Configure the CyberSource integration
The CyberSource integration lets your store accept credit card payments.
To use the integration, you must have both a CyberSource merchant account and an
activated CyberSource Secure Acceptance Checkout API profile. If you do not
already have a CyberSource account, go to
www.cybersource.com/register
to obtain an evaluation
account. An evaluation account lets you configure and test the CyberSource
integration. You will need to register for a paid merchant account (including both
Payment Gateway and Tokenization) before your store can go live and accept
payments from shoppers.
CyberSource Secure Acceptance Checkout API allows Commerce to send payment card data directly from a shopper’s browser to CyberSource. No credit card data is ever stored on Oracle servers. CyberSource securely stores all the card information, replacing it with a unique identifier called a payment token. The payment token is stored on CyberSource servers and in a property of the associated order on Oracle servers. The token is used in all processing tasks associated with the order, including settlement, refunds, and shipping.
To learn how to create a Secure Acceptance Checkout API profile, see Create a Checkout API Profile in theSecure Acceptance Checkout API Integration Guide. This guide is available on the CyberSource website.
Note: Commerce uses HMAC-SHA256 to generate the request signature and validate the response signature for requests and responses sent as part of the CyberSource integration. For more information, see Secure Your Service.
Configure Oracle Commerce settings
This section describes how to configure the CyberSource integration in Oracle Commerce. Make sure you have your CyberSource account information on hand when you perform the following steps.
- Click the Settings icon, then select Payment Processing.
- On the Payment Gateways tab, select CyberSource.
- Under Account Information, click Use CyberSource and enter your CyberSource account information.
- Select one of the following environments and then enter your security keys for the
Secure Acceptance Checkout API. Each environment requires its own
security key. You cannot use the same security key for more than one
environment.
Preview: Your store’s preview environment
Agent: The Commerce Agent Console
Storefront: Your production storefront
- Click Save.
Account Information
These properties identify your CyberSource account. All properties are required.
Property | Description |
---|---|
Merchant ID | Merchant ID for your CyberSource account. |
First Name Last Name |
First name and surname for the contact. This is usually the name of the person listed as the contact in your CyberSource account, but it can be different. |
Username | Login name for your CyberSource account. |
Security Keys for Secure Acceptance
These properties identify your CyberSource Secure Acceptance Checkout API profile. If you configure properties for both the Storefront and Agent configurations, use the same properties for both. All properties are required.
Property | Description |
---|---|
Profile ID | The ID for your CyberSource Secure Acceptance Checkout API profile. |
Access Key | Authenticates your account with CyberSource. |
Secret Key | The secret key associated with the access key you entered. The secret key signs the transaction data and is required for each transaction. |
SOP URL |
The URL used to send the form to CyberSource for processing the payment. For test and preview environments, set this to:
For production environments, set this to:
|
Test the CyberSource integration
Once the CyberSource integration is configured, you should be able to go to your store and place a test transaction. If the transactions are successful, the orders will be visible in Oracle Commerce reports in the CyberSource Business Center under Transaction Search.
Note: You cannot place test transactions in preview mode; you must place them from your store. See Preview your store for information about preview mode.
The following page provides a list of test credit card numbers:
https://www.cybersource.com/developers/other_resources/quick_references/test_cc_numbers/
Note that to enable communication between CyberSource and your Commerce sites, you must add the appropriate URL and HTTP methods to the
allowedOriginMethods
property of each site object,
and then publish your changes. For example, for a site whose ID is
siteUK
:
PUT /ccadmin/v1/sites/siteUK HTTP/1.1
Authorization: Bearer <access_token>
x-ccasset-language: en
{
"properties": {
"allowedOriginMethods": {
"https://testsecureacceptance.cybersource.com": "GET,PUT,POST,OPTIONS"
}
}
}
For more information, see CORS support.