"I’m currently developing a specialized e-commerce flow where the transaction amount isn't a fixed SKU price, but rather a dynamic calculation based on user-provided dimensions.
We’ve built a custom Lawn Topsoil calculator that allows users to determine exactly how many cubic yards they need for their project. Once the volume is calculated, we want to pass that specific value (and perhaps the dimensions as metadata) into the CyberSource Secure Acceptance hosted checkout.
My question is about session security: Is it better to sign the final amount on the server side immediately after the calculation, or should I be looking at using the 'Flexible Token' approach to handle the variable transaction amount? I want to make sure the user can't modify the 'Total Amount' field in the browser console after the calculation is complete but before the redirect to the payment page.
Has anyone else integrated CyberSource with dynamic quoting tools like this? Any advice on preventing 'amount tampering' during the handoff would be huge."
