Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@cybersource/flex-sdk-web

Package Overview
Dependencies
Maintainers
2
Versions
6
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cybersource/flex-sdk-web

Easily create payment tokens using Flex API

  • 0.1.1
  • Source
  • npm
  • Socket score

Version published
Maintainers
2
Created
Source

flex-sdk-web

Storing your customer’s card data dramatically increases your repeat-custom conversion rate, but it can also introduce additional risks along with a PCI DSS overhead - these are mitigated by tokenizing the card data. CyberSource replaces your customer’s card data with a token that can be used only by you.

Secure Acceptance Flexible Token API provides a secure method for tokenizing card data and reducing your PCI DSS burden. Card data is encrypted on the customer’s device and sent directly to CyberSource, bypassing your systems altogether.

This SDK simplifies the client-side integration and enables:

  • Full control of the user experience
  • Wide range of browser support
  • SAQ A-EP eligibility

Table of contents

Status

npm version

Sauce Test Status

Installation

  • Install with npm: npm install @cybersource/flex-sdk-web --save
  • Install with yarn: yarn add @cybersource/flex-sdk-web
  • Download the latest release.

The SDK is exposed as a UMD providing compatibility with most module loader specs or direct use in the browser via a script tag.

How to use

ES6 / ES2015

import flex from 'flex-sdk-web';

flex.createToken({ /* options */ }, (response) => {
  // use response
});

CommonJS

var flex = require('flex-sdk-web');

flex.createToken({ /* options */ }, function(response) {
  // use response
});

AMD (using Require.js)

<script
  data-main="main.js"
  src="//cdnjs.cloudflare.com/ajax/libs/require.js/2.3.1/require.min.js"
></script>
// main.js
require.config({
  paths: {
    flex: 'flex-sdk-web'
  }
});

require(['flex'], function (flex) {
  flex.createToken({ /* options */ }, function(response) {
    // use response
  });
});

Script tag

<html>
  <body>
    <script src="flex-sdk-web.js"></script>
    <script>
      flex.createToken({ /* options */ }, function(response) {
        // use response
      });
    </script>
  </body>
</html>

Docs

Full documentation is located in the /docs folder at the root of the installation directory.

Example Integration

The SDK is non-prescriptive on your payment flow design, making few assumptions about your development stack. It is easily integrated into any front-end setup. Described below is a minimal example for a web app using full page refreshes and form POSTs.

Steps:

  • For each transaction a new Flex public key should be fetched prior to rendering the checkout page. Refer to the documentation.
  • Flex public key is rendered to a JS variable in JWK format.
  • On the button click event all payment data is gathered and a token creation call is made using the SDK.
  • When the token is created, the value is set on a hidden field and the form is submitted.
  • You can use token with follow-on CyberSource services to complete payment (e.g. in the subscription ID field used in the Simple Order API).
<!-- checkout template -->
<html>
  <body>
    <form id="paymentForm" action="/your/server/endpoint" method="post">
      <input type="text" id="cardNumber" />
      <input type="text" name="securityCode" />
      <input type="text" name="expiryMonth" />
      <input type="text" name="expiryYear" />
      <select name="cardType">
        <option value="001">VISA</option>
        <option value="002">MasterCard</option>
        <option value="003">AmericanExpress</option>
      </select>
      <input type="hidden" name="token" />
      <button type="button" id="payBtn">Pay Now</button>
    </form>
    <script>
      var jwk = { /* flex public key in jwk format */ };
    </script>
    <script src="integration.js"></script>
  </body>
</html>
// integration.js
import flex from 'flex-sdk-web';

document.querySelector('#payBtn').on('click', () => {
  const options = {
    kid: jwk.kid,
    keystore: jwk,
    cardInfo: {
      cardNumber: document.querySelector('#cardNumber').value,
      cardType: document.querySelector('select[name="cardType"]').value,
      expiryMonth: document.querySelector('input[name="expiryMonth"]').value,
      expiryYear: document.querySelector('input[name="expiryYear"]').value
    },
    // production: true // without specifying this tokens are created in test env
  };

  flex.createToken(options, (response) => {
    if (response.error) {
      alert('There has been an error!');
      console.log(response);
      return;
    }

    document.querySelector("input[name='token']").value = response.token;
    document.querySelector('#paymentForm').submit();
  });
});

Note that the SDK can easily be integrated into a single page application, using AJAX for the key fetch and token submission.

Browser support

  • Chrome 37+
  • Internet Explorer 11
  • Safari 7.1+
  • iOS Safari 8+
  • Firefox 34+
  • Edge 12+

Legacy Browser Support

For older environments such as IE8, 'flex-sdk-web-legacy-browsers.js' can be used at the cost of a significantly larger package size.

Code and documentation copyright 2017 CyberSource. Released under the CyberSource SDK License Agreement as detailed in ./LICENSE.md.

FAQs

Package last updated on 29 Jun 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc