Skip to content

Latest commit

 

History

History
88 lines (61 loc) · 5.35 KB

README.md

File metadata and controls

88 lines (61 loc) · 5.35 KB

CyberSource Flex Samples (NodeJS)

This repository provides simple examples demonstrating usage of the CyberSource Flex SDK using either a headless JavaScript call (express-flexjs) or a fully customizable hosted field/microform (express-microform) which is incorporated into your checkout page. For more details on Secure Acceptance Flex visit our Developer Guide at https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken.html

Usage

  1. Clone or download this repository.
  2. cd into either the microform or flexjs directory
  3. Update app.js with your CyberSource sandbox credentials.
  4. Run npm install in the sample you want to try (express-microform or express-flexjs).
  5. Run DEBUG=express-microform:* npm start or DEBUG=express-flexjs:* npm start.
  6. Browse to http://localhost:3000/checkout in your browser

Requirements

  • Node
  • Express
  • NPM

API Reference

While these examples use the JavaScript libraries which we recommend as the most convenient option, you can try out the APIs behind the JavaScript SDKs by visiting our API Reference at https://developer.cybersource.com/api/reference/api-reference.html

Background on PCI-DSS

Storing your customer’s card data can dramatically increase your repeat-customer conversion rate, but can also add additional risk and PCI DSS overhead. You can mitigate these costs by tokenizing card data. CyberSource will store your customer’s card data within secure Visa data centers, replacing it with a token that only you can use.

Secure Acceptance Flexible Token is a secure method for Tokenizing card data, that leaves you in total control of the customer experience. Your customer’s card number is encrypted on their own device - for example inside a browser or native app - and sent directly to CyberSource. This means card data bypasses your systems altogether. This can help you qualify for SAQ A based PCI DSS assessments for web-based integrations, and SAQ A-EP for native app integrations.

You are in total control of the look and feel, with the ability to seamlessly blend the solution in to your existing checkout flow, on web or in-app.

On-device encryption helps to protect your customers from attacks on network middleware such as app accelerators, DLPs, CDNs, and malicious hotspots.

The token can be used in lieu of actual card data in server-side requests for other CyberSource services, for example to make a payment, using our REST APIs: https://developer.cybersource.com/api/reference/api-reference.html

Samples

JavaScript (Flex API) Sample

This sample demonstrates how your checkout form can remain exactly as it is today, with the only addition of a JavaScript call to tokenize the customer's credit card information. This happens directly between their browser and CyberSource, replacing the provided data with a secure PCI-compliant token. This can then be sent to your server along with the other non-PCI order data. This can help achieve PCI-DSS SAQ A-EP level compliance for your application.

Microform Sample

This sample demonstrates how you can replace the sensitive data fields (credit card number) on your checkout form with a field (Flex Microform) hosted entirely on CyberSource servers. This field will accept and tokenize the customer's credit card information directly from their browser on a resource hosted by CyberSource, replacing that data with a secure PCI-compliant token. This can then be sent to your server along with the other non-PCI order data. This can help achieve PCI-DSS SAQ A level compliance for your application as even your client-side code does not contain a mechanism to handle the credit card information.

Generating the Dynamic Key

The sample uses the CyberSource Node SDK to generate the dynamic security key required to initialize the microform. This would be a server-side call in your checkout flow, generally done before you display your checkout page. You can learn more about this API call here : https://developer.cybersource.com/api-reference-assets/index.html#flex_key-generation

Displaying the Microform Secure Fields

The secure hosted microform fields are initialized by calling the CyberSource Flex javascript library, the latest version is

https://flex.cybersource.com/cybersource/assets/microform/0.11/flex-microform.min.js

You can then include these fields in your checkout page, styling them with your own CSS and even hooking into field events. See index.ejs in the sample for examples of this.

Using the Flex Transient Token

You can use the token generated to make a payment with the CyberSource REST API (https://developer.cybersource.com/api-reference-assets/index.html#payments_payments_process-a-payment).

Place the transient token in the transientTokenJwt field:

{
  "clientReferenceInformation": {
    "code": "TC50171_3"
  },
  "processingInformation": {
    "commerceIndicator": "internet"
  },
  "orderInformation": {
    "amountDetails": {
      "totalAmount": "22",
      "currency": "USD"
    },
    "billTo": {
      "firstName": "John",
      "lastName": "Doe"
    }
  },
  "tokenInformation": {
    "transientTokenJwt": ""
  }
}