API Overview

Digital Accept Secure Integration Developer Guide
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introducing Digital Accept Secure Integration Product Suite

Flex API
- Establishing a Payment Session with a Capture Context
  - REST Example: Establishing a Payment Session with a Capture Context
- Validating the JSON Web Token
  - Retrieving the Public Key ID
  - Retrieving the Public Key
  - JAVA Example: Validating the Transient Token
- Populating the JSON Web Token with Customer Information
  - Constructing the JSON Payload
  - Generating a JSON Web Encryption Data Object
  - Populating the Token Request

Microform Integration v2
- How It Works
- PCI Compliance
- Getting Started
- Accept Card Information
  - Server-Side Setup
    - Capture Context
    - Creating the Server-Side Capture Context
    - Validating the Server-Side Capture Context
  - Client-Side Setup
  - Transient Tokens for Accepting Card Information
    - Transient Token Time Limit
    - Transient Token Response Format
    - Validating the Transient Token
    - Using the Transient Token to Process a Payment
- Accept eCheck Information
  - Server-Side Setup
    - Capture Context
    - Creating the Server-Side Capture Context
    - Validating the Server-Side Capture Context
  - Client-Side Setup
  - Transient Tokens for Accepting eCheck Information
    - Transient Token Time Limit
    - Transient Token Response Format
    - Validating the Transient Token
- Next Steps
  - Styling
  - Events
  - Security Recommendations
- Reference
  - JavaScript API Reference
    - Class: Field
    - Module: FLEX
    - Class: Microform
    - Class: MicroformError
    - Global
  - Capture Context API
    - REST Example: Requesting the Capture Context
  - Getting Started Examples
  - JSON Web Tokens
  - Browser Support
  - PCI DSS Guidance
  - Test Card Numbers

Introduction to Unified Checkout
- Unified Checkout Flow
  - Enabling Unified Checkout in the Business Center
- Server-Side Set Up
  - Capture Context
- Client-Side Set Up
  - Loading the JavaScript Library and Invoking the Accept Function
    - JavaScript Example: Initializing the SDK
  - Adding the Payment Application and Payment Acceptance
    - JavaScript Example: Setting Up with Full Sidebar
    - JavaScript Example: Setting Up with the Embedded Component
- Transient Tokens
  - Transient Token Format
  - Token Verification
  - Support for Dual-Branded Cards
- Authorizations with a Transient Token
  - REST Example: Requesting an Authorization with a Transient Token
- Capture Context API
  - REST Example: Requesting the Capture Context
- Payment Details API
  - REST Example: Retrieving Transient Token Payment Details
- Unified Checkout Configuration
  - Enable Digital Payments
    - Enrolling in Apple Pay
    - Preparing a Device for Testing Apple Pay on Unified Checkout
    - Enabling Click to Pay
    - Enrolling in Google Pay
    - Managing Google Pay Authentication Types
  - Manage Permissions
    - Managing Permissions as a Direct Merchant
    - Managing Permissions as a Portfolio Administrator
- Test Your Unified Checkout Configuration
  - Customer Authentication
    - Set Up Customer Authentication for Visa
    - Authentication Methods
- Unified Checkout UI
  - Apple Pay UI
  - Click to Pay UI
  - Google Pay UI
  - Manual Payment Entry UI
  - Pay with Bank Account UI
  - Paze UI
- JSON Web Tokens
- JavaScript API Reference
  - Class: Accept
  - Class: AcceptError
  - Class: UnifiedPayments
- Supported Countries for Digital Payments
  - Supported Countries for Digital Payments A-D
  - Supported Countries for Digital Payments E-K
  - Supported Countries for Digital Payments L-R
  - Supported Countries for Digital Payments S-Z
- Supported Locales
- Reason Codes
- Test Card Numbers

