RELATED TO THIS PAGE

ON THIS PAGE

Product Overview

Whether you’re looking to move to commercetools or are already using it, the certified Cybersource integration can quickly help you reach your digital commerce goals. Our global, modular payment management platform can support you to enhance customer experience, grow revenues and mitigate risk.

The Cybersource Payment Management Platform for commercetools provides access to the following Bank of America Merchant Services services.

  • Payment acceptance: Accept credit card payments worldwide with functionality including payment, payment reversal, capture, refund and credit.
  • Digital Wallet Acceptance through Apple Pay, Google Pay & Visa Click To Pay
  • Fraud management: Tools and expert help you need to reduce fraud and accept more valid orders across channels and geographies. With 3-D Secure 2.1, you can help support Europe’s PSD2 SCA mandate—all while maintaining a customer-friendly checkout experience.
  • Payment security: Our extension reduces your exposure to risk and simplify your PCI DSS compliance using our SAQ-A Microform solution.

The integration approach is based-on commercetools’ API Extensions, enabling access to Bank of America Merchant Services services through commercetools in a flexible way. commercetools’ customers can choose to either self-host or make use of cloud provider services, such as serverless functions, to host the code invoked by commercetools. The extension is split into library services used to support the web-services needed for API Extension invocations and sample implementations of the web-services. The sample implementation makes uses of a lightweight Spring-boot application.

  • Integration Features:
    • REST API
    • Unified Checkout
    • Microform
    • 3DSecure
  • Channels:
    • eComm (CNP)
    • MOTO
  • Payment Methods:
    • Visa
    • MasterCard
    • Maestro
    • American Express
    • Discover
    • Diners
    • Apple Pay
    • Google Pay*
    • Click to Pay
  • Payment Functions:
    • Authorisation
    • Capture
    • Sale
    • Void
    • Full Refund
    • Partial Refund
    • Full Reversal
    • Follow on Credit
    • Standalone Credit
    • Token Management Services (CIT and MIT)
  • Fraud Management:
    • Decision Manager
    • Device ID    
       

*Google Pay transactions via a non-Android device may not invoke the Payer Authentication journey for your customer. If you choose to proceed with an individual non-secure transaction, please be aware that you may lose any liability shift protection that would usually be provided by Payer Authentication.

Getting Started

Prerequisites - commercetools 

Merchant Center configuration:

  • Create a merchant account in the commercetools Merchant Center by visiting here.
  • Payment create and update API extension must have time limit of 10ms and Customer update API should have limit of 3ms and above. You may require commercetools support for increasing this to maximum allowable value. 


System Requirements:

  • System: Windows or macOS
  • Server RAM: The more the merrier. We recommend setting the memory allocation per script (memory limit) to a minimum of 256M.
  • Editor: Visual Studio Code is recommended
  • Node: An installation of node JS of version 16.3.0 or above is recommended

Prerequisites - Bank of America Merchant Services 

You will be able to configure this integration to either Test or Production. If you do not yet have a live Bank of America Merchant Services account, or you wish to first test the integration, then creating a sandbox account will not only allow you to start programmatic integration but also provides access to the Merchant Portal.

Generate REST Keys

Before configurating this integration, you are required to generate your REST keys within your Merchant Portal for both (Live) and (Test)

a.       Sign into your Bank of America Merchant Services Business Center account (Live) or (Test)
b.       Access Payment Configuration -> Key Management
c.       Select the 'Generate Key' button in the top right hand corner
d.       Select your key type as 'REST - Shared Secret' and Generate Key
e.       Copy your Shared Secret Key values and save them securely



 

 

 

 

commercetools Merchant Center

a.        Login to the commercetools Merchant Center and create your project by referring to the following (link)

b.        Once the project setup is done, create the API Client Keys

  • Settings → Developer Settings → Create new API client


c.        Give an API Client name and select the following scopes which are mentioned below:

  • Manage -> Customers, Extensions, Orders, Payments, Types
  • View -> Customers, Orders, Payments, Types


d.        Click Create API client to confirm your entries

e.        Once the keys are generated, ensure to save them securely since they are one-time-accessible

Installing the Plugin

Navigate to Bank of America Merchant Services integration for commercetools marketplace or directly to our GitHub Repository, click on Get the integration and clone the source code to your system.

ii. Once the repository is cloned successfully, open it using Visual Studio Code Editor

iii. Open the terminal, and run the below command to install all the dependencies

Configure and run the extension

a.        After installing all the dependencies, setup the .env file in the root folder of the plugin by referring to the table below:

