Is it possible to add support to UMD or ESM format modules? Currently the supported format is AMD. Is there any other way to load the cybersource-rest-client in the browser? perhaps using something similar to:

`javascript importar {cybersourceRestApi} desde 'cybersource-rest-client'; `

I need to make a library that I choose from among several tools to make payments, and one of them is cybersource-rest-client, from the browser.

any idea?

Following the examples at here and here, I am unable get a successful response in the sandbox environment.

Card Present + EMV (Contact)

Request payload

{
  clientReferenceInformation: { code: 'TC50171_3' },
  processingInformation: { commerceIndicator: 'retail' },
  orderInformation: { amountDetails: { totalAmount: '1', currency: 'SGD' } },
  pointOfSaleInformation: {
    cardPresent: 'Y',
    entryMode: 'contact',
    catLevel: 6,
    terminalCapability: 4,
    trackData: '%B4111111111111111^SMITH/BETTY^23121200123456789012**XXX******?*',
    emv: {
      tags: '9F3303204000950500000000009F3704518823719F100706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A0208409A030006219F02060000000020005F2A0208409F0306000000000000',
      cardSequenceNumber: '001',
      fallback: 'true'
    }
  }
}

Response Body

{
  submitTimeUtc: '2020-04-23T11:19:21Z',
  status: 'INVALID_REQUEST',
  reason: 'INVALID_DATA',
  message: 'Declined - One or more fields in the request contains invalid data'
}

Card Present + EMV (Contactless)

Request payload

{
  clientReferenceInformation: { code: 'TC50171_3' },
  processingInformation: { commerceIndicator: 'retail' },
  orderInformation: { amountDetails: { totalAmount: '1', currency: 'SGD' } },
  pointOfSaleInformation: {
    cardPresent: 'Y',
    entryMode: 'contactless',
    catLevel: 6,
    terminalCapability: 5,
    trackData: '%B4111111111111111^SMITH/BETTY^23121200123456789012**XXX******?*',
    emv: {
      tags: '9F3303204000950500000000009F3704518823719F100706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A0208409A030006219F02060000000020005F2A0208409F0306000000000000',
      cardSequenceNumber: '001',
      fallback: 'true'
    }
  }
}

Response Body

{
  submitTimeUtc: '2020-04-23T11:22:38Z',
  status: 'INVALID_REQUEST',
  reason: 'INVALID_DATA',
  message: 'Declined - One or more fields in the request contains invalid data'
}

I have a feeling that the EMV values are incorrect, but am unsure what is wrong as the response is pretty vague. Would appreciate if someone could correct my mistake.

The client package requires jwk-to-pem to work but it is not listed in the package's own dependencies.

Installing the client results in error Error: Cannot find module 'jwk-to-pem'

(This has nothing to do with the Node SDK but I'm not sure where else to put this.)

https://developer.cybersource.com/library/documentation/dev_guides/REST_API/payments_api.html

Oops... ReDoc failed to render this spec
Error parsing https://developer.cybersource.com/library/documentation/dev_guides/REST_API/payments-swagger.json end of the stream or a document separator is expected at line 16, column 66: ... =w[l]||[];w[l].push({'gtm.start': ^

Hi,

I was testing your module for my project on Linux with Node.js v8.13.
The concatenated path string for path.resolve functionality in "fetchCachedCertificate" function in file authentication/util/Cache.js does not work on Linux as the filepath is created with \\, which is supported on Windows only.
On Linux, / is supported by path npm module.

Does it support typescript?

There are number of backend frameworks using typescript.
It would be great if it can support typescript.

Next.js tries to load the import as AMD, due to relative path resolution in Webpack to get this library to work you need to add the following to next.config.mjs.

const nextConfig = {
  webpack: (config, { isServer }) => {
    config.module.rules.push({
      test: /\.js$/, // Apply this rule to .js files
      include: /node_modules\/cybersource-rest-client/,
      parser: {
        amd: false, // Disable AMD parsing
      },
    });

    return config;
  },
};

Testing module in Angular7.

Module not found: Error: Can't resolve 'model/VoidCaptureRequest' in '/home/sgonzalez/Documents/angular/aguas/node_modules/cybersource-rest-client/src'
ERROR in ./node_modules/cybersource-rest-client/src/index.js
Module not found: Error: Can't resolve 'model/VoidCreditRequest' in '/home/sgonzalez/Documents/angular/aguas/node_modules/cybersource-rest-client/src'
ERROR in ./node_modules/cybersource-rest-client/src/index.js
Module not found: Error: Can't resolve 'model/VoidPaymentRequest' in '/home/sgonzalez/Documents/angular/aguas/node_modules/cybersource-rest-client/src'
ERROR in ./node_modules/cybersource-rest-client/src/index.js
Module not found: Error: Can't resolve 'model/VoidRefundRequest' in '/home/sgonzalez/Documents/angular/aguas/node_modules/cybersource-rest-client/src'

Summary

The enableLog configuration option is disregarded and log files are generated even when the value is false.

