On This Page
REST API
Payment Credentials API
This section contains the information you need to retrieve the full payment credentials
collected by the
Unified Checkout
tool using the payment credentials API. The
payment information is returned in a redundantly signed and encrypted payment object. It uses
the JSON Web Tokens (JWTs) as the data standard for communicating this sensitive data.IMPORTANT
Payment information returned by the
payment-credentials
endpoint will contain Personal Identifiable
Information (PII). Retrieving this sensitive information requires your system to comply with PCI security standards. For more information
on PCI security standards, see: https://www.pcisecuritystandards.org/The response is returned using a JWE data object that is encrypted with your public key
created during the
Unified Checkout
tool's integration. For more information,
see Upload Your Encryption Key.To decrypt the JWE response, use your private key created during the
Unified Checkout
tool's integration. The decrypted content is a JWS data object
containing a JSON payload. This payload can be validated with the Unified Checkout
public signature key.IMPORTANT
When integrating with
Cybersource
APIs, Cybersource
recommends
that you dynamically parse the response for the fields that you are looking
for. Additional fields may be added in the future. You must ensure that your integration can handle new fields that are returned
in the response. While the underlying data structures will not change, you
must also ensure that your integration can handle changes to the order in
which the data is returned.
Cybersource
uses semantic
versioning practices, which enables you to retain backwards compatibility as
new fields are introduced in minor version updates.Endpoint
Production:
GET
https://api.cybersource.com
/flex/v2/payment-credentials/{ReferenceID}
Test:
GET
https://apitest.cybersource.com
/flex/v2/payment-credentials/{ReferenceID}
{ReferenceID}
is
the reference ID returned in the id
field when you created the
payment credentials.Example: Sample Decrypted JWE Data Object
{ // header kid = "zu" cty = "json+pc" }. { // registered claims iss = "https://flex.visa.com" sub = "ps_hpa" // Merchant ID aud = "https://online.MyBank.com" exp = 1683105553 // expiry of payment credentials iat = 1683104035 // timestamp when JWT was created jti = "ae798686-a849-4dfa-836d-43e09cb183a4" // transaction id "paymentInformation": { "tokenizedCard": { "number": "4111111111111111", "expirationMonth": "12", "expirationYear": "2031", "type": "001", "cryptogram": "", "transactionType": "1" } }, "orderInformation": { "amountDetails": { "totalAmount": "102.21", "currency": "USD" }, "billTo": { "firstName": "John", "lastName": "Doe", "address1": "1 Market St", "locality": "san francisco", "administrativeArea": "CA", "postalCode": "94105", "country": "US", "email": "test@cybs.com", "phoneNumber": "4158880000" } } } .SIGNATURE