Environment Variable Value Notes
CONFIG_PORT Port to listen on for HTTP requests Port on which you want the plugin to run
PAYMENT_GATEWAY_MERCHANT_ID Your Bank of America Merchant Services merchant ID Refer to Step 1
PAYMENT_GATEWAY_MERCHANT_KEY_ID ID of your Bank of America Merchant Services shared secret key to be used for HTTP Signature authentication Created in Step 1
PAYMENT_GATEWAY_MERCHANT_SECRET_KEY Value of a Bank of America Merchant Services shared secret key to be used for HTTP Signature authentication Created in Step 1
PAYMENT_GATEWAY_RUN_ENVIRONMENT TEST or PRODUCTION Property for running the project in TEST or PRODUCTION environment
PAYMENT_GATEWAY_DECISION_MANAGER Boolean value - true or false Flag for enabling and disabling Decision Manager for Authorization. Case sensitive.
PAYMENT_GATEWAY_TARGET_ORIGIN https://{yourdomain} Base URL where your frontend will be accessible
PAYMENT_GATEWAY_VERIFICATION_KEY Use Openssl -rand64 32 to generate verification key Used to check Flex tokens for tampering
PAYMENT_GATEWAY_3DS_RETURN_URL URL that the issuing bank will redirect to the customer for payer Used only if payment.paymentMethodInfo.method == creditCardWithPayerAuthentication
PAYMENT_GATEWAY_APPLE_PAY_MERCHANT_ID Your Apple Pay merchant ID Provided by Apple
PAYMENT_GATEWAY_APPLE_PAY_CERTIFICATE_PATH Path where the apple pay certificate is stored Used only if payment.paymentMethodInfo.method == applePay
PAYMENT_GATEWAY_APPLE_PAY_KEY_PATH Path where the apple pay key is stored Used only if payment.paymentMethodInfo.method == applePay
PAYMENT_GATEWAY_ENABLE_RATE_LIMITER Boolean value - true or false Enable to restrict the number of cards a customer can save within the given time limit
PAYMENT_GATEWAY_LIMIT_SAVED_CARD_RATE Numeric value Provide the number of attempts in below specified time period(this time frame includes Success & Failure)
PAYMENT_GATEWAY_SAVED_CARD_LIMIT_FRAME Numeric value between 1-24 Provide the number of hours that saved card attempts are counted(Max 24 hours)
PAYMENT_GATEWAY_DECISION_SYNC Boolean value - true or false Flag for enabling and disabling Decision Sync. Case sensitive.
PAYMENT_GATEWAY_RUN_SYNC Boolean value - true or false Flag for enabling and disabling Run Sync. Case sensitive
CT_PROJECT_KEY Project key for your Commercetools project Created in Step 2
CT_CLIENT_ID Client Id of you Commercetools payment API key Created in Step 2
CT_CLIENT_SECRET Client secret of your Commercetools Payment API key Created in Step 2
CT_AUTH_HOST Commercetools auth server URL Created in Step 2
CT_API_HOST Commercetools API server URL Created in Step 2

b.        Once all the required values are populated in .env file, run the plugin using the following command:

                npm run start

Extending commercetools API & Customization

In-order to extend the commercetools APIs and customization follow the steps given below:

  • Navigate to {baseUrl}/orders
  • Click on Run Script button (this will invoke the {baseUrl}/configurePlugin to employ the API extension & Customization) 

Note: The {baseUrl} will be defined by where you deploy the plugin

Alternatively, you can directly hit the following endpoint

{baseUrl}/configurePlugin 

Alternatively, you can directly hit the following endpoint

Endpoint

Note:. See API Extension Setup to know the values to be passed for the fields required before running the script

Further Information

Need more guidance as you implement a Bank of America Merchant Services‑powered solution?
The Bank of America Merchant Services Developer Center offers resources to help merchants and system integrators build reliable, compliant, and well‑tested integrations.

• Explore Bank of America Merchant Services API documentation for payment processing, tokenization, refunds, and reporting to understand how each capability works within your ISV’s integration.
• Review SDK and code sample libraries to accelerate development and align with recommended implementation patterns.
• Access sandbox environment details to validate transaction flows, verify configuration, and complete end‑to‑end testing.
• Consult integration guides for information on authentication, security controls, risk services, and digital channel support.
• Use the Bank of America Merchant Services Support Center for troubleshooting articles, FAQs, and release updates relevant to your integration path.

These resources are designed to help you deploy and manage your ISV solution efficiently, ensuring a smooth payment experience for your customers.