Expected Behavior

Specifying enableLog: false when creating a new API client should suppress log files from being written to. An example would be as follows:

const cybersourceRestApi = require('cybersource-rest-client')
const merchantConfig = {
  authenticationType: 'http_signature',
  runEnvironment: 'cybersource.environment.SANDBOX',
  merchantID: 'XXXXXXX',
  merchantKeyId: 'XXXXXXXXX',
  merchantsecretKey: 'XXXXXXXXXXXXXX',
  enableLog: false // this should result in logs from the CyberSource REST client being suppressed
}

const paymentsApi = new cybersourceRestApi.PaymentsApi(merchantConfig)

Actual Behavior

When enableLog: false is specified, the CyberSource REST client still writes logs to the filesystem.

Other Comments

It looks like there was a switch to using the winston-daily-rotate-file package recently, and the enableLog option from the CyberSource client is being passed to this transport as part of a silent option. However, it looks like there is no reference to a silent option in the documentation for this package and so it may not be a valid option for this transport.

I'm trying to update a payment instrument of a customer , but the sdk didn't export the function, the code is in the file src/api/CustomerPaymentInstrumentApi.js but it is not exported on the index.js

Again, there's no general GitHub repo or issue tracker, and if I want to file a ticket on the main site I need an account number, etc. so I'm posting this here. If your team had an issue tracker for the REST API itself that would be swell.

Per documentation on preventing duplicate orders:

Enabling this functionality returns a Reason Code 104 error message if an order is submitted within 15 minutes having the same MRN of a previously successful request. However, if the same order is submitted with a different MRN, the service will not prevent this order from being processed.

When I go to the playground and use the same transactionId twice I get the response:

{
    "submitTimeUtc": "2020-05-29T17:37:47Z",
    "status": "INVALID_REQUEST",
    "reason": "INVALID_DATA",
    "message": "Declined - One or more fields in the request contains invalid data"
}

This seems like a 102 instead of a 104, although the numeric response codes don't apply to the REST API anymore. Swagger specs indicate that DUPLICATE_REQUEST is a possible response, (I also see it in this Node client in the generated code) so I figure that should be returned in that scenario, right?

There was a JSON unmarshal issue for few of the variables on some of the structs in get_transaction_response.go. I've tested the changes I've made below and I was able to call the getTransactionDetails function successfully with no errors. If you could update your get_transaction_resource.go file to the new changes below, that'd be helpful.

index 7a00eba..02d72db 100644
--- a/client/transaction_details/get_transaction_responses.go
+++ b/client/transaction_details/get_transaction_responses.go
@@ -722,7 +722,7 @@ type GetTransactionOKBodyApplicationInformation struct {
        //
        // For details, see the appendix of reason codes in the documentation for the relevant payment method.
        //
-       ReasonCode string `json:"reasonCode,omitempty"`
+       ReasonCode int64 `json:"reasonCode,omitempty"`

        // The status of the submitted transaction.
        Status string `json:"status,omitempty"`
@@ -819,7 +819,7 @@ type GetTransactionOKBodyApplicationInformationApplicationsItems0 struct {
        ReconciliationID string `json:"reconciliationId,omitempty"`

        // The description for this field is not available.
-       ReturnCode string `json:"returnCode,omitempty"`
+       ReturnCode int64 `json:"returnCode,omitempty"`

        // The description for this field is not available.
        Status string `json:"status,omitempty"`
@@ -2568,7 +2568,7 @@ type GetTransactionOKBodyOrderInformationLineItemsItems0 struct {
        // For details, see `tax_amount` field description in [Level II and Level III Processing Using the SCMP API.](https://apps.cybersource.com/library/documentation/dev_guides/Level_2_3_SCMP_API/html/wwhelp/wwhimpl/js/html/wwhelp.htm)
        //
        // Max Length: 15
-       TaxAmount string `json:"taxAmount,omitempty"`
+       TaxAmount int64 `json:"taxAmount,omitempty"`

        // Per-item price of the product. This value cannot be negative. You can include a decimal point (.), but you
        // cannot include any other special characters. CyberSource truncates the amount to the correct number of decimal
@@ -2578,7 +2578,7 @@ type GetTransactionOKBodyOrderInformationLineItemsItems0 struct {
        // [Credit Card Services Using the SCMP API.](http://apps.cybersource.com/library/documentation/dev_guides/CC_Svcs_SCMP_API/html)
        //
        // Max Length: 15
-       UnitPrice string `json:"unitPrice,omitempty"`
+       UnitPrice float64 `json:"unitPrice,omitempty"`
 }

 // Validate validates this get transaction o k body order information line items items0
@@ -2690,7 +2690,7 @@ func (o *GetTransactionOKBodyOrderInformationLineItemsItems0) validateUnitPrice(
                return nil
        }

-       if err := validate.MaxLength("unitPrice", "body", string(o.UnitPrice), 15); err != nil {
+       if err := validate.MaxLength("unitPrice", "body", fmt.Sprintf("%f", o.UnitPrice), 15); err != nil {
                return err
        }```

When we try to upgrade the version to 0.0.51 from 0.0.40 , getting the following error,

TypeError: cybersource_rest_client__WEBPACK_IMPORTED_MODULE_0__.KeyGenerationApi is not a constructor"

The problem we are facing is

• There is no documentation for the breaking changes ,
• Not getting any replacement error while using the old methods
• No enough community support or documentation available

What we tried

import { ApiClient, KeyGenerationApi, GeneratePublicKeyRequest } from 'cybersource-rest-client';
const config = configuration(merchantDetails);
const apiClient = new ApiClient();
const instance = await new KeyGenerationApi(config, apiClient);
const request = await new GeneratePublicKeyRequest();

Please help us to solve this issue
`

I find in the api documentation than is not support yet to Recuring Billling, is that true? PD. sorry for my bad english

After upgrading to the latest version (0.0.40) we are seeing this error in our logs - No valid external logger object found. Turning off external logger flag.

Which gets logged out by line 133 in src/authentication/logging/LogConfiguration.js () within this if statement -

if((typeof (this.externalLogger) === "object" && !(this.externalLogger instanceof ExternalLoggerWrapper))
    || this.externalLogger === undefined || !(this.externalLogger.isLoggerEmpty())){
       ApiException.LoggerException("No valid external logger object found. Turning off external logger flag.")
       this.hasExternalLogger = false;
}

For us this will be because this.externalLogger will be undefined as we haven't set it in the logConfiguration object. We also haven't set the hasExternalLogger flag which gets set to false if missing just above this code on line 128.

As we haven't specified a value for hasExternalLogger, then I don't think this exception shouldn't be getting hit and logging an error, as this.hasExternalLogger is already set to false on line 128 so don't think you need to be checking for an externalLogger object when hasExternalLogger is false as there won't be a logger object, and all you are doing in this case is logging out the error and setting the value to false again.

Hi,

I'm looking to integrate with this library and I've been following the documentation and examples you have available, but unfortunately it appears the latest release (0.45) has deleted the function GeneratePublicKeyRequest used to generate a request object for generating a public key.

I can see some of the models in charge of generating the request object got renamed to:

• model/InlineResponse20012Links.spec.js

But I'm not entirely sure by the name or implementation if that's the new helper for creating the request.

For now I will rollback to the previous version from January and tests if I can still connect to the Rest API's.

Thanks!

Hi,
I would like to create a merchant boarding registration through an API call. Do you have this example?

We are using Flex API to tokenize card, but the token generated has first and last name as 'NOREAL NAME' and generic address, How to update the name and address on token profile ?

Your documentation has no information on how to update the token profile, please help this is an urgent need, thanks

https://developer.cybersource.com/api/soap-developer-guides/dita-flex/SAFlexibleToken/FlexAPI/tokenize_card.html#Id18A3DI00ME9_Id18A3DL0304Y

In implementing the rest client I ran into this error which may be caused by this snippet of code below. I removed it from my own code and I did not run into the bug again. I am using Node 8 with async/await so I am not using callbacks in the first place.

When I go to https://developer.cybersource.com/api-reference-assets/index.html#payments and use the demo setup to authorize a payment, I get the following response:

