Integrating Cybersource into a mobile app, as discussed in the forum, requires choosing the correct implementation method based on your app's architecture (Native, React Native, Flutter, etc.). The goal is always to securely capture payment information while minimizing PCI compliance scope.
The general approach involves understanding the different Types of Payment Integrations in Mobile App environments:
- Server-to-Server Integration (Recommended): The mobile app securely passes card information (often tokenized) to your own backend server, and your server then handles the communication with Cybersource's APIs. This is generally the most secure and shifts most of the compliance burden off the mobile device.
- Mobile SDK Integration: You use a dedicated Cybersource mobile SDK (if available for your platform) to handle the sensitive card capture directly within the app's user interface. The SDK securely transmits the data to Cybersource, bypassing your server for that specific step.
- Hosted Payment Fields/Pages: This method redirects the user or displays an iFrame where Cybersource (or a trusted partner) securely captures the payment details. This solution completely removes your app from handling sensitive data.
The official Cybersource technical documentation will provide the specific APIs and instructions required to implement these methods correctly, ensuring a smooth and secure checkout flow regardless of your chosen mobile technology.
