Recent Revisions to This Document

About This Guide

VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Flex API
- Establish a Payment Session with a Capture Context
  - REST Example: Establishing a Payment Session with a Capture Context
- Validate the JSON Web Token
  - Retrieve the Public Key ID
  - Retrieve the Public Key
  - JAVA Example: Validating the Transient Token
- Populate the JSON Web Token with Customer Information
  - Constructing the JSON Payload
  - Generate a JWE (JSON Web Encryption) Data Object
  - Populate the Token Request

Processing Authorizations with a Transient Token
- Authorization with a Transient Token
  - Required Fields for an Authorization with a Transient Token
  - REST Interactive Example: Authorization with a Transient Token
  - REST Example: Authorization with a Transient Token
- Authorization and Creating TMS Tokens with a Transient Token
  - Required Fields for an Authorization and Creating TMS Tokens with a Transient Token
  - REST Interactive Example: Authorization and Creating TMS Tokens with a Transient Token
  - REST Example: Authorization and Creating TMS Tokens with a Transient Token

On This Page

REST API

Validating the Transient Token

After receiving the transient token, validate its integrity using the public key embedded within the capture context created at the beginning of this flow. This verifies that Cybersource issued the token and that no data tampering occurred during transit. See Example: Capture Context Public Key.

Use the capture context public key to cryptographically validate the JWT provided from a successful

microform.createToken

call. You might have to convert the JSON Web Key (JWK) to privacy-enhanced mail (PEM) format for compatibility with some JWT validation software libraries.

The Cybersource SDK has functions that verify the token response. You must verify the response to ensure that no tampering occurs as it passes through the cardholder device. Do so by using the public key generated at the start of the process.

See Example: Validating the Transient Token.

Back to top