Generating the Capture Context
Visa Platform ConnectAPI
The first step to Flex API v2 is to generate the context of the customer payment
information that is to be captured and tokenized.
IMPORTANT
Declaring the capture context ensures that no data can be injected
into the process by a malicious actor.
To generate the capture context, use the
/sessions
API endpoint to
specify the payment data to be captured. The API returns a JSON Web Token (JWT) data
object that contains the authentication component of the interactions and the one-time
public encryption keys to which the payment information is to be secured.IMPORTANT
The internal data structure of the JWT can expand to contain
additional data elements. Ensure that your integration and validation rules do not limit
the data elements contained in responses.
Resource
Send a fully authenticated POST request from your backend system to the
/sessions
API:- Test:https://apitest.cybersource.com/flex/v2/sessions
- Production:https://api.cybersource.com/flex/v2/sessions
The resource returns a capture context, which is a JWT date element containing the
keys necessary to encrypt the payment data.
Payment API Fields
This is the list of possible fields to capture and tokenize.
- orderInformation.amountDetails.currency
- orderInformation.amountDetails.totalAmount
- orderInformation.billTo.address1
- orderInformation.billTo.address2
- orderInformation.billTo.administrativeArea
- orderInformation.billTo.buildingNumber
- orderInformation.billTo.company
- orderInformation.billTo.country
- orderInformation.billTo.district
- orderInformation.billTo.email
- orderInformation.billTo.firstName
- orderInformation.billTo.lastName
- orderInformation.billTo.locality
- orderInformation.billTo.phoneNumber
- orderInformation.billTo.postalCode
- orderInformation.shipTo.address1
- orderInformation.shipTo.address2
- orderInformation.shipTo.administrativeArea
- orderInformation.shipTo.buildingNumber
- orderInformation.shipTo.company
- orderInformation.shipTo.country
- orderInformation.shipTo.district
- orderInformation.shipTo.firstName
- orderInformation.shipTo.lastName
- orderInformation.shipTo.locality
- orderInformation.shipTo.postalCode
- paymentInformation.card.expirationMonth
- paymentInformation.card.expirationYear
- paymentInformation.card.number
- paymentInformation.card.securityCode
- paymentInformation.card.type
This example shows the JWT decoded, containing the JSON Web Key (JWK) encryption
keys:
{ "flx" : { "path" : "/flex/v2/tokens", "data" : "NTaTH27qZUlODxRUBEKIrhAAEFAAlrh8y17ghNZnyYVQb8vzBGNPWSmlznzPqC93XfuMJb+s7DTykZ5Q+yjPoF03Blczt5VviIGUcKh60cSgsHI=", "origin" : "https://sl73flxapq002.visa.com:8443", "jwk" : { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "n" : "pFrA5Lsl22p3gNL5iPjBOYEuXs7z9P-dv7AICTGzlgNyNvyfF_tWGaLqS-lf2QgDvVW3cU0mqVxJXLE1FcJZj71d1sgZB1n4irWsqPq54cfwEx425DDFZaiwQ_Fv1v1mAN3TRT2kaQK-_2dYMNLIWHqj93aw_bLTQT_zo1jcaLTRje6xz7T4CqIQZ6KB_W21tcsMDGUbJ-v6yUpY2EmmcLp_vqIpsEBiCNocDGlnvMJdRyhBb8thqiXrZjTLoOoWtiaHoAlLWL3cUoGRVGtWdEf-I-HfPDpO2HBFiFulwbv54Pjac_sVoGFzGglGrwIWB241c95u-bZUedpN_6ig0Q", "kid" : "00SvIaGIfyaw897rDeG9eFdODKaCKc1q" } }, "ctx" : [ { "data" : { "requiredFields" : [ "paymentInformation.card.number" ], "optionalFields" : [ "paymentInformation.card.expirationYear", "paymentInformation.card.expirationMonth", "paymentInformation.card.type", "paymentInformation.card.securityCode" ] }, "type" : "api-0.1.0" } ], "iss" : "Flex API", "exp" : 1614792268, "iat" : 1614791368, "jti" : "rOAksGcp8Bgg6WLj" }