Maksu Logo

Maksu VPOSClient JavaScript SDK

Home

vposclient.js

Maksu CSE JavaScript SDK Browser-based SDK for integrating hosted Cardholder data fields in iframe, to be integrated with direct api payment flows, but same time stay out of PCI-DSS. This SDK provides: - Communitcation and control of iframe card data - Helping to process 3DS flows in direct api setting Intended for use by merchant web applications. This SDK enables merchants to integrate PSP hosted cardholder data fields in PSP iframe to merchant controlled payment page. High-Level Payment Flow The payment process consists of the following steps: 1. Merchant payment page includes hosted fields iframe into its payment page <iframe id="vpos-cseiframe" style="display: block;" width="480" height="105" src="https://pay.test.maksupay.com/vpos/cseiframe.html?version=5&mid=200002&date=202602030812&signature=XdKEIvyh######bFpNlg%3D%3D"> </iframe> version - 5 mid - is your merchant id date - current date in GMT yyyyMMddmmss (if time is more than 4 hours off, request is denied) lang - optional iso language code 2 letters eg en, et, de Signature is calculated as values of parameters Base64(RS256({version};{mid};{date};)) using Your private key. 2. Communication with iframe <script type="text/javascript" src="https://pay.test.maksupay.com/vpos/js/vposclient.js"> </script> and then initialize vpos client as: const vposClient= new VPOSClient();
3. Initialize parameters for CSE iframe vposClient.initCSEIframe(cvvRequired, nameRequired); cvvRequired, nameRequired - are booleans (true/false) indicating if those fields are required to be filled. 4. Merchant adds flow control buttons "Continue" (Pay) and "Cancel" 5. Continue button On click, capture and verify encrypted card data result from ifrme using client function vposClient.getEncryptedCardDataFromIframe(cvvRequired, nameRequired, callbackFunction(results)) In callbackFunctionCardData implement results check and continue flow. If data ok, implement 3DS and payment flow as needed. 6. Flows diagram for 3DS handling vpos3-direct-api-flows.pdf Security and Design Principles - No sensitive secret keys or data are exposed in the browser - All payment results are cryptographically signed - When using iframe merchant is not subject to PCI-DSS Itended Audience This SDK and its documentation are intended for: - Merchant integration teams - Payment service providers and technical partners - Security reviewers and auditors Example implemtation (demo)