{
    "clientReferenceInformation": {
        "code": "TC50171_3"
    },
    "id": "5743071140546716703001",
    "orderInformation": {
        "amountDetails": {
            "authorizedAmount": "102.21",
            "currency": "USD"
        }
    },
    "paymentAccountInformation": {
        "card": {
            "type": "001"
        }
    },
    "paymentInformation": {
        "tokenizedCard": {
            "type": "001"
        }
    },
    "processorInformation": {
        "approvalCode": "888888",
        "responseCode": "100",
        "avs": {
            "code": "X",
            "codeRaw": "I1"
        }
    },
    "reconciliationId": "7639330133535H98",
    "status": "AUTHORIZED",
    "submitTimeUtc": "2019-11-21T03:31:54Z",
    "_links": {
        "self": {
            "href": "/pts/v2/payments/5743071140546716703001",
            "method": "GET"
        },
        "authReversal": {
            "href": "/pts/v2/payments/5743071140546716703001/reversals",
            "method": "POST"
        },
        "capture": {
            "href": "/pts/v2/payments/5743071140546716703001/captures",
            "method": "POST"
        },
        "refund": {
            "href": "/pts/v2/payments/5743071140546716703001/refunds",
            "method": "POST"
        },
        "void": {
            "href": "/pts/v2/payments/5743071140546716703001/voids",
            "method": "POST"
        }
    }
}

However, the paymentAccountInformation is missing from your docs, and the swagger schema. The paymentInformation field is present, and it contains card, but all that has is suffix.

I am trying to get the 3-digit string cardType for my own records. I could get it from the paymentInformation > tokenizedCard but I am not sure if I can rely on receiving that field.

Could someone please clarify this, and either correct the swagger schema or the demo site?

Thanks.

node-forge <=0.9.2
Severity: high
Prototype Pollution in node-forge - https://npmjs.com/advisories/1561
No fix available
node_modules/cybersource-rest-auth/node_modules/node-forge
cybersource-rest-auth *
Depends on vulnerable versions of node-forge
node_modules/cybersource-rest-auth
cybersource-rest-client *
Depends on vulnerable versions of cybersource-rest-auth
node_modules/cybersource-rest-client

3 high severity vulnerabilities

Summary

In our serverless node app, with every API call, we are seeing errors relating to attempting to write logs with no transports

Details

Setting enableLog to false, when creating the API client should result in not seeing anything in the logs around logging, but even when enableLog is set to false we are constantly seeing this error message in the logs:

ERROR [winston] Attempt to write logs with no transports

Other comments

It looks like a fix was put in recently relating to issue #66 around the enableFlag not working, which stopped it actually writing logs to the filesystem which caused read-only errors (serverless infrastructure), but it still hasn't been fixed completely

I have encountered a build error when using the “Sam build” command on my AWS SAM app.
I believe this is due to the npm cybersource-rest-client SDK I am using in the project. I am lead to believe this because the app is able to build without the package installed and unable to do so when it is installed.

I would be very grateful if you could tell me whether they have also encountered any such problems with the cybersource-rest-client SDK and how they resolved them

In Simple Order API and Secure Acceptance Checkout API, it is possible to provide a device fingerprint when making an authorization or tokenization using the fields deviceFingerprintID (Simple Order API) and device_fingerprint_id (Checkout API). From a quick search in this repository, I can see there is a field called fingerprintSessionId which seems to have the same structure but is only available for creating Decision Manager cases.

Can fingerprintSessionId be provided when making an authorization or tokenization? If so, where can I find documentation on how to do so? If not, what alternative do I have to provide device fingerprint information to CyberSource when using RESTful API?

When calling winston.loggers.get("category1"), if a logger with the category of "category1" is not found, it will automatically be created.

This means if we run the following code we will create 1000 separate Winston loggers.

for (let i = 0; i < 1000; i++) {
  winston.loggers.get("category" + i);
}

Similarly, when any endpoint is called, the following code is run, resulting in a new Winston logger being created.

To my knowledge, this logger is never closed, and so new Winston loggers pile up on the heap.

The current implementation is:

But surely this should be true when the externalLogger === undefined, and not the other way?

Also you don't need to return true and false. You can just change it to:

    isLoggerEmpty() {
        return this.extLogger !== undefined
    }

If you want to make it more robust also for environments running older versions of ECMAScript, you should actually use typeof this.extLogger !== 'undefined': https://stackoverflow.com/questions/3390396/how-can-i-check-for-undefined-in-javascript

The current versioning for the package does not follow common practices for the environment it's being packaged for. Most npm packages follow semantic versioning, which aids both the consuming engineers as well as the distributing engineers.

Currently the versioning has been done all within the "patch" decimal place, example: 0.0.X
This has a few side effects when utilizing npm as your distribution platform, because there are prefixes that can be applied within the package.json that depend on the versioning adhering to semantic versioning. An example of that would be the ^ prefix, example: "cybersource-rest-client-node": "^0.0.30" this would mean that when installing the package npm will take any update to 'minor' or 'patch', in the current context of writing this would be 0.0.52. This feature is there to allow for an easier development experience for the engineers making the package as they can push more regularly, and allows for the consuming engineers to not have to be so diligent about monitoring small updates for all of the imported packages in their projects.

hello, my payment requests in live environment are returning

errorInformation:
message: "Decline - General decline of the card. No other information provided by the issuing bank."
reason: "PROCESSOR_DECLINED"

How can I resolve this issue. it happens on every card I have used.

