation": { "card": { "number": "4111111111111111", "expirationMonth": "12", "expirationYear": "2031", "securityCode": "123" } } }' ``` -------------------------------- ### Payments API Source: https://developer.cybersource.com/api-reference-assets/index Accept payments using a variety of payment types. ```APIDOC ## GET /payments ### Description Retrieves a list of all payment transactions. ### Method GET ### Endpoint /payments ### Parameters #### Query Parameters - **limit** (integer) - Optional - The maximum number of payment records to return. - **offset** (integer) - Optional - The number of payment records to skip before starting to collect the result set. ### Request Example ```json { "example": "GET /payments?limit=10&offset=0" } ``` ### Response #### Success Response (200) - **payments** (array) - A list of payment objects. - **id** (string) - The unique identifier for the payment. - **status** (string) - The current status of the payment. - **amount** (number) - The amount of the payment. - **currency** (string) - The currency of the payment. #### Response Example ```json { "example": { "payments": [ { "id": "pay_12345", "status": "AUTHORIZED", "amount": 100.00, "currency": "USD" } ] } } ``` ``` -------------------------------- ### HTTP Signature Authentication Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Details on how to generate and use HTTP Signature authentication headers for securing API requests with CyberSource. ```APIDOC ## HTTP Signature Authentication ### Description CyberSource uses HTTP Signature authentication to secure API requests. This method involves creating a signature string based on specific request headers and then signing it using a shared secret key with HMAC-SHA256. ### Method All HTTP methods (POST, GET, etc.) ### Endpoint All CyberSource API endpoints. ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body N/A (Authentication is done via headers) ### Request Example (Generating Signature) ```bash # Step 1: Create the signature string with required headers # Format: "host: [host]\ndate: [date]\n(request-target): [method] [path]\ndigest: [digest]\nv-c-merchant-id: [merchant_id]" # Step 2: Sign the signature string with HMAC-SHA256 using your shared secret key # signature = base64(HMAC-SHA256(secret_key, signature_string)) # Example using OpenSSL to generate signature: echo -n "host: apitest.cybersource.com\ndate: $(date -u +"%a, %d %b %Y %H:%M:%S GMT")\n(request-target): post /pts/v2/payments\ndigest: SHA-256=$(echo -n '{"clientReferenceInformation":{"code":"TEST"}}' | openssl dgst -sha256 -binary | base64)\nv-c-merchant-id: your_merchant_id" | \ openssl dgst -sha256 -hmac "your_shared_secret_key" -binary | base64 ``` ### Request Example (Complete Request) ```bash curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "v-c-merchant-id: your_merchant_id" \ -H "Date: Thu, 18 Jul 2019 00:18:03 GMT" \ -H "Host: apitest.cybersource.com" \ -H "Digest: SHA-256=RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o=" \ -H "Signature: keyid=\"your_key_id\", algorithm=\"HmacSHA256\", headers=\"host date (request-target) digest v-c-merchant-id\", signature=\"generated_signature_here" \ -H "Content-Type: application/json" \ -d '{"clientReferenceInformation":{"code":"TEST"}}' ``` ### Response #### Error Response (401 Unauthorized) - **response** (object) - **rmsg** (string) - Error message, e.g., "Authentication Failed" #### Response Example (401 Unauthorized) ```json { "response": { "rmsg": "Authentication Failed" } } ``` ``` -------------------------------- ### Rate Limiting Handling Guidance Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Outlines the strategy for handling rate limiting responses (429 Too Many Requests) from the CyberSource API. It mentions implementing exponential backoff and using the Retry-After header. ```text # Rate limiting handling # If 429 response received, implement exponential backoff # Retry-After header indicates wait time in seconds ``` -------------------------------- ### Create Payment Instrument Token (TMS) Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Creates a payment instrument token using the Token Management Service (TMS) for secure storage and recurring transactions. Requires content-type, merchant ID, date, and signature headers, along with a JSON payload containing card and billing information. ```bash # Create