CyberSource.Flex.Server 0.2.0

SDK for server-side integration with CyberSource Flex API

There is a newer version of this package available.
See the version list below for details.
Install-Package CyberSource.Flex.Server -Version 0.2.0
dotnet add package CyberSource.Flex.Server --version 0.2.0
<PackageReference Include="CyberSource.Flex.Server" Version="0.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add CyberSource.Flex.Server --version 0.2.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

CyberSource Secure Acceptance: Flex Server Side .NET SDK

This C# SDK helps with server side aspects of a Flex integration:

  • Requesting a transaction specific key
  • Verifying the token response

Initialize credentials

In order to request a transaction specific key, you will need to supply your authentication credentials.

Note: In order to help prevent the exposure of sensitive credentials through heap inspection the Flex SDK requires that such credentials be supplied using a SecureString instance.

Using credentials obtained through EBC2:

using FlexServerSDK;
using FlexServerSDK.Authentication;

...

string merchantId = ...; // Your merchant ID
string keyId = ...; // Your key ID
SecureString sharedSecret = ...; // Your shared secret

// Environment.TEST: CAS
// Environment.LIVE: Production
Environment environment = ...;

// Authenticate via (test)flex.cybersource.com
IFlexCredentials flexCredentials = new CyberSourceGateKeeperCredentials(
	environment,
	merchantId,
	keyId,
	sharedSecret
);

Using credentials obtained through Visa Developer Center (VDC):

using FlexServerSDK;
using FlexServerSDK.Authentication;

...

string apiKey = ...; // Your API key
SecureString sharedSecret = ...; // Your shared secret

// Environment.TEST: Sandbox
// Environment.LIVE: Production
Environment environment = ...;

IFlexCredentials flexCredentials = new VisaDeveloperCenterCredentials(
	environment,
	apiKey,
	sharedSecret
);

Initialize configuration (optional)

The Flex SDK supports configuration of the following:

  • Request timeout:
    The duration in milliseconds for which the Flex SDK will wait for a response from Flex API.
    Default value: 10000 (10 seconds)

  • Request proxy:
    Specifies the proxy through which to connect to Flex API.
    Default value: no proxy

  • Debug logging:
    Specifies whether debug logging using the System.Diagnostics.Debug framework should be enabled.
    Default value: false

int requestTimeout = ...;
IWebProxy proxy = ...;
bool enableDebugLogging = ...;

FlexServiceConfiguration flexServiceConfiguration = new FlexServiceConfigurationBuilder()
	.SetRequestTimeout(requestTimeout)
	.SetProxy(proxy)
	.SetDebugLoggingEnabled(enableDebugLogging)
	.Build();

Initialize Flex Service

IFlexCredentials flexCredentials = ...;
FlexServiceConfiguration flexServiceConfiguration = ...;

IFlexService flexService = FlexServiceFactory.Create(
	flexCredentials,
	flexServiceConfiguration
);

Request a key

Flex encrypts the card number in transit, for additional protection against MitM attacks where the cardholder's network connection is compromised. The following encryption methods are supported:

  • RsaOaep256
  • RsaOaep (Recommended for widest browser compatibility)
  • None (No encryption of the card number)

An encryption type must be supplied when requesting a key:

FlexPublicKey flexPublicKey = await flexService.CreateKey(EncryptionType.RsaOaep);

If you are requesting a key for use with Flex Microform then you must also supply the origin of the website in which Flex Microform will be embedded:

FlexPublicKey flexPublicKey = await flexService.CreateKey(
	EncryptionType.RsaOaep, 
	"https://shop.merchant.com/" // Your website which will host Flex Microform
);

Additional optional settings may be supplied:

KeyRequestSettings settings = new KeyRequestSettings
{
	currency = "USD", // Currency to be used with the token
	enableAutoAuth = true, // Whether an automatic authorization should be performed prior to generating a token
	enableBillingAddress = true, // Whether dummy address data should be supplied for the token
	unmaskedLeft = 6, // The number of unmasked digits to be shown at the beginning of the card number (BIN)
	unmaskedRight = 4 // The number of unmasked digits to be shown at the end of the card number
};

KeysRequestParameters keysRequestParameters = new KeysRequestParameters(
	EncryptionType.RsaOaep256,
	"https://shop.merchant.com/",
	settings
);

Verify a token response

There is a possibility that the token response can be tampered with as it passes through the client. You should check the integrity of the response using the SDK. You can provide the public key and token response to the Flex SDK in one of the following formats:

FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
string flexTokenResponseBody = ...; // The raw response body returned by Flex API

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}
FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
FlexToken flexToken = ...; // The raw response body returned by Flex API deserialized into a FlexToken instance

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}
FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
IDictionary<string, string> flexTokenResponseFields = ...; // A map containing the signed response fields and the signature itself

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}

CyberSource Secure Acceptance: Flex Server Side .NET SDK

This C# SDK helps with server side aspects of a Flex integration:

  • Requesting a transaction specific key
  • Verifying the token response

Initialize credentials

In order to request a transaction specific key, you will need to supply your authentication credentials.

