Company News
Connect with Socket at RSA and BSidesSF 2024
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
By Sarah Gooding - Apr 15, 2024
@cybersource/flex-sdk-web
Advanced tools
- Version published
- Maintainers
- 4
- Weekly downloads
- 1,340
- decreased by-50.2%
- Install size
- 1.03 MB
Weekly downloads
Readme
flex-sdk-web
Storing your customer’s card data dramatically increases your repeat-custom conversion rate, but it can also introduce additional risks along with a PCI DSS overhead - these are mitigated by tokenizing the card data. CyberSource replaces your customer’s card data with a token that can be used only by you.
Secure Acceptance Flexible Token API provides a secure method for tokenizing card data and reducing your PCI DSS burden. Card data is encrypted on the customer’s device and sent directly to CyberSource, bypassing your systems altogether.
This SDK simplifies the client-side integration and enables:
- Full control of the user experience
- Wide range of browser support
- SAQ A-EP eligibility
Table of contents
Installation
Install the package with:
yarn add @cybersource/flex-sdk-web
# or
npm install @cybersource/flex-sdk-web --save
The SDK is exposed as a UMD providing compatibility with most module loader specs or direct use in the browser via a script tag.
How to use
Include in your app
import flex from '@cybersource/flex-sdk-web';
const options = {};
flex.createToken(options, response => {
// use response
});
OR
Include via a script tag
<html>
<body>
<script src="./YOUR_ASSETS_PATH/flex-sdk-web.js"></script>
<script>
var options = {};
FLEX.createToken(options, function(response) {
// use response
});
</script>
</body>
</html>
Docs
Full documentation is located in the /docs folder at the root of the installation directory.
Example Integration
The SDK is non-prescriptive on your payment flow design, making few assumptions about your development stack. It is easily integrated into any front-end setup. Described below is a minimal example for a web app using full page refreshes and form POSTs.
Steps:
- For each transaction a new Flex public key should be fetched prior to rendering the checkout page.
- Refer to the documentation on how to request a key.
- Flex public key is rendered to a JS variable in JWK format.
- On the button click event all payment data is gathered and a token creation call is made using the SDK.
- When the token is created, the value is set on a hidden field and the form is submitted.
- You can use token with follow-on CyberSource services to complete payment (e.g. in the subscription ID field used in the Simple Order API).
<!-- checkout template -->
<html>
<body>
<form id="paymentForm" action="/your/server/endpoint" method="post">
<input type="text" id="cardNumber" />
<input type="text" name="securityCode" />
<input type="text" name="cardExpirationMonth" />
<input type="text" name="cardExpirationYear" />
<select name="cardType">
<option value="001">VISA</option>
<option value="002">MasterCard</option>
<option value="003">AmericanExpress</option>
</select>
<input type="hidden" name="token" />
<button type="button" id="payBtn">Pay Now</button>
</form>
<script>
var jwk = {
/* flex public key in jwk format */
};
</script>
<script src="integration.js"></script>
</body>
</html>
// integration.js
import flex from '@cybersource/flex-sdk-web';
document.querySelector('#payBtn').addEventListener('click', () => {
const options = {
kid: jwk.kid,
keystore: jwk,
encryptionType: 'RsaOaep', // ensure this matches the encryptionType you specified when creating your key
cardInfo: {
cardNumber: document.querySelector('#cardNumber').value,
cardType: document.querySelector('select[name="cardType"]').value,
cardExpirationMonth: document.querySelector('input[name="cardExpirationMonth"]').value,
cardExpirationYear: document.querySelector('input[name="cardExpirationYear"]').value
}
};
flex.createToken(options, response => {
if (response.error) {
alert('There has been an error!');
console.log(response);
return;
}
document.querySelector("input[name='token']").value = response.token;
document.querySelector('#paymentForm').submit();
});
});
Note that the SDK can easily be integrated into a single page application, using AJAX for the key fetch and token submission.
Browser support
- Chrome 37+
- Internet Explorer 11
- Safari 7.1+ *
- iOS Safari 8+ *
- Firefox 34+
- Edge 12+
Note that Safari 10 and below does not support an encryptionType of RsaOaep256
Copyright and license
Code and documentation copyright 2017 CyberSource. Released under the CyberSource SDK License Agreement as detailed in ./LICENSE.md.
FAQs
Easily create payment tokens using Flex API
The npm package @cybersource/flex-sdk-web receives a total of 1,109 weekly downloads. As such, @cybersource/flex-sdk-web popularity was classified as popular.
We found that @cybersource/flex-sdk-web demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Last updated on 08 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
OSI to Lead Discussions on Navigating the Challenges of Doing Business with Open Source
OSI is starting a conversation aimed at removing the excuse of the SaaS loophole for companies navigating licensing and the complexities of doing business with open source.
By Sarah Gooding - Apr 12, 2024
Product
Introducing Dependency Visualization: An Interactive Way to See Dependencies at a Glance
We're introducing dependency visualization for reports - get a quick impression of the state of your dependencies without getting lost in the details.
By Eli Insua - Apr 11, 2024