payment instrument token for recurring billing curl -X POST https://apitest.cybersource.com/tms/v1/instrumentidentifiers \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -H "Date: Thu, 18 Jul 2019 00:18:03 GMT" \ -H "Signature: ..." \ -d '{ "card": { "number": "4111111111111111", "expirationMonth": "12", "expirationYear": "2031" }, "billTo": { "firstName": "John", "lastName": "Doe", "address1": "1 Market St", "locality": "San Francisco", "administrativeArea": "CA", "postalCode": "94105", "country": "US", "email": "customer@example.com" } }' ``` -------------------------------- ### Flex Microform Client-Side Tokenization Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt This snippet details the client-side integration of Flex Microform for securely tokenizing payment card information. It covers initializing Flex Microform with a capture context, creating card number and CVV fields, and handling form submission to generate a token. The generated token should then be sent to the server for payment processing. ```html
``` -------------------------------- ### Payment Processing API Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Endpoints for processing payment transactions in both sandbox and production environments, supporting multiple payment processors and authentication methods. ```APIDOC ## POST /pts/v2/payments ### Description Processes a payment transaction through the CyberSource payment gateway. ### Method POST ### Endpoint `https://apitest.cybersource.com/pts/v2/payments` (Sandbox) `https://api.cybersource.com/pts/v2/payments` (Production) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **clientReferenceInformation** (object) - Required - Information about the client making the request. - **code** (string) - Required - A unique reference code for the transaction. - **processingInformation** (object) - Required - Information about the payment processing. - **commerceIndicator** (string) - Required - The type of commerce (e.g., "internet"). - **orderInformation** (object) - Required - Details about the order. - **amountDetails** (object) - Required - Total amount and currency of the order. - **totalAmount** (string) - Required - The total amount of the order. - **currency** (string) - Required - The currency of the order (e.g., "USD"). - **billTo** (object) - Required - Billing address information. - **firstName** (string) - Required - The first name of the bill-to person. - **lastName** (string) - Required - The last name of the bill-to person. - **address1** (string) - Required - The primary street address. - **locality** (string) - Required - The city or locality. - **administrativeArea** (string) - Required - The state or province. - **postalCode** (string) - Required - The postal or ZIP code. - **country** (string) - Required - The country. - **email** (string) - Optional - The email address. - **phoneNumber** (string) - Optional - The phone number. - **paymentInformation** (object) - Required - Payment details. - **card** (object) - Required - Card payment details. - **number** (string) - Required - The card number. - **expirationMonth** (string) - Required - The card expiration month (MM). - **expirationYear** (string) - Required - The card expiration year (YYYY). ### Request Example ```json { "clientReferenceInformation": { "code": "TC50171_3" }, "processingInformation": { "commerceIndicator": "internet" }, "orderInformation": { "amountDetails": { "totalAmount": "102.21", "currency": "USD" }, "billTo": { "firstName": "John", "lastName": "Doe", "address1": "1 Market St", "locality": "San Francisco", "administrativeArea": "CA", "postalCode": "94105", "country": "US", "email": "test@cybs.com", "phoneNumber": "4158880000" } }, "paymentInformation": { "card": { "number": "4111111111111111", "expirationMonth": "12", "expirationYear": "2031" } } } ``` ### Response #### Success Response (201 Created) - **id** (string) - The unique identifier for the transaction. - **submitTimeUtc** (string) - The time the transaction was submitted in UTC. - **status** (string) - The status of the transaction (e.g., "AUTHORIZED"). - **reconciliationId** (string) - The reconciliation identifier. - **clientReferenceInformation** (object) - Client reference information. - **code** (string) - The client reference code. - **processorInformation** (object) - Information from the payment processor. - **approvalCode** (string) - The approval code for the transaction. - **responseCode** (string) - The response code from the processor. - **avs** (object) - Address Verification System (AVS) result. - **code** (string) - The AVS response code. - **orderInformation** (object) - Order information. - **amountDetails** (object) - Amount details. - **authorizedAmount** (string) - The authorized amount. - **currency** (string) - The currency. #### Response Example ```json { "id": "6307290923096508004002", "submitTimeUtc": "2021-08-16T18:15:09Z", "status": "AUTHORIZED", "reconciliationId": "63072909230", "clientReferenceInformation": { "code": "TC50171_3" }, "processorInformation": { "approvalCode": "888888", "responseCode": "100", "avs": { "code": "Y" } }, "orderInformation": { "amountDetails": { "authorizedAmount": "102.21", "currency": "USD" } } } ``` #### Error Response (401 Unauthorized) - **response** (object) - **rmsg** (string) - Error message, e.g., "Authentication Failed" ``` -------------------------------- ### JWT Authentication with P12 Certificate Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt This section details the process of authenticating API requests using JWT signed with a P12 certificate, recommended for production environments. ```APIDOC ## JWT Authentication with P12 Certificate ### Description This endpoint demonstrates how to authenticate API requests using JSON Web Tokens (JWT) signed with a P12 certificate, ensuring secure communication for production environments. ### Method POST ### Endpoint `https://apitest.cybersource.com/pts/v2/payments` ### Parameters #### Request Body - **clientReferenceInformation** (object) - Required - Information about the client. - **code** (string) - Required - A unique code for the client reference. - **processingInformation** (object) - Required - Information about the transaction processing. - **commerceIndicator** (string) - Required - Indicates the type of commerce (e.g., 'internet'). - **orderInformation** (object) - Required - Information about the order. - **amountDetails** (object) - Required - Details about the order amount. - **totalAmount** (string) - Required - The total amount of the order. - **currency** (string) - Required - The currency of the order (e.g., 'USD'). ### Request Example ```bash curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ5b3VyX2tleV9pZCIsImlhdCI6MTU2MzQxMTQ4MywiZXhwIjoxNTYzNDE1MDgzLCJhdWQiOiJDeWJlclNvdXJjZSIsImp0aSI6InVuaXF1ZV9yZXF1ZXN0X2lkIn0.signature" \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -d '{ "clientReferenceInformation": { "code": "JWT_TEST_001" }, "processingInformation": { "commerceIndicator": "internet" }, "orderInformation": { "amountDetails": { "totalAmount": "50.00", "currency": "USD" } } }' ``` ### Response #### Success Response (200) Details of the payment transaction. #### Error Response (401) - **response** (object) - **rmsg** (string) - Error message, e.g., "JWT token has expired". ``` -------------------------------- ### Token Management API (TMS) Source: https://developer.cybersource.com/api-reference-assets/index Replaces sensitive payment data in your environment with a unique identifier. ```APIDOC ## POST /tokens ### Description Creates a new token for sensitive payment data. ### Method POST ### Endpoint /tokens ### Parameters #### Request Body - **card_data** (object) - Required - An object containing the sensitive payment data. - **card_number** (string) - Required - The customer's card number. - **expiration_month** (integer) - Required - The expiration month of the card (1-12). - **expiration_year** (integer) - Required - The expiration year of the card (e.g., 2025). - **security_code** (string) - Optional - The security code (CVV) of the card. ### Request Example ```json { "example": { "card_data": { "card_number": "4111111111111111", "expiration_month": 12, "expiration_year": 2025, "security_code": "123" } } } ``` ### Response #### Success Response (200) - **token_id** (string) - The unique identifier for the created token. #### Response Example ```json { "example": { "token_id": "tok_abcdef1234567890" } } ``` ``` -------------------------------- ### Use Stored Token for Payment (TMS) Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Initiates a payment using a previously stored instrument identifier token. This simplifies recurring transactions by avoiding the need to resend sensitive card details. Requires specific headers and a JSON payload including the token ID. ```bash # Use stored token for payment curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -H "Signature: ..." \ -d '{ "clientReferenceInformation": { "code": "TMS_PAYMENT_001" }, "processingInformation": { "commerceIndicator": "recurring" }, "orderInformation": { "amountDetails": { "totalAmount": "29.99", "currency": "USD" } }, "paymentInformation": { "instrumentIdentifier": { "id": "7010000000016241111" } } }' ``` -------------------------------- ### Flex Microform API Source: https://developer.cybersource.com/api-reference-assets/index Securely tokenize card data by encrypting it on the customer’s device. ```APIDOC ## POST /flex/microform/tokenize ### Description Tokenizes sensitive card data using Flex Microform. ### Method POST ### Endpoint /flex/microform/tokenize ### Parameters #### Request Body - **card_number** (string) - Required - The customer's card number. - **expiration_month** (integer) - Required - The expiration month of the card (1-12). - **expiration_year** (integer) - Required - The expiration year of the card (e.g., 2025). - **security_code** (string) - Optional - The security code (CVV) of the card. ### Request Example ```json { "example": { "card_number": "4111111111111111", "expiration_month": 12, "expiration_year": 2025, "security_code": "123" } } ``` ### Response #### Success Response (200) - **token** (string) - The generated token representing the card data. - **card_type** (string) - The type of card (e.g., Visa, Mastercard). #### Response Example ```json { "example": { "token": "tok_abcdef1234567890", "card_type": "Visa" } } ``` ``` -------------------------------- ### Flex Microform Tokenization Source: https://context7.com/context7/developer_cybersource_api-reference-assets/llms.txt Securely tokenize card data using Flex Microform, which encrypts payment information directly on the client's device before transmission. ```APIDOC ## Flex Microform Tokenization ### Description This section describes how to use Flex Microform for secure payment card data tokenization. It involves client-side encryption of sensitive information before sending it to your server for processing. ### Method POST ### Endpoint `https://apitest.cybersource.com/pts/v2/payments` ### Parameters #### Request Body (for server-side payment processing with token) - **clientReferenceInformation** (object) - Required - Information about the client. - **code** (string) - Required - A unique code for the client reference. - **processingInformation** (object) - Required - Information about the transaction processing. - **commerceIndicator** (string) - Required - Indicates the type of commerce (e.g., 'internet'). - **orderInformation** (object) - Required - Information about the order. - **amountDetails** (object) - Required - Details about the order amount. - **totalAmount** (string) - Required - The total amount of the order. - **currency** (string) - Required - The currency of the order (e.g., 'USD'). - **paymentInformation** (object) - Required - Information about the payment. - **fluidData** (object) - Required - Contains the Flex Microform token. - **value** (string) - Required - The token generated by Flex Microform. ### Request Example (Client-side token generation) ```html
``` ### Request Example (Server-side payment request) ```bash curl -X POST https://apitest.cybersource.com/pts/v2/payments \ -H "Content-Type: application/json" \ -H "v-c-merchant-id: your_merchant_id" \ -H "Date: Thu, 18 Jul 2019 00:18:03 GMT" \ -H "Signature: ..." \ -d '{ "clientReferenceInformation": { "code": "FLEX_TOKEN_001" }, "processingInformation": { "commerceIndicator": "internet" }, "orderInformation": { "amountDetails": { "totalAmount": "75.50", "currency": "USD" } }, "paymentInformation": { "fluidData": { "value": "7777777777777777" } } }' ``` ### Response #### Success Response (201 Created) - **id** (string) - Unique identifier for the payment. - **status** (string) - The status of the payment (e.g., 'AUTHORIZED'). - **paymentInformation** (object) - **tokenizedCard** (object) - **type** (string) - Type of the tokenized card (e.g., '001'). #### Response Example ```json { "id": "6307290923096508004003", "status": "AUTHORIZED", "paymentInformation": { "tokenizedCard": { "type": "001" } } } ``` ```