Note: In order to help prevent the exposure of sensitive credentials through heap inspection the Flex SDK requires that such credentials be supplied using a SecureString instance.

Using credentials obtained through EBC2:

using FlexServerSDK;
using FlexServerSDK.Authentication;

...

string merchantId = ...; // Your merchant ID
string keyId = ...; // Your key ID
SecureString sharedSecret = ...; // Your shared secret

// Environment.TEST: CAS
// Environment.LIVE: Production
Environment environment = ...;

// Authenticate via (test)flex.cybersource.com
IFlexCredentials flexCredentials = new CyberSourceGateKeeperCredentials(
	environment,
	merchantId,
	keyId,
	sharedSecret
);

Using credentials obtained through Visa Developer Center (VDC):

using FlexServerSDK;
using FlexServerSDK.Authentication;

...

string apiKey = ...; // Your API key
SecureString sharedSecret = ...; // Your shared secret

// Environment.TEST: Sandbox
// Environment.LIVE: Production
Environment environment = ...;

IFlexCredentials flexCredentials = new VisaDeveloperCenterCredentials(
	environment,
	apiKey,
	sharedSecret
);

Initialize configuration (optional)

The Flex SDK supports configuration of the following:

  • Request timeout:
    The duration in milliseconds for which the Flex SDK will wait for a response from Flex API.
    Default value: 10000 (10 seconds)

  • Request proxy:
    Specifies the proxy through which to connect to Flex API.
    Default value: no proxy

  • Debug logging:
    Specifies whether debug logging using the System.Diagnostics.Debug framework should be enabled.
    Default value: false

int requestTimeout = ...;
IWebProxy proxy = ...;
bool enableDebugLogging = ...;

FlexServiceConfiguration flexServiceConfiguration = new FlexServiceConfigurationBuilder()
	.SetRequestTimeout(requestTimeout)
	.SetProxy(proxy)
	.SetDebugLoggingEnabled(enableDebugLogging)
	.Build();

Initialize Flex Service

IFlexCredentials flexCredentials = ...;
FlexServiceConfiguration flexServiceConfiguration = ...;

IFlexService flexService = FlexServiceFactory.Create(
	flexCredentials,
	flexServiceConfiguration
);

Request a key

Flex encrypts the card number in transit, for additional protection against MitM attacks where the cardholder's network connection is compromised. The following encryption methods are supported:

  • RsaOaep256
  • RsaOaep (Recommended for widest browser compatibility)
  • None (No encryption of the card number)

An encryption type must be supplied when requesting a key:

FlexPublicKey flexPublicKey = await flexService.CreateKey(EncryptionType.RsaOaep);

If you are requesting a key for use with Flex Microform then you must also supply the origin of the website in which Flex Microform will be embedded:

FlexPublicKey flexPublicKey = await flexService.CreateKey(
	EncryptionType.RsaOaep, 
	"https://shop.merchant.com/" // Your website which will host Flex Microform
);

Additional optional settings may be supplied:

KeyRequestSettings settings = new KeyRequestSettings
{
	currency = "USD", // Currency to be used with the token
	enableAutoAuth = true, // Whether an automatic authorization should be performed prior to generating a token
	enableBillingAddress = true, // Whether dummy address data should be supplied for the token
	unmaskedLeft = 6, // The number of unmasked digits to be shown at the beginning of the card number (BIN)
	unmaskedRight = 4 // The number of unmasked digits to be shown at the end of the card number
};

KeysRequestParameters keysRequestParameters = new KeysRequestParameters(
	EncryptionType.RsaOaep256,
	"https://shop.merchant.com/",
	settings
);

Verify a token response

There is a possibility that the token response can be tampered with as it passes through the client. You should check the integrity of the response using the SDK. You can provide the public key and token response to the Flex SDK in one of the following formats:

FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
string flexTokenResponseBody = ...; // The raw response body returned by Flex API

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}
FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
FlexToken flexToken = ...; // The raw response body returned by Flex API deserialized into a FlexToken instance

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}
FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
IDictionary<string, string> flexTokenResponseFields = ...; // A map containing the signed response fields and the signature itself

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}

Release Notes

CyberSource Flex API Server Side SDK

Dependencies

This package has no dependencies.

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
0.2.2 1,892 1/15/2019
0.2.1 3,289 4/10/2018
0.2.0 335 2/6/2018