Unified Checkout v1.1 /flex/v2/complete returns 400 MISSING_FIELD for card data with completeMandate

laflame — Thu, 09 Apr 2026 10:48:26 GMT

Hi CyberSource Support,

We are integrating Unified Checkout v1.1 with completeMandate for a Sale flow (authorization + capture + 3DS). The widget renders correctly,
Auth Setup completes, Device Data Collection succeeds, but the internal POST /flex/v2/complete call consistently returns 400 with
MISSING_FIELD.

Merchant ID: (test environment)

Issue: After the customer enters card details and the widget auto-submits, the SDK's internal call to
https://testflex.cybersource.com/flex/v2/complete fails with:

{
"details": [
{"field": "paymentInformation.card.number", "reason": "MISSING_FIELD"},
{"field": "paymentInformation.tokenizedCard.expirationMonth", "reason": "MISSING_FIELD"},
{"field": "paymentInformation.card.expirationYear", "reason": "MISSING_FIELD"}
],
"reason": "MISSING_FIELD",
"status": "INVALID_REQUEST"
}

What works:
- /uc/v1/sessions returns a valid capture context JWT (type: uc-1.0.0, clientVersion: 1.1.1)
- VAS.UnifiedCheckout(sessionJWT) initializes successfully
- client.createCheckout({ autoProcessing: true }) succeeds
- checkout.mount() renders the widget with card entry + billing fields
- Auth Setup completes with a valid referenceId
- DDC completes successfully (Cardinal Commerce)
- Card data is entered by the user and the widget auto-submits

What fails:
- The SDK's internal POST /flex/v2/complete returns 400 INVALID_REQUEST
- CyberSource transaction path shows: Client App: unifiedCheckout, Reason Code: 101, Reply Message: The request data did not pass the required
fields check: [customer_cc_number, customer_cc_expmo, customer_cc_expyr]

const client = await VAS.UnifiedCheckout(sessionJWT);
const checkout = await client.createCheckout({ autoProcessing: true });
const result = await checkout.mount('#payment-buttons');

Script loaded dynamically from capture context JWT clientLibrary field.

This issue occurs on both test (apitest.cybersource.com) and production (api.cybersource.com) environments.

The card data is encrypted and sent to /flex/v2/complete (confirmed via browser network tab), but the endpoint cannot extract the card fields
from the encrypted payload.

Capture context request:
{
"targetOrigins": ["https://dev.test.local:6721"],
"clientVersion": "1.1",
"locale": "en_US",
"country": "KE",
"allowedCardNetworks": ["VISA", "MASTERCARD"],
"allowedPaymentTypes": ["PANENTRY"],
"captureMandate": {
"billingType": "PARTIAL",
"requestEmail": true,
"requestPhone": false,
"requestShipping": false,
"showAcceptedNetworkIcons": true
},
"completeMandate": {
"type": "CAPTURE",
"decisionManager": true,
"consumerAuthentication": "3DS"
},
"data": {
"clientReferenceInformation": { "code": "payment-uuid" },
"consumerAuthenticationInformation": {
"challengeCode": "04",
"messageCategory": "01",
"acsWindowSize": "01"
},
"orderInformation": {
"amountDetails": { "totalAmount": "2.00", "currency": "KES" },
"billTo": {
"firstName": "john",
"lastName": "doe",
"email": "test@gmail.com",
"address1": "P.O .BOX *",
"locality": "test",
"administrativeArea": "test",
"postalCode": "00",
"country": "KE",
"phoneNumber": "some phone"
}
}
}
}

topic Unified Checkout v1.1 /flex/v2/complete returns 400 MISSING_FIELD for card data with completeMandate in cybersource APIs

Unified Checkout v1.1 /flex/v2/complete returns 400 MISSING_FIELD for card data with completeMandate