Getting Started with CyberSource Payments

About CyberSource Payments

The current RESTful APIs only support a limited set of CyberSource solutions. Stay tuned for the advanced payment options. For further information or to plan your production roll out, contact [email protected].

Before moving to production and running real transactions, you must have a merchant account from an acquiring (merchant) bank that can process the credit card payments. Some banks may not be familiar with Internet Commerce and could require more time to establish your account. The merchant bank account must be configured to process card not-present or mail order/telephone order (MOTO) transactions.

The following table lists the types of fees that can be charged:

Fee Description
Discount Rates Your acquiring bank charges a fee and collects a percentage of every transaction. A combination of fee and percentage is called the discount rate. These charges can be bundled (combined into a single charge) or unbundled (charged separately) depending on your acquiring bank and other factors.
Interchange Fees Visa and MasterCard each have a base fee, called the interchange fee, for each type of transaction. Your acquiring bank and processor can explain how to minimize this fee.
Chargebacks When customers dispute charges to their accounts, you can incur chargebacks. A chargeback occurs when a charge on a customer’s account is reversed. Your merchant bank removes the money from your account and could charge you a fee for the chargeback.


The following table lists the regional availability for CyberSource Payments. To view availability of all products, refer to the Availability Matrix.

Available in entire region

Limited availability in region

Not available

Region Availability Notes
North America

Things to Know

You can process credit, debit and gift cards across the globe and across multiple channels with scalability and security. CyberSource supports an extensive list of payment cards and offers a wide choice of gateways and acquiring banks, all through one connection.

Get started by creating a project that utilizes the CyberSource Payments API. Once the project is created, you receive a Merchant Registration Confirmation email from CyberSource. Follow the email instructions to activate your admin account and to log in to the CyberSource Enterprise Business Center (EBC). Use the EBC to search for transactions, view reports and other administration tasks.

The CyberSource Payments API uses the following RESTful API concepts:

  1. Resources: each payment function is accessed with a “resource”, such as authorizations, captures, etc. Each individual payment object, such as an authorization, can also be accessed with its unique resource id.
  2. HTTP Verbs and Status: use HTTP GET to retrieve resource details and use HTTP POST to submit requests (for example, a payment authorization request) that change the state of the resource. The HTTP status code 200 is returned for a successful API call. Other HTTP status codes, such as 400 and 500, are returned for unsuccessful calls.
  3. Hypermedia links for follow-on actions: CyberSource Payments API uses JSON Hypertext Application Language (HAL) to inform the follow-on actions that can be performed on a resource. For example, a payment capture can be performed on a successful payment authorization. If the HTTP Accept header is not found or has the value of “application/hal+json”, HAL links are returned in the response. If the HTTP Accept header has the value of “application/json”, plain JSON objects without HAL links are returned in the response.

How Does it Work?

This diagram shows how real-time electronic card processing works using CyberSource Payments.
  1. Purchaser places order.
  2. Merchant securely transfers order information to CyberSource, using the CyberSource Payments API.
  3. CyberSource formats the transaction detail appropriately and securely routes the transaction authorization request through its payment gateway to the processor.
  4. The transaction is then routed to the issuing bank (purchaser's bank) to request transaction authorization.
  5. The transaction is authorized or declined by the issuing bank or card (Discover, American Express).
  6. CyberSource returns the message to the merchant.
  7. Issuing bank approves transfer of money to acquiring bank.
  8. The acquiring bank credits the merchant's account.
CyberSource flow diagram for how it works

APIs Included

CyberSource Payments

The CyberSource Payments API provides functionality for payment processing for authorization, capture, and settlement of card transactions, worldwide.

Secure Acceptance Flexible Token API

The Secure Acceptance Flexible Token API provides the most secure method for tokenizing card data and reduces your PCI DSS burden. Card data is encrypted on the customer’s device and sent directly to CyberSource, bypassing your systems altogether.