Server-Side Setup
This section contains the information you need to set up your server. Initializing
Microform Integration
within your webpage begins with a server‑to‑server
call to the sessions API. This step authenticates your merchant credentials and
establishes how the Microform Integration
frontend components will function.
The sessions API request contains parameters that define how Microform Integration
performs.The server-side component provides this
information:
- A transaction-specific public key is used by the customer's browser to protect the transaction.
- An authenticated context description package that manages the payment experience on the client side. It includes available payment options such as card networks, payment interface styling, and payment methods.
The functions are compiled in a JSON Web Token (JWT)
object referred to as the
capture context
. For information JSON Web Tokens, see
JSON Web Tokens.Capture Context
The capture context request is a signed JSON Web Token (JWT) that provides
authentication, one-time keys and the target origin to the Microform Integration
application. This request tells the frontend JavaScript library how to behave within
your payment experience..
The target origin is defined by the scheme (protocol), hostname
(domain) and port number (if used).
You must use the
https://
protocol unless you use
http://localhost
. Sub-domains must also be included in the target
origin. Any valid top-level domain is supported. For example, .com
,
.co.uk
, and .gov.br
. Wildcards are not supported. For example, if you are launching Microform on
example.com
, the
target origin could be any of the following:You can define the payment cards and digital
payments that you want to accept in the capture context. Use the
allowedCardNetworks
field to define the card types.Available card networks for card entry:
- American Express
- Cartes Bancaires
- Carnet
- China UnionPay
- Diners Club
- Discover
- EFTPOS
- ELO
- JCB
- JCrew
- Mada
- Maestro
- Mastercard
- Meeza
- Visa
Creating the Server-Side Context
The first step in integrating with
Microform Integration
is developing the
server-side code that generates the capture context. The capture context is a digitally signed
JWT that provides authentication, one-time keys, and the target origin to the Microform Integration
application. The target origin is the protocol, URL, and port number
(if used) of the page on which you will host the microform.Sample
Microform Integration
projects are available for download in the Flex
samples on GitHub.- Send an authenticated POST request to the/sessionsendpoint to create your capture context session:
- Production:https://api.smartpayfuse.barclaycard/microform/v2/sessions
- Test:https://api.smartpayfuse-test.barclaycard/microform/v2/sessions
Include the target origin URL and at least one accepted card type in the content of the body of the request.For example:{ "clientVersion": "v2", "targetOrigins": ["https://www.example.com"], "allowedCardNetworks": ["VISA"] }To embed within multiple nested iframes, you must specify the origins of all the browser contexts used. For example:{ "clientVersion": "v2", "targetOrigins": ["https://www.example.com", "https://www.basket.example.com", "https://ecom.example.com"] "allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX", "CARTESBANCAIRES", "CARNET", "CUP", "DINERSCLUB", "DISCOVER", "EFTPOS", "ELO", "JCB", "JCREW", "MADA", "MAESTRO", "MEEZA" ] } - Pass the capture context response data object to your front-end application. The capture context is valid for 15 minutes.
AFTER COMPLETING THE TASK
Important Security Note:
- Ensure that all endpoints within your ownership are secure with some kind of authentication so they cannot be called at will by bad actors.
- Do not pass thetargetOriginin any external requests. Hard code it on the server side.
For more information on requesting the capture context, see Capture Context.