Flex API v2
Flex APIv2 suite enables a merchant to ensure secure transmission of payment information captured from client-side code. Integrate your system with
Flex APIv2 to enable
Cybersourceto protect your customer's primary account number (PAN), card verification number (CVN), and other payment information when payment processing activity crosses the Web.
Use the APIs in this suite to secure your customer's payment information, and exchange this sensitive data for a
transient token. A transient token is a temporary reference to sensitive data that
Cybersourcehas securely stored on your behalf. A transient token can be transported and stored safely without adding risk to your PCI DSS burden.
The transient token response can be cryptographically validated to ensure that payload injection attacks can be mitigated.
Before you capture the payment data from the client application, generate the context in which the data is to be captured and tokenized. The
capture contextcan help you to limit PCI exposure to the context in which it is captured.
After you capture the payment data from the client application, the
Flex APIv2 can secure and tokenize the data:
- Cybersourcesecures your customer's card data at the device using one-time public encryption keys.
- Cybersourcethen replaces the card data in the client application form with a transient token. A transient token can only be accessed by the merchant.
After you tokenize the payment information, you can initiate
Cybersourceservices that use transient tokens in place of your customer's payment information.