Developer Guide Menu

Getting Started

Flex Microform consists of a server-side component and a client-side JavaScript library. The server-side component requests limited-use public keys from the Flex API. The client-side JavaScript library seamlessly replaces the sensitive
PAN
field in your input form.

Server-Side Setup

We currently provide server-side Flex SDKs in Java, .Net, and Node.js.
Our server-side SDKs provide two functions:
  • Creating a transaction specific public key whereby the resulting public key is sent to the client side to initiate the Microform.
    When creating the public key for a Flex Microform implementation, you need to specify a targetOrigin. This is the protocol, URL, and if used, port number of the page that will host the Microform. Unless using http://localhost, the protocol must be https://. For example, if serving Microform on example.com, the targetOrigin is "https://example.com."
  • Verifying the token response, after which Flex Microform creates the token, it is passed back through the cardholder's browser. The response needs to be verified because a malicious user may tamper with the token response as it passes through the cardholder device. This function can be completed using the public key that is generated at the start of the process.
Server-side Flex SDKs are available on GitHub .

Client-Side Setup

Add the Flex Microform .js script to your page by loading directly from Cybersource:
                  
For merchants in India, the Production endpoint is
https://flex.in.cybersource.com/cybersource/assets/microform/0.4/flex-microform.min.js

Versioning

Version Numbering
Flex Microform follows Semantic Versioning . This version is 0.4.4; however, Cybersource recommends referencing 0.4 to receive the latest patch versions automatically.
Upgrade Paths
In adherence with our commitment to Semantic Versioning , all efforts will be made to ensure that upgrade paths for
minor
and
patch
releases are backwards-compatible and require no code change.
During initial
0.x.x
releases, if this is not possible, we will provide clear upgrade steps describing any changes required.

Basic Integration

Within your HTML checkout, replace the credit card number
tag with a simple
container. This container will be used by Flex Microform to render iframe containing secured credit card input.
             
Sample Checkout
In the example above, when the customer submits the form, Flex Microform securely collects and attempts to tokenize the card details. If tokenization succeeds, your success callback handler receives the token. This token can then be sent to your server and used with any supporting Cybersource services in place of the PAN.

Token Verification

You can send the token to your server where its integrity can be cryptographically verified using the public key to ensure that it has not been tampered with.

Using the Token

Use the token instead of card data in Cybersource services.
Connection Method
Field in Which to Use Token
Simple Order API
recurringSubscriptionInfo_subscriptionID
SCMP API
subscription_id
Secure Acceptance
payment_token
REST Payments API
(
/pts/v2/payments
)
                    
“paymentInformation”:{ “customer”:{ “customerId”: “7500BB199B4270EFE05340588D0AFCAD” }
Top