Execute CSUC Payment

POST 
/b/checkout/api/sdk/v1/csuc_sdk/pay/:session_id/:pg_code/

This endpoint executes a Click to Pay payment through Cybersource Unified Checkout using the transient token generated by the frontend widget.

Flow Summary:

1. Initialize Base Handler: Retrieves PaymentTransaction by session_id
   • Validates that exactly one transaction exists (no duplicates)
   • Raises error if transaction not found or multiple found
2. Initialize Click to Pay Handler: Validates transaction and creates payment attempt
   • Checks transaction validity using is_valid_for_payment()
   • Creates new payment attempt or retrieves latest on condition failure
3. Process Payment: Sends authorization request to Cybersource
   • Extracts transient_token from funding_source
   • Builds payment payload with:
     • Client reference information (order reference number)
     • Processing information (capture=True for auto-capture, commerce_indicator='internet')
     • Order information (amount, currency)
     • Token information (transient token JWT)
   • Calls Cybersource Payments API for authorization
4. Handle Response: Processes payment gateway response
   • Saves transaction ID and decoded token to payment attempt data
   • Updates payment attempt state based on response status
   • Triggers payment state machine transitions
5. Generate Response: Prepares standardized SDK response
   • Generates redirect URL using get_standard_redirect_url()
   • Returns success/failure response with transaction details

Payment Processing Details:

• Operation Type: Determined by MID configuration (CAPTURE or AUTH)
• Auto-Capture: Enabled by default (capture: True in processing_information)
• Commerce Indicator: Set to 'internet' for online transactions
• Decision Manager: Enabled based on MID configuration for fraud detection

Request Parameters:

• pg_code: Payment gateway MID code (validated to support Click to Pay)
• session_id: Payment transaction session ID
• funding_source: Contains the transient token JWT from Cybersource widget

Response Handling:

• Success (200): Payment authorized, returns redirect URL and transaction details
• Failure: Returns error message with attempt details
• Payment attempt state automatically updated based on Cybersource response

Error Handling:

• Invalid or missing session_id: Returns 400 with appropriate error
• Multiple transactions for same session: Returns 400 error
• Transaction not valid for payment: Returns 400 with validation error
• Cybersource API errors: Returns 400 with gateway error message
• Payment attempt state conflicts handled by FSM (Finite State Machine)

Security Considerations:

• Transient tokens are single-use and expire quickly
• Transaction IDs saved for audit and follow-up operations (void, capture, refund)
• All payment data encrypted and logged via @log_io decorator
• Silent signals prevent duplicate webhook notifications during processing

Data Saved to Payment Attempt:

• transaction_id: Cybersource transaction ID for subsequent operations
• transient_token: The JWT token used for payment (for audit)
• transient_decoded_token: Decoded token payload (for debugging)
• form_of_payment: Gateway name (CSUC)

Request

Responses

200

400

401