Server-Side Setup

This section contains the information you need to set up your server. Initializing
Microform Integration
within your webpage begins with a server‑to‑server call to the sessions API. This step authenticates your merchant credentials and establishes how the
Microform Integration
frontend components will function. The sessions API request contains parameters that define how
Microform Integration
performs.
The server-side component provides this information:
  • A transaction-specific public key is used by the customer's browser to protect the transaction.
  • An authenticated context description package that manages the payment experience on the client side. It includes available payment options such as card networks, payment interface styling, and payment methods.
The functions are compiled in a JSON Web Token (JWT) object referred to as the
capture context
. For information JSON Web Tokens, see JSON Web Tokens.

Capture Context

The capture context request is a signed JSON Web Token (JWT) that provides authentication, one-time keys and the target origin to the Microform Integration application. This request tells the frontend JavaScript library how to behave within your payment experience..
The target origin is defined by the scheme (protocol), hostname (domain) and port number (if used).
You must use the
https://
protocol unless you use
http://localhost
. Sub-domains must also be included in the target origin. Any valid top-level domain is supported. For example,
.com
,
.co.uk
, and
.gov.br
. Wildcards are not supported.
For example, if you are launching Microform on
example.com
, the target origin could be any of the following:
You can define the payment cards and digital payments that you want to accept in the capture context. Use the
allowedCardNetworks
field to define the card types.
Available card networks for card entry:
  • American Express
  • Cartes Bancaires
  • Carnet
  • China UnionPay
  • Diners Club
  • Discover
  • EFTPOS
  • ELO
  • JCB
  • JCrew
  • Mada
  • Maestro
  • Mastercard
  • Meeza
  • Visa
Server-Side Setup

Creating the Server-Side Context

The first step in integrating with
Microform Integration
is developing the server-side code that generates the capture context. The capture context is a digitally signed JWT that provides authentication, one-time keys, and the target origin to the
Microform Integration
application. The target origin is the protocol, URL, and port number (if used) of the page on which you will host the microform.
Sample
Microform Integration
projects are available for download in the Flex samples on GitHub.
  1. Send an authenticated POST request to the
    /sessions
    endpoint to create your capture context session:
    • Production
      :
      https://api.smartpayfuse.barclaycard
      /microform/v2/sessions
    • Test
      :
      https://api.smartpayfuse-test.barclaycard
      /microform/v2/sessions
    Include the target origin URL and at least one accepted card type in the content of the body of the request.
    For example:
    { "clientVersion": "v2", "targetOrigins": ["https://www.example.com"], "allowedCardNetworks": ["VISA"] }
    To embed within multiple nested iframes, you must specify the origins of all the browser contexts used. For example:
    { "clientVersion": "v2", "targetOrigins": ["https://www.example.com", "https://www.basket.example.com", "https://ecom.example.com"] "allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX", "CARTESBANCAIRES", "CARNET", "CUP", "DINERSCLUB", "DISCOVER", "EFTPOS", "ELO", "JCB", "JCREW", "MADA", "MAESTRO", "MEEZA" ] }
  2. Pass the capture context response data object to your front-end application. The capture context is valid for 15 minutes.

AFTER COMPLETING THE TASK

Important Security Note:
  • Ensure that all endpoints within your ownership are secure with some kind of authentication so they cannot be called at will by bad actors.
  • Do not pass the
    targetOrigin
    in any external requests. Hard code it on the server side.
For more information on requesting the capture context, see Capture Context.
Server-Side Setup