Showing results for 
Search instead for 
Did you mean: 

how do you use a credit card flexible token with payments API?

Trying to get my head around how CyberSource works..

In CyberSource, the Secure Acceptance Flexible Token API can be used to tokenize a credit card on client-side for processing for future processing.

That part is easy enough. There's plenty of documentation and a few packages that do it.

How do I then use that token to create a charge with the CyberSource Payments API ?

All examples i've found show how to tokenize the card on client, and how to charge an untokenized card (i.e. card data is sent to server) but I can't find an example that show how to use the Flexible token to create a charge (or pre-auth).

In most other gateways like Stripe, it's pretty clear in documentations but CyberSource doesn't seem to provide that.

Am I missing something?

I'm using Node but happy with solutions in other languages.

   /echatrandom /echatspin



The documentation for that should be updated soon. Meanwhile, here is a screenshot that should help you to send the transient token for making the payment.

Administrator Administrator

The answer is in this page under "Using the Token".

Note: Some of the other documentations (not sure why they have some many variations of the docs), like this one don't mention this at all.

See the RESTPaymentAPI section. It needs to be provided as a customerId field.

"paymentInformation": {
    "customer": {
        "customerId": "7500BB199B4270EFE05340588D0AFCAD"

Here's a minimal example of how it can be implemented on the API side

var cybersourceRestApi = require('cybersource-rest-client');
var configuration = require('./cybersource/config.js');

var configObject = new configuration();
var instance = new cybersourceRestApi.PaymentsApi(configObject);

var clientReferenceInformation = new cybersourceRestApi.Ptsv2paymentsClientReferenceInformation();
clientReferenceInformation.code = 'test_payment';

var processingInformation = new cybersourceRestApi.Ptsv2paymentsProcessingInformation();
processingInformation.commerceIndicator = 'internet';

var amountDetails = new cybersourceRestApi.Ptsv2paymentsOrderInformationAmountDetails();
amountDetails.totalAmount = "100.00";
amountDetails.currency = 'USD';

var orderInformation = new cybersourceRestApi.Ptsv2paymentsOrderInformation();
orderInformation.amountDetails = amountDetails;

var paymentInformation = new cybersourceRestApi.Ptsv2paymentsPaymentInformation();

var customer = new cybersourceRestApi.Ptsv2paymentsPaymentInformationCustomer()
customer.customerId = token
paymentInformation.customer = customer

var request = new cybersourceRestApi.CreatePaymentRequest();
request.clientReferenceInformation = clientReferenceInformation;
request.processingInformation = processingInformation;
request.orderInformation = orderInformation;
request.paymentInformation = paymentInformation;

if (!authoriseOnly) {
    request.processingInformation.capture = true;

Code based on the CyberSource nodejs REST samples:

More info. Once you know where to look, it's actually explained in a few places.

Example, go to, expand the "REQUEST FIELD DESCRIPTION" underneath and go to

    .. customerId    

Unique identifier for the customer's card and billing information.

When you use Payment Tokenization or Recurring Billing and you include this value in your request, many of the fields that are normally required for an authorization or credit become optional.

NOTE When you use Payment Tokenization or Recurring Billing, the value for the Customer ID is actually the Cybersource payment token for a customer. This token stores information such as the consumer’s card number so it can be applied towards bill payments, recurring payments, or one-time payments. By using this token in a payment API request, the merchant doesn't need to pass in data such as the card number or expiration date in the request itself.

See "Payment Tokenization," page 222, and "Recurring Billing," page 225.