On This Page

Capture Context

The capture context request is a signed JSON Web Token (JWT) that includes all of the merchant-specific parameters. This request tells the front-end JavaScript library how to behave within your payment experience. The request provides authentication, one-time keys, the target origin to the
Microform Integration
, in addition to allowed card networks and payment types (card or check). The capture context request includes these elements:
  • allowedCardNetworks
  • allowedPaymentTypes
  • clientVersion
  • targetOrigins
  • transientTokenResponseOptions.includeCardPrefix
For information about JWTs, see JSON Web Tokens.
Target Origin
The target origin is defined by the scheme (protocol), host name (domain), and port number (if used).
You must use the https:// protocol. Sub-domains must also be included in the target origin.
Any valid top-level domain is supported, such as .com, .co.uk, and.gov.br. Wildcards are not supported.
For example, if you are launching
Unified Checkout
 on example.com, the target origin could be any of these values:
You can define the payment cards and digital payments that you want to accept in the capture context.
Allowed Card Networks
Use the
allowedCardNetworks
 field to define the card types.
These card networks are available for card entry:
  • American Express
  • Cartes Bancaires
  • Carnet
  • China UnionPay
  • Diners Club
  • Discover
  • EFTPOS
  • ELO
  • JCB
  • JCrew
  • Mada
  • Maestro
  • Mastercard
  • Meeza
  • Visa
When you integrate with
Microform Integration
 to accept card or
eCheck
 information, you must include at least one card network in the
allowedCardNetworks
 field in the capture context request.
Allowed Payment Types
You can specify the type of
Microform Integration
 you want to accept in the capture context. You can accept card and
eCheck
 information.
Use the
allowedPaymentTypes
 field to define the payment type. Possible values:
  • CARD
  • CHECK
The
allowedPaymentTypes
 field is optional. When this field is provided in the capture context, the
Microform Integration
 defaults the field value to
CARD
 and is returned in the response.
Include Card Prefix
You can control the length of the card number prefix to be received in the response to the capture context (
/sessions
) request:
  • 6 digits
  • 8 digits
  • no prefix at all
To specify your preferred card number prefix length, include or exclude the
transientTokenResponseOptions.includeCardPrefix
 field in the capture context (
/sessions
) request.
If you want to receive a 6-digit card number prefix in the response
  • Do not
     include the
    transientTokenResponseOptions.includeCardPrefix
     field in the capture context (
    /sessions
    ) request.
  • This example shows how a 6-digit card number prefix
    411111
     is returned in the transient token response:
    "maskedValue" : "XXXXXXXXXXXX1111”,
"bin" : "411111"
If you want to receive an 8-digit card number prefix in the response
  • Include the
    transientTokenResponseOptions.includeCardPrefix
     field in the capture context request, and set the value to
    true
    .
    IMPORTANT
    Per PCI DSS requirements, this requirement applies only to card numbers longer than 15 digits and for Discover, JCB, Mastercard, UnionPay, and Visa brands.
    • If the card type entered is not part of these brands, a 6-digit card number prefix is returned instead.
    • If the card type entered is not part of these brands but is
      co-branded
       with these brands, an 8-digit card number prefix is returned.
  • This example shows how an 8-digit card prefix
    41111102
     is returned in the transient token response:
    "maskedValue" : "XXXXXXXXXXXX1111”,
"prefix" : "41111102"
If you do not want to receive a card number prefix in the response
  • Include the
    transientTokenResponseOptions.includeCardPrefix
     field in the capture context request, and set the value to
    false
    .
  • This example shows how a card number is returned without a card number prefix in the transient token response:
    "maskedValue" : "XXXXXXXXXXXX1111"
Best practice:
If your application does not require card number prefix information for routing or identification purposes,
Cybersource
 recommends that you include the
transientTokenResponseOptions.includeCardPrefix
 field in the capture context request and set its value to
false
. Doing so limits the exposure of payment data to only what is necessary for your processing needs.
For more information about PCI DSS, see
Frequently Asked Questions
 on the PCI Security Standards Council site.