CyberSource.Flex.Server 0.2.2

Suggested Alternatives

CyberSource.Rest.Client

Additional Details

This SDK has been incorporated into the general purpose .NET SDK for CyberSource REST APIs.  Please contact CyberSource Support for any questions or assistance moving to that SDK.

dotnet add package CyberSource.Flex.Server --version 0.2.2                
NuGet\Install-Package CyberSource.Flex.Server -Version 0.2.2                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="CyberSource.Flex.Server" Version="0.2.2" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add CyberSource.Flex.Server --version 0.2.2                
#r "nuget: CyberSource.Flex.Server, 0.2.2"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install CyberSource.Flex.Server as a Cake Addin
#addin nuget:?package=CyberSource.Flex.Server&version=0.2.2

// Install CyberSource.Flex.Server as a Cake Tool
#tool nuget:?package=CyberSource.Flex.Server&version=0.2.2                

CyberSource Secure Acceptance: Flex Server Side .NET SDK

This C# SDK helps with server side aspects of a Flex integration:

  • Requesting a transaction specific key
  • Verifying the token response

Initialize credentials

To request a transaction specific key, you must to supply your authentication credentials.

Note: To help prevent the exposure of sensitive credentials through heap inspection the Flex SDK requires that such credentials are supplied using a SecureString instance.

Using credentials obtained through CyberSource Business Center:

using FlexServerSDK;
using FlexServerSDK.Authentication;

/* ... */

// Replace with your credentials
string merchantId = "__YOUR_MERCHANT_ID__";
string keyId = "__YOUR_KEY_ID__";
SecureString sharedSecret = "__YOUR_SHARED_SECRET__";

// Set your environment
// Environment environment = Environment.LIVE;
Environment environment = Environment.TEST;

// Authenticate via (test)flex.cybersource.com
IFlexCredentials flexCredentials = new CyberSourceFlexCredentials(
	environment,
	merchantId,
	keyId,
	sharedSecret
);

Using credentials obtained through Visa Developer Center:

using FlexServerSDK;
using FlexServerSDK.Authentication;

/* ... */

// Replace with your credentials
string apiKey = "__YOUR_API_KEY__";
SecureString sharedSecret = "__YOUR_SHARED_SECRET__";

// Set your environment
// Environment environment = Environment.LIVE;
Environment environment = Environment.TEST;

IFlexCredentials flexCredentials = new VisaDeveloperCenterCredentials(
	environment,
	apiKey,
	sharedSecret
);

Initialize configuration (optional)

The Flex SDK supports configuration of the following:

  • Request timeout: Duration in milliseconds for which the Flex SDK will wait for a response from Flex API. Default value: 10000 (10 seconds)
  • Request proxy: A proxy through which to connect to Flex API. Default value: no proxy
  • Debug logging: Turn on debug logging using the System.Diagnostics.Debug framework. Default value: false
int requestTimeout = ...;
IWebProxy proxy = ...;
bool enableDebugLogging = ...;

FlexServiceConfiguration flexServiceConfiguration = new FlexServiceConfigurationBuilder()
	.SetRequestTimeout(requestTimeout)
	.SetProxy(proxy)
	.SetDebugLoggingEnabled(enableDebugLogging)
	.Build();

Initialize Flex Service

IFlexCredentials flexCredentials = ...;
FlexServiceConfiguration flexServiceConfiguration = ...;

IFlexService flexService = FlexServiceFactory.Create(flexCredentials, flexServiceConfiguration);

Note: All IFlexService operations are thread-safe. For performance reasons it is recommended to initialize only one instance of IFlexService per unique set of Flex credentials.

Request a key

Flex encrypts the card number in transit, for additional protection against MitM attacks where the cardholder's network connection is compromised. The following encryption methods are supported:

  • RsaOaep256
  • RsaOaep (Recommended for widest browser compatibility)
  • None (No encryption of the card number)

An encryption type must be supplied when requesting a key:

FlexPublicKey flexPublicKey = await flexService.CreateKey(EncryptionType.RsaOaep);

If you are requesting a key for use with Flex Microform then you must also supply the origin of the website in which Flex Microform will be embedded:

FlexPublicKey flexPublicKey = await flexService.CreateKey(
	EncryptionType.RsaOaep, 
	"https://shop.merchant.com/" // Your website which will host Flex Microform
);

Additional optional settings may be supplied:

KeyRequestSettings settings = new KeyRequestSettings
{
	currency = "USD", // Currency to be used with the token
	enableAutoAuth = true, // Whether an automatic authorization should be performed prior to generating a token
	enableBillingAddress = true, // Whether dummy address data should be supplied for the token
	unmaskedLeft = 6, // The number of unmasked digits to be shown at the beginning of the card number (BIN)
	unmaskedRight = 4 // The number of unmasked digits to be shown at the end of the card number
};

KeysRequestParameters keysRequestParameters = new KeysRequestParameters(
	EncryptionType.RsaOaep256,
	"https://shop.merchant.com",
	settings
);

Verify a token response

There is a possibility that the token response can be tampered with as it passes through the client. You should check the integrity of the response using the SDK. You can provide the public key and token response to the Flex SDK in one of the following formats:

FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
string flexTokenResponseBody = ...; // The raw response body returned by Flex API

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}
FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
FlexToken flexToken = ...; // The raw response body returned by Flex API deserialized into a FlexToken instance

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}
FlexPublicKey flexPublicKey = ...; // The key with which the token was generated
IDictionary<string, string> flexTokenResponseFields = ...; // A map containing the signed response fields and the signature itself

if (!flexService.Verify(flexPublicKey, flexTokenResponseBody)) 
{
	// Reject token
}
Product Compatible and additional computed target framework versions.
.NET Framework net is compatible. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
0.2.2 17,151 1/15/2019 0.2.2 is deprecated because it is no longer maintained.
0.2.1 19,493 4/10/2018
0.2.0 967 2/6/2018

CyberSource Flex API Server Side SDK