Reputation: 9297
Can the CyberSource TMS API be used with a Flex API Token?
The CyberSource Token Management Service (described here and here) allows you to create "instruments" which are tokenized cards that can be stored with a user's account and used for later purchases/transactions with your service.
I would like to use the Flex API (described here, here and here) to perform an initial tokenization of the card. Can I then use a Flex token to perform TMS calls?
Obviously both mechanisms are tokenization, but there are advantages to both:
- TMS seems intended for long-term storage and supports auto-superseding PANs.
- Flex has the capability to switch to micro-form iframes.
So it would be useful to do the initial tokenization with Flex for PCI-DSS reasons, and then use that to create TMS tokens for long-term storage.
Upvotes: 3
Views: 1531
Answers (2)
Reputation: 313
@matt-mc,
To add to @will-h answer, although you can use Secure Acceptance Flex (microform & token) API to create 'transient' tokens for PCI scope reduction, you can 'make/transform' these for use in the TMS API by using the example shown in the developer center under Payments > Process a Payment > Sample Request: Payment with Flex Token (Create Permanent TMS token).
The payload will look something like this:
{
"clientReferenceInformation": {
"code": "TC50171_3"
},
"processingInformation": {
"actionList": [
"TOKEN_CREATE"
],
"actionTokenTypes": [
"customer",
"paymentInstrument",
"shippingAddress"
]
},
"orderInformation": {
"amountDetails": {
"totalAmount": "102.21",
"currency": "USD"
},
"billTo": {
"firstName": "John",
"lastName": "Doe",
"address1": "1 Market St",
"locality": "san francisco",
"administrativeArea": "CA",
"postalCode": "94105",
"country": "US",
"email": "[email protected]",
"phoneNumber": "4158880000"
},
"shipTo": {
"firstName": "John",
"lastName": "Doe",
"address1": "1 Market St",
"locality": "san francisco",
"administrativeArea": "CA",
"postalCode": "94105",
"country": "US"
}
},
"tokenInformation": {
"transientTokenJwt": "eyJraWQiOiIwODVLd3ZiZHVqZW1DZDN3UnNxVFg3RG5nZzlZVk04NiIsImFsZyI6IlJTMjU2In0.eyJkYXRhIjp7Im51bWJlciI6IjQxMTExMVhYWFhYWDExMTEiLCJ0eXBlIjoiMDAxIn0sImlzcyI6IkZsZXgvMDgiLCJleHAiOjE1OTU2MjAxNTQsInR5cGUiOiJtZi0wLjExLjAiLCJpYXQiOjE1OTU2MTkyNTQsImp0aSI6IjFFMTlWWVlBUEFEUllPSzREUUM1NFhRN1hUVTlYN01YSzBCNTc5UFhCUU1HUUExVU1MOFI1RjFCM0IzQTU4MkIifQ.NKSM8zuT9TQC2OIUxIFJQk4HKeHhj_RGWmEqOQhBi0TIynt_kCIup1UVtAlhPzUfPWLwRrUVXnA9dyjLt_Q-pFZnvZ2lVANbiOq_R0us88MkM_mqaELuInCwxFeFZKA4gl8XmDFARgX1aJttC19Le6NYOhK2gpMrV4i0yz-IkbScsk0_vCH3raayNacFU2Wy9xei6H_V0yw2GeOs7kF6wdtMvBNw_uoLXd77LGE3LmV7z1TpJcG1SXy2s0bwYhEvkQGnrq6FfY8w7-UkDBWT1GhU3ZVP4y7h0l1WEX2xqf_ze25ZiYJQfWrEWPBHXRubOpAuaf4rfeZei0mRwPU-sQ"
}
}
Upvotes: 3
Reputation: 404
The Flex API can be used to create TMS tokens.
You can think of TMS (Token Management Service) as services to create, read, update, and delete tokens as well as the storage of those tokens. The purpose of Secure Acceptance Flex Microform and Flexible Token API is to reduce PCI scope when handling credit card account numbers by replacing them with tokens without touching your servers (direct from customer browser or app to CyberSource). The Secure Acceptance Flex Microform and Flexible Token API uses TMS underneath to create tokens, but cannot read, update, delete tokens or authorize the card.
Upvotes: 2
Related Questions
- How to authenticate with custom apis/microservices from using Twilio Flex SSO token
- Support Token Based Authentication in Swagger Documentation for Web API
- How to get an access token for the Cylance User API?
- How to generate/retrieve token from Cybersource Secure Acceptance API?
- How can I get a Payment Token when using Cybersource SOAP API
- CyberSource SOAP Toolkit API Token Payment?
- DocuSign SOAP API with access tokens
- Is it feasible to create a REST client with Flex?
- Can I use oauth 2.0 with flex?
- How to pass Authorization header from Flex WebService?