The transient token is issued as a JSON Web Token (JWT) (RFC 7519). For information on JSON Web Tokens, see JSON Web Tokens.

The payload portion of the token is a Base64-encoded JSON string and contains various claims. For more information, see JSON Web Tokens.

When you receive the transient token, you should cryptographically verify its integrity using the public key embedded within the capture context. Doing so verifies that

Cybersource

issued the token and that the data has not been tampered with in transit. Verifying the transient token JWT involves verifying the signature and various claims within the token. Programming languages each have their own specific libraries to assist.

For an example in Java, see: Java Example in Github.

Unified Checkout

accepts dual-branded cards. To use this feature, you must include the card networks that have overlapping BIN ranges in the capture context request. For example:

"allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX", "CARTESBANCAIRES"]

When a card number within an overlapping BIN range is entered, the network that is listed first in the value array for the

allowedCardNetworks

field is used. For example, if the card number 403550XXXXXXXXXX is entered, the payment network is Visa.

During the transaction, the card type is populated with the first network in the list, and the

detectedCardTypes

field includes all of the detected card types in the transient token.

The

detectedCardTypes

field is returned in the transient token response only when more than one card type is detected.