pilot checkout() {#uctp-get-started-checkout} ======================================= This method performs checkout using the specified digital card or PAN. If successful, the response contains summary checkout information and, conditionally, an encrypted payload signed by the SRC System containing PCI and/or PII data. This method is called after the consumer has chosen a card for checkout from the card list or when the consumer enrolls a new card. To add a card, the partner or merchant must provide the encrypted card object, instead of ID of the digital card identifier, as an input parameter. The card will be enrolled into the SRC system and used for checkout. The checkout() method uses three types of keys: * **JWT validation keys** : The checkout response from vsdk.checkout() is a signed JWT with the payment credentials. The response must be verified server-side by retrieving the RSA public key from `https://api.cybersource.com``/flex/v2/public-keys` using the `kid` from the header of each JWT. `Cybersource` recommends that you do not skip this step, as this verification exposes the integration to payload tampering. For information about JWT validation keys, see [JWT Validation Keys](/docs/cybs/en-us/unified-click-to-pay/developer/all/rest/unified-click-to-pay/uctp-appendix-intro/uctp-keys/uctp-keys-jwt-keys.md ""). * **Client-side PAN encryption keys** : When you add a card to `Unified Click to Pay`, the customer manually enters their card details in the UI. The raw PAN must be JWE-encrypted in the browser before it is passed to checkout(encryptedCard). The encryption key is a per-network RSA JWK from the `/sessions` API response from paymentConfigurations.\[SRCVISA\|SRCMASTERCARD\|SRCAMEX\].panEncryptionKey. The encyrypted key is selected using the PAN's BIN range. For information about client-side PAN encryption keys, see [Client-Side PAN Encryption Keys](/docs/cybs/en-us/unified-click-to-pay/developer/all/rest/unified-click-to-pay/uctp-appendix-intro/uctp-keys/uctp-keys-pan-enc-keys.md ""). * **Token Management MLE keys** : The checkout() response can include PCI/PII data that is in the encryptedPayload field. This data is encrypted by `Cybersource` using the merchant's RSA public key uploaded to the `Cybersource` `Business Center`. The merchant decrypts it server-side using their corresponding private key. For information about Token Management MLE keys, see [Token Management MLE Keys](/docs/cybs/en-us/unified-click-to-pay/developer/all/rest/unified-click-to-pay/uctp-appendix-intro/uctp-keys/uctp-keys-tms-mle-keys.md ""). {#uctp-get-started-checkout_ul_off_3gy_x3c} JavaScript Example ------------------ ``` //sample checkoutParameters const checkoutParameters = { srcDigitalCardId: 'nE5xhI3jQcSis6Vf7IAH-A000000000000US', dpaTransactionOptions: { dpaBillingPreference: 'POSTAL_COUNTRY', dpaAcceptedBillingCountries: ['US', 'CA'], consumerNationalIdentifierRequested: false, merchantCategoryCode: '4829', merchantCountryCode: 'US', merchantOrderId: '8e15ce5c-58a3-4748-acab-71c67432dfa7', paymentOptions: [ { dpaDynamicDataTtlMinutes: 2, dynamicDataType: 'CARD_APPLICATION_CRYPTOGRAM_LONG_FORM' } ] }, payloadTypeIndicatorCheckout: 'FULL' }; // Call checkout const checkoutResponse = await vsdk.checkout(checkoutParameters); // Log the checkout response console.log(checkoutResponse); ``` Syntax ------ Your checkout() request must have this syntax: ``` checkout({ conditional String srcDigitalCardId; conditional JWE<Card> encryptedCard; optional Consumer consumer; optional DpaTransactionOptions dpaTransactionOptions; optional PayloadTypeIndicator payloadTypeIndicatorCheckout; conditional Window windowRef; conditional ComplianceSettings complianceSettings; optional AssuranceData assuranceData; }) ```