Currently I faced with problem that iframe field of card number has type="tel".
Our team actively implement accessibility for our site.
Voiceover read this input as phone number. Do we have any possibility to change input type?

When querying the validateExportCompliance endpoints using the node rest client we receive the following error:

data.map is not a function

This occurs when using sandbox credentials and querying the endpoint with "Maria Rodriguez" to trigger a DECLINED response

ApiClient.js loops through the response from the API endpoint with the convertToType() function, on line 690 it tries to pass the response in to the ['String'] block but fails when mapping the user aliases

When we console.log out the data object we get:

[ 'MATCH-DPC' ]

[
  {
    aliases: '[Maria de Jesus ESPINOZA RODRIGUEZ]',
    sanctionList: 'Office of Foreign Assets Control',
    programs: '[SDNTK]'
  }
]

[Maria de Jesus ESPINOZA RODRIGUEZ] and the convertToType function fails here.

This can be resolved by adding a type check to this section of the function, and if it is a string we cast it as an array for the map function.

          if (typeof(data) === 'string') {
            return [data].map(function(item) {
              return exports.convertToType(item, itemType);
            });
          }

This library introduces major changes to its API in seemingly minor version updates.

Eg. Previously generatePublicKey introduced a new parameter (format) a while ago and somehow it was decided to add it as first parameter, breaking existing calls to it

Now in between 0.0.28 and 0.0.29 there was a fatal deprecation of the RunEnvironment config settings which again, breaks the API calls.

Can you please start using SemVer (https://semver.org/) for this library to flag breaking changes appropriately?

Is it possible to take an existing authorization transaction, with the transaction details and re-authorize it? I am thinking about time when an authorization has expired and I do not have access to the original card data. This is for use cases like shipment delays, or partial shipments.

Are there any code examples that accomplish this?

In the combined schema .json file:

1. There are ~30 instances whereby a field is declared as a "string" type and yet has a "minimum" validation specifier. Minimum is a numeric spec.
2. Similarly, there are ~10 instances whereby a field is declared as a "boolean" type and yet has a "minLength" validation specifier. MinLength is a string spec.

This may be fine for languages that silently values between types, such as Javascript, but it can cause problems with more rigid languages.

Summary:

collections breaks Array.from which causes other npm packages to stop working

Details:

cybersource-rest-client 0.0.20 depends on
cybersource-rest-auth 0.0.7 depends on
collections 5.1.11

collections includes an incorrect modification of Array.from which creates problems for other packages that use Array.from. We discovered this when using testcontainers-node which has a transitive dependency which stops working because of the incorrect overriding of Array.from.

It seems that cybersource-rest-auth only uses collections for Map.

Suggestions/Questions:

• Is cybersource-rest-auth no longer available on Github? How do we fix this problem in the long term?
• Since you only use map from collections, would you consider replacing it with a different library? It seems to not be very actively maintained any more and it seems to have a philosophy of augmenting object prototypes which risks causing breakage in your customer's software in the future.

installing 0.0.48 via npm warns that the package depends on vm2 which has critical security vulnerabilities. the vm2 package warns that the package is deprecated the advices to migrate to isolated-vm.
https://www.npmjs.com/package/vm2

Hi guys, my apologies, I know that this is not an issue but I wonder If I can use this client for working with the PayPal web services?

Having trouble hitting sandbox with payload coming back from apple pay { "processingInformation": { "paymentSolution": "001" }, "paymentInformation": { "fluidData": { "key": "eDDCAGL+IF4WMzsap7Phtvm1DImIO3jIgfXouz2KqUwe4IaAhn18u69A6rgSFMg2vmuNRW8PjFAiiWVPZogGHKg9V+Ln7qaYeaLc+f5esM10U8m6UcpsM+zJyW5iyj4dsFAbpEUxeDew+s/DNY6GfHxbgL2yLjkWvAvKhSh0e2TK1cRYesu2i0fneGxtMeksv7Q7KULhHWHNc79oV8KY80iEk+yF2Uw5QbD24pb+okbQGWzHiQ52V/D2IiCDkSeCDIlsX46luThpUBYjkELQB/3OzevZ81GtgJ845Ez10vQregRodMvj9noMpi60KrOSLPY8wGTkSIlqo9cH33NyOQ6SXrE893qPXqEnP9AtmquyDi994nNFyQxbrp+nUa9XWgpd2tcS0H9xOJfxRUgVBRiG2XwgVFL/aI3vyYnHLQ==" } } }