Developer Guide Menu

Getting Started

Flex Microform consists of a server-side component and a client-side JavaScript library. The server-side component requests limited-use public keys from the Flex API. The client-side JavaScript library seamlessly replaces the sensitive 
 field in your input form.

Server-Side Setup

We currently provide server-side Flex SDKs in Java, .Net, and Node.js.
Our server-side SDKs provide two functions:
  • Creating a transaction specific public key whereby the resulting public key is sent to the client side to initiate the Microform.


    When creating the public key for a Flex Microform implementation, you need to specify a targetOrigin. This is the protocol, URL, and if used, port number of the page that will host the Microform. Unless using http://localhost, the protocol must be https://. For example, if serving Microform on, the targetOrigin is ""
  • Verifying the token response, after which Flex Microform creates the token, it is passed back through the cardholder's browser. The response needs to be verified because a malicious user may tamper with the token response as it passes through the cardholder device. This function can be completed using the public key that is generated at the start of the process.
Server-side Flex SDKs are available on  GitHub .

Client-Side Setup

Add the Flex Microform .js script to your page by loading directly from CyberSource:


For merchants in India, the Production endpoint is


Version Numbering
Flex Microform follows  Semantic Versioning . This version is 0.4.4; however, CyberSource recommends referencing 0.4 to receive the latest patch versions automatically.
Upgrade Paths
In adherence with our commitment to  Semantic Versioning , all efforts will be made to ensure that upgrade paths for 
 releases are backwards-compatible and require no code change.
During initial 
 releases, if this is not possible, we will provide clear upgrade steps describing any changes required.

Basic Integration

Within your HTML checkout, replace the credit card number 
 tag with a simple 
 container. This container will be used by Flex Microform to render iframe containing secured credit card input.
Sample Checkout
In the example above, when the customer submits the form, Flex Microform securely collects and attempts to tokenize the card details. If tokenization succeeds, your success callback handler receives the token. This token can then be sent to your server and used with any supporting CyberSource services in place of the PAN.

Token Verification

You can send the token to your server where its integrity can be cryptographically verified using the public key to ensure that it has not been tampered with.

Using the Token

Use the token instead of card data in CyberSource services.
Connection Method
Field in Which to Use Token
Simple Order API
Secure Acceptance
REST Payments API
“paymentInformation”:{ “customer”:{ “customerId”: “7500BB199B4270EFE05340588D0AFCAD” }