This section contains the information you need to
set up your server. Initializing
Unified Checkout
within your webpage
begins with a server-to-server call to the sessions API. This step authenticates your
merchant credentials, and establishes how the
Unified Checkout
frontend
components will function. The sessions API request contains parameters that define how
Unified Checkout
performs.
The server-side component provides this information:
A transaction-specific public key is used by the customer's browser to protect
the transaction.
An authenticated context description package that manages the payment experience on
the client side. It includes available payment options such as card networks,
payment interface styling, and payment methods.
The functions are compiled in a JSON Web Token (JWT) object referred to as the
This section contains the information you need to set up your server. Initializing
Unified Checkout
within your webpage begins with a server-to-server call to
the
sessions
API. This step authenticates your merchant
credentials, and establishes how the frontend components will function. The
sessions
API request contains parameters that define how
Unified Checkout
performs.
The server-side component provides this information:
A transaction-specific public key is used by the customer's browser to protect the
transaction.
An authenticated context description package that manages the payment experience on
the client side. It includes available payment options such as card networks,
payment interface styling, and payment methods.
The functions are compiled in a JSON Web Token (JWT) object referred to as the
The capture context request is a signed JSON Web Token
(JWT) that includes all of the merchant-specific parameters. This request tells the
frontend JavaScript library how to behave within your payment experience. The
request provides authentication, one-time keys, the target origin to the
Unified Checkout
integration in addition to allowed card networks and
payment types.
Browser Support
Unified Checkout
supports these browser versions:
Safari 16
Firefox 121
Google Chrome/Chium-based browsers 118
Microsoft Edge 118
Capture Context Example
Use the
targetOrigins
and the
allowedPaymentTypes
fields to define the target origin and
the accepted digital payment methods in your capture context. Use the
completeMandate
to orchestrate follow-on services such as
Payments,
: breaking changes that require code modifications
MINOR
: new features that are backwards compatible
PATCH
: bug fixes and improvements that are backwards compatible
The server controls which SDK version is loaded for each session that you request.
When your server creates a session, the response JWT includes a
clientLibrary
field that contains the full URL to the correct
version of the SDK. Your server parses the JWT, extracts the URL, and passes it to
the frontend to load dynamically.
IMPORTANT
The
clientVersion
field in the session
request is optional. When you do not include this field, the server
automatically resolves the appropriate version for every session. This ensures
that the client-side library and server-side features are compatible.
Cybersource
recommends that you do not include the
clientVersion
field in your request and that you use the
most recent version. When you do this, your integration benefits from new
features, payment methods, and improvements and there are no code changes
required.
Pin to a Version
If you must set your integration to a specific version, you can set the
clientVersion
field to a
MAJOR
version such as
1
, or a
MAJOR.MINOR
version such as
1.2
. The server uses the latest compatible patch release within
that range. This ensures that you continue to receive security fixes and bug
fixes.
IMPORTANT
You cannot pin to a specific patch version
(
MAJOR.MINOR.PATCH
). This ensures that all integrations
receive critical patches.
Cybersource
recommends omitting
clientVersion
from your request unless you have a
specific need for pinned behavior.
