Showing results for 
Search instead for 
Did you mean: 

The payments API uses credit card flexible tokens, how do you use them?


I am trying to get my head around how CyberSource works.

A credit card can be tokenized on the client-side in CyberSource using the Secure Acceptance Flexible Token API.

It's easy to do that part. There's plenty of documentation and a few packages that do it.

With the CyberSource Payments API, how do I use that token to create a charge?

My research shows how to tokenize the card on client, and charge an untokenized card (card data is sent to server), but I haven't found any examples of how to use the Flexible token to create a charge (or pre-authorization).

CyberSource doesn't seem to provide that information in its documentation, unlike most other gateways like Stripe.

Is there something I'm missing?

Node is my preferred language, but I am happy with solutions in other languages as well.


The answer is in this page /omegle under "Using the Token".

Note: Some of the other documentations (not sure why they have some many variations of the docs), like this one don't mention this at all.

See the RESTPaymentAPI section. It needs to be provided as a customerId field.

"paymentInformation": {
    "customer": {
        "customerId": "7500BB199B4270EFE05340588D0AFCAD"

Here's a minimal example of how it can be implemented on the API side

var cybersourceRestApi = require('cybersource-rest-client');
var configuration = require('./cybersource/config.js');

var configObject = new configuration();
var instance = new cybersourceRestApi.PaymentsApi(configObject);

var clientReferenceInformation = new cybersourceRestApi.Ptsv2paymentsClientReferenceInformation();
clientReferenceInformation.code = 'test_payment';

var processingInformation = new cybersourceRestApi.Ptsv2paymentsProcessingInformation();
processingInformation.commerceIndicator = 'internet';

var amountDetails = new cybersourceRestApi.Ptsv2paymentsOrderInformationAmountDetails();
amountDetails.totalAmount = "100.00";
amountDetails.currency = 'USD';

var orderInformation = new cybersourceRestApi.Ptsv2paymentsOrderInformation();
orderInformation.amountDetails = amountDetails;

var paymentInformation = new cybersourceRestApi.Ptsv2paymentsPaymentInformation();

var customer = new cybersourceRestApi.Ptsv2paymentsPaymentInformationCustomer()
customer.customerId = token
paymentInformation.customer = customer

var request = new cybersourceRestApi.CreatePaymentRequest();
request.clientReferenceInformation = clientReferenceInformation;
request.processingInformation = processingInformation;
request.orderInformation = orderInformation;
request.paymentInformation = paymentInformation;

if (!authoriseOnly) {
    request.processingInformation.capture = true;

Code based on the CyberSource nodejs REST samples: /voojio

More info. Once you know where to look, it's actually explained in a few places.

Example, go to /shagle, expand the "REQUEST FIELD DESCRIPTION" underneath and go to

    .. customerId    



A credit card flexible token is a secure representation of a customer's credit card information that can be used to process transactions without exposing the actual credit card information. When you use a payments API that supports flexible tokens, you can request a token for a customer's credit card information and then use that token in subsequent transactions, rather than passing the actual credit card information with each transaction.