Cybersource Payment Module Documentation

CyberSource Payment Module

Note: Broadleaf Commerce currently offers integration with CyberSource using the Secure Acceptance SOP and SOAP API methods through a commercial integration module. To obtain this third party integration or if you have any questions about this module, please contact us at

Broadleaf Commerce currently offers integration with CyberSource Secure Acceptance SOP & CyberSource SOAP API.
See documentation here:
Secure Acceptance SOP is a complete payment solution for processing Credit Cards on the web.
This module utilizes Cybersource's Secure Acceptance integration method to perform the initial AUTHORIZE or AUTHORIZE AND CAPTURE
transaction and has the ability to perform VOID, REFUND transactions via the integrated SOAP toolkit API.
This module also allows you to CREATE or UPDATE subscriptions using Secure Acceptance SOP via the TransparentRedirectService, and CREATE, UPDATE or CANCEL subscriptions using SOAP API via the TransactionService.

Note: Due to the way transactions are handled in the CyberSource test environment, VOID's cannot currently be tested. See this stackoverflow post.

Note: The demo site is currently only compatible with Secure Acceptance SOP

CyberSource Secure Acceptance SOP Info

How Secure Acceptance SOP Works

  1. On the final checkout page, the customer fills out their credit card and billing information and hits submit. This form will POST directly to CyberSource with the required information contained within hidden fields and regular form fields.
  2. CyberSource will then process an Authorize and Debit transaction against the billing and credit card information submitted and send a redirect request to the customer's browser.
  3. The customer's browser will then redirect to a Broadleaf URL based on the outcome of the transaction.
  4. Broadleaf will complete the checkout flow based on the response from CyberSource and forward to the appropriate confirmation or error page.

To get started, check out CyberSource Secure Acceptance SOP Environment Setup.

How SOAP API works

This integration method requires a high level of PCI compliance because it is necessary for credit card information to be passed through your servers which are then relayed to CyberSource via the SOAP API. If you are looking to avoid most PCI concerns, consider only using CyberSource Secure Acceptance SOP.

To get started, check out CyberSource SOAP API Environment Setup.