API Overview

Unified Checkout Developer Guide
- Recent Revisions to This Document

Introduction to Unified Checkout

Unified Checkout Quick Start
- Step 1: Enable Unified Checkout
- Step 2: Set Up the Server-Side Component
- Step 3: Set Up the Client-Side Component
- Step 4: Configure Unified Checkout
- Step 5: Test Your Unified Checkout Integration

Unified Checkout Flow

Server-Side Set Up

Client-Side Set Up
- Loading the JavaScript Library
- Complete Integration Examples

Configuration
- Configure the Unified Checkout Merchant Experience
  - Enable Unified Checkout
  - Configure Payment Options
  - Customize the Unified Checkout Look and Feel
  - Look and Feel UI Examples
  - Configure Customer Data and Payment Flow
  - Capture Context Fields in the Smartpay Fuse Portal
  - Manage Permissions
    - Managing Permissions as an Administrator
- Process Payments with Unified Checkout
- Webhooks Support

Transient Tokens
- Transient Token Format
- Token Verification
- Dual-Branded Cards
- Authorizations with a Transient Token

Test Your Configuration
- Unified Checkout Test Cards
- Visa and Mastercard Click to Pay Test Cards
- Test Cards for Authentication by Click to Pay
- Test Authentication
- Handle Errors
- Reason Codes

Payment Details API

JavaScript API Reference

Appendix
- JSON Web Tokens
- Supported Countries for Digital Payments
- Supported Locales
- Update to Unified Checkout Version 1
  - Update Reason Codes
  - Version 1 Update Checklist
- Security Recommendations
- PCI Compliance

On This Page

Session Validation

The session JWT is digitally signed using RS256. You must confirm that it was issued by Barclays and has not been tampered with. Follow these steps to validate the signature:

Parse the session JWT header to extract the key ID (

kid

):

{
  "kid": "3g",
  "alg": "RS256"
}

Retrieve the public key by sending a request to the

/flex/v2/public-keys/{kid}

endpoint:

Test
: GET

api.smartpayfuse-test.barclaycardflex/v2/public-keys/{kid}

Production
: GET

api.smartpayfuse.barclaycardflex/v2/public-keys/{kid}

Use the returned RSA public key in JSON Web Key format to verify the JWT signature.

IMPORTANT

Depending on the cryptographic library that tou use, you may need to convert the key to Privacy-Enhanced Mail (PEM) format.

Back to top