Introduction to the Click to Pay Drop-In UI
- Click to Pay Customer Workflows
  - Recognized Click to Pay Customer
  - Unrecognized Click to Pay Customer
  - Guest Customer
- Click to Pay Drop-In UI Flow
  - Enabling Unified Checkout in the Business Center
- Server-Side Set Up
  - Capture Context
- Client-Side Set Up
  - Loading the JavaScript Library and Invoking the Accept Function
    - JavaScript Example: Initializing the SDK
  - Adding the Payment Application and Payment Acceptance
    - JavaScript Example: Setting Up with Full Sidebar
    - JavaScript Example: Setting Up with the Embedded Component
- Transient Tokens
  - Transient Token Format
  - Token Verification
  - Support for Dual-Branded Cards
- Capture Context API
  - REST Example: Requesting the Capture Context
- Payment Details API
  - Required Field for Retrieving Transient Token Payment Details
  - REST Example: Retrieving Transient Token Payment Details
- Payment Credentials API
  - Required Field for Retrieving Payment Credentials
  - REST Example: Retrieving Payment Credentials
- Unified Checkout Configuration
  - Upload Your Encryption Key
    - Generate a Public Private Key Pair
    - Uploading Your Key Pair
  - Enable Click to Pay
    - Enabling Click to Pay
  - Manage Permissions
    - Managing Permissions as a Direct Merchant
    - Managing Permissions as a Portfolio Administrator
- Supported Countries for Click to Pay
- Supported Locales

Processing Authorizations with a Transient Token
- Authorization with a Transient Token
  - Required Field for an Authorization with a Transient Token
  - REST Interactive Example: Authorization with a Transient Token
  - REST Example: Authorization with a Transient Token
- Authorization and Creating TMS Tokens with a Transient Token
  - Required Fields for an Authorization and Creating TMS Tokens with a Transient Token
  - REST Interactive Example: Authorization and Creating TMS Tokens with a Transient Token
  - REST Example: Authorization and Creating TMS Tokens with a Transient Token

On This Page

Validating the Transient Token

After receiving the transient token, validate its integrity using the public key embedded within the capture context created at the beginning of this flow. This verifies that Cybersource issued the token and that no data tampering occurred during transit.

Example: Capture Context Public Key

"jwk": {
                "kty": "RSA",
                "e": "AQAB",
                "use": "enc",
                "n": "3DhDtIHLxsbsSygEAG1hcFqnw64khTIZ6w9W9mZNl83gIyj1FVk-H5GDMa85e8RZFxUwgU_zQ0kHLtONo8SB52Z0hsJVE9wqHNIRoloiNPGPQYVXQZw2S1BSPxBtCEjA5x_-bcG6aeJdsz_cAE7OrIYkJa5Fphg9_pxgYRod6JCFjgdHj0iDSQxtBsmtxagAGHjDhW7UoiIig71SN-f-gggaCpITem4zlb5kkRVvmKMUANe4B36v4XSSSpwdP_H5kv4JDz_cVlp_Vy8T3AfAbCtROyRyH9iH1Z-4Yy6T5hb-9y3IPD8vlc8E3JQ4qt6U46EeiKPH4KtcdokMPjqiuQ",
                "kid": "00UaBe20jy9VkwZUQPZwNNoKFPJA4Qhc"    }

Use the capture context public key to cryptographically validate the JWT provided from a successful

microform.createToken

call. You might have to convert the JSON Web Key (JWK) to privacy-enhanced mail (PEM) format for compatibility with some JWT validation software libraries.

The Cybersource SDK has functions that verify the token response. You must verify the response to ensure that no tampering occurs as it passes through the cardholder device. Do so by using the public key generated at the start of the process.

Example: Validating the Transient Token

console.log('Response TransientToken: ' + req.body.transientToken); console.log('Response CaptureContext: ' + 
req.body.captureContext); 
//	Validating Token JWT Against Signature in Capture Context const capturecontext = req.body.captureContext; 
const transientToken = req.body.transientToken; 
// Extracting JWK in Body of Capture Context const ccBody = capturecontext.split('.')[1]; console.log('Body: ' + ccBody); 
const atob = require('atob');
const ccDecodedValue = JSON.parse( atob(ccBody)); const jwk = ccDecodedValue.flx.jwk;

Back to top