Menu

Flex API
v2

The
Flex API
v2 suite enables a merchant to ensure secure transmission of payment information captured from client-side code. Integrate your system with
Flex API
v2 to enable
Cybersource
to protect your customer's primary account number (PAN), card verification number (CVN), and other payment information when payment processing activity crosses the Web.
Use the APIs in this suite to secure your customer's payment information, and exchange this sensitive data for a
transient token
. A transient token is a temporary reference to sensitive data that
Cybersource
has securely stored on your behalf. A transient token can be transported and stored safely without adding risk to your PCI DSS burden.
IMPORTANT
The transient token response can be cryptographically validated to ensure that payload injection attacks can be mitigated.
Before you capture the payment data from the client application, generate the context in which the data is to be captured and tokenized. The
capture context
can help you to limit PCI exposure to the context in which it is captured.
After you capture the payment data from the client application, the
Flex API
v2 can secure and tokenize the data:
  • Cybersource
    secures your customer's card data at the device using one-time public encryption keys.
  • Cybersource
    then replaces the card data in the client application form with a transient token. A transient token can only be accessed by the merchant.
After you tokenize the payment information, you can initiate
Cybersource
services that use transient tokens in place of your customer's payment information.
Back to top