Cybersource Payment Module Documentation

CyberSource SOAP API Quick Start

You must have completed the CyberSource SOAP API Environment Setup before continuing

Adding Cybersource SOAP API Checkout Support

  1. Add the following component scan in your applicationContext-servlet.xml in your site module
    <context:component-scan base-package="com.broadleafcommerce.vendor.cybersource"/>
  1. Add the Cybersource component scan in your applicationContext.xml of your core module

  2. Declare the beans com.broadleafcommerce.vendor.cybersource.service.payment.CybersourcePaymentGatewayType and org.broadleafcommerce.common.util.SpringAppContext so that Spring can initalize the Broadleaf Enumeration for both Site and Admin

  3. Inject the blCybersourcePaymentConfigurationService bean into the blPaymentGatewayConfigurationServices list in your applicationContext.xml of your core module


    <!-- Cybersource SOAP API -->
    <context:component-scan base-package="com.broadleafcommerce.payment.service.gateway"/>
    <context:component-scan base-package="com.broadleafcommerce.vendor.cybersource"/>
    <bean class="com.broadleafcommerce.vendor.cybersource.service.payment.CybersourcePaymentGatewayType"/>
    <bean class="org.broadleafcommerce.common.util.SpringAppContext"/>

    <bean id="mySampleConfigurationServices" class="org.springframework.beans.factory.config.ListFactoryBean">
        <property name="sourceList">
                <ref bean="blCybersourcePaymentConfigurationService"/>
    <bean class="org.broadleafcommerce.common.extensibility.context.merge.LateStageMergeBeanPostProcessor">
        <property name="collectionRef" value="mySampleConfigurationServices"/>
        <property name="targetRef" value="blPaymentGatewayConfigurationServices"/>

At this point, you should consider writing an integration test similar to the CyberSourcePaymentServiceTest class in the Broadleaf Commerce codebase. This will allow you to confirm your configuration is functional.


You should configure QoS so that your vendor services are monitored and so that you can be notified, or cause some other action to be taken, when a vendor service goes down or comes back up. Please refer to [[QoS Configuration]] for more information.

Managing Customer Data

With CyberSource, it is possible to have a token returned instead of raw payment data as the result of the transaction. In this case, CyberSource maintains the sensitive customer information in their PCI-DSS compliant data center and any future interaction for this transaction is handled using the token. BroadleafCommerce is compatible with either full storage of customer payment information, or token-based responses like what's described here. Please refer to the [[Payment Security and PCI Compliance]] section for more information about how both of these payment storage approaches are achieved in BroadleafCommerce. Also, refer to the payment security brochure provided by CyberSource for more information regarding their services in this area: