The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

CyberSource Token Encryption

FoxyCart seems to be encrypting CyberSource Order Tokens for a client when their integration partners are not expecting an encrypted token so their internal systems can't process payments using the Token as expected.

I can't find any documentation as to where/why/how FoxyCart would be encrypting this or how to decrypt. Does anyone have experience with this? The CyberSource documentation specifically says the Token does not need encryption since it's already an encrypted version of the PAN. Help?! I can whisper the account details and an example token once somebody replies. Also emailed support yesterday but thought the community might benefit from an open discussion.
  • fc_adamfc_adam FoxyCart Team

    Sorry for the delay - If you could send us some examples - that would be awesome. Just want to make sure we're on the same page.

    Also, I just did a quick search in the helpdesk - but I can't see your email. Did you email that in directly?
  • Hey @fc_adam, I sent it on Tuesday, but didn't get a kickback receipt email or anything, so maybe the form flaked?:

    I'll whisper you a couple of full order XML. Thanks!
  • fc_adamfc_adam FoxyCart Team

    I've just taken a quick look at our Cybersource gateway code, and to me it looks like we're just directly saving the requestToken as we're being sent, and not performing any further encryption on that value. I'm going to confirm that with another developer and confirm based on what you've sent as examples that what we get is what you're seeing.

    Someone will be back in touch soon to confirm.

    Also - just to confirm with you, are you correctly parsing the value within that node? If not, you might be sending on the "<![CDATA[ ]]>" tags which would make the value invalid.
  • CyberSource is who let us know the token wasn't matching. Per the example code, the request tokens are in there as they come out.
  • fc_adamfc_adam FoxyCart Team

    I just confirmed with out gateway developer - we don't do any modification to the raw value that Cybersource send us, all we do is wrap it in the <!CDATA[ ]]> tags like I mentioned above. Could that be the difference that CyberSource are running into?

    If you could let us know what the value should have been for one of the transactions you listed in your whisper, we'd be happy to take another look - but from all we can see, no adjustments are being made on our side.
Sign In or Register to comment.