Merge pull request #25 from CyberSource/latest

Push latest changes up to master

Author: brianmc

README.md

@@ -1,41 +1,41 @@
 # CyberSource Flex Samples
 
-This repository provides simple examples demonstrating usage of the CyberSource Flex SDK using either a headless javascript call (jsp-flexjs) or a fully customizable hosted field/microform which is incorporated into your checkout page.  For more details on Secure Acceptance Flex visit our Developer Guide at https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken.html
+This repository provides simple examples demonstrating usage of the CyberSource Flex SDK using either a headless JavaScript call (jsp-flexjs) or a fully customizable hosted field/microform which is incorporated into your checkout page.  For more details on Secure Acceptance Flex visit our Developer Guide at https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken.html
 
 ## Usage
 
 1. Clone or download this repository.
-2. Update webapp/WEB-INF/credentials.properties with your CAS/Sandbox credentials
-3. Run mvn package in the sample you want to try (jsp-microform or jsp-flexjs)
-4. Copy the output WAR file to your web server directory
+2. Update webapp/WEB-INF/credentials.properties with your [CyberSource sandbox credentials](https://ebc2test.cybersource.com). 
+3. Run ```mvn package``` in the sample you want to try (jsp-microform or jsp-flexjs).
+4. Copy the output WAR file to your web server directory.
 
 ## Requirements
-* Java 1.8 or later . 
-* Tomcat web server .  
+* Java 1.8 or later 
+* Tomcat web server
 
-**_NOTE: While this sample currently requires Java we are planning to release samples in other languages/stacks over the coming months_**
+**_NOTE: While this sample currently requires Java, we are planning to release samples in other languages/stacks over the coming months_**
 
 ## API Reference
-While these examples use the Javascript libraries which we recommend as the most convenient option you can try out the APIs behind the Javascript SDKs by visiting out API Reference at https://developer.cybersource.com/api/reference/api-reference.html
+While these examples use the JavaScript libraries which we recommend as the most convenient option, you can try out the APIs behind the JavaScript SDKs by visiting our API Reference at https://developer.cybersource.com/api/reference/api-reference.html
 
 ## Background on PCI-DSS
 
-Storing your customer’s card data can dramatically increase your repeat-custom conversion rate, but can also add additional risk and [PCI DSS](https://www.pcisecuritystandards.org/pci_security/) overhead. You can mitigate these costs by tokenizing card data. CyberSource will store your customer’s card data within secure Visa data centers, replacing it with a token that only you can use. 
+Storing your customer’s card data can dramatically increase your repeat-customer conversion rate, but can also add additional risk and [PCI DSS](https://www.pcisecuritystandards.org/pci_security/) overhead. You can mitigate these costs by tokenizing card data. CyberSource will store your customer’s card data within secure Visa data centers, replacing it with a token that only you can use. 
 
-Secure Acceptance Flexible Token is a secure method for Tokenizing card data, that leaves you in total control of the customer experience. Your customer’s card number is encrypted on their own device, for example inside a browser or native app, and sent directly to CyberSource. This means card data bypasses your systems altogether. This can help you qualify for [SAQ A](https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf) based PCI DSS assessments for web based integrations, and [SAQ A-EP](https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf) for native app integrations.
+Secure Acceptance Flexible Token is a secure method for Tokenizing card data, that leaves you in total control of the customer experience. Your customer’s card number is encrypted on their own device - for example inside a browser or native app - and sent directly to CyberSource. This means card data bypasses your systems altogether. This can help you qualify for [SAQ A](https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf) based PCI DSS assessments for web-based integrations, and [SAQ A-EP](https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf) for native app integrations.
 
 You are in total control of the look and feel, with the ability to seamlessly blend the solution in to your existing checkout flow, on web or in-app.
 
 On-device encryption helps to protect your customers from attacks on network middleware such as app accelerators, DLPs, CDNs, and malicious hotspots.
 
-The token can be used in lieu of actual card data in server-side requests for other CyberSource services, for example to make a payment, using our REST APIs : https://developer.cybersource.com/api/reference/api-reference.html
+The token can be used in lieu of actual card data in server-side requests for other CyberSource services, for example to make a payment, using our REST APIs: https://developer.cybersource.com/api/reference/api-reference.html
 
 ## Samples
 
-### Javascript (Flex API) Sample
+### JavaScript (Flex API) Sample
 
-This sample demonstrates how your checkout form can remain exactly as it is today, the only addition will be a javascript call to tokenize the customers credit card information directly FROM their browser (to CyberSource) replacing that data with a secure PCI-compliant token which you can then post up to your server along with the other non-PCI order data.  This provides PCI-DSS SAQ-A(EP) level compliance for your application.  
+This sample demonstrates how your checkout form can remain exactly as it is today, with the only addition of a JavaScript call to tokenize the customer's credit card information. This happens directly between their browser and CyberSource, replacing the provided data with a secure PCI-compliant token. This can then be sent to your server along with the other non-PCI order data.  This can help achieve PCI-DSS SAQ A-EP level compliance for your application.  
 
 ### Microform Sample
 
-This sample demonstrates how you can replace the sensitive data fields (credit card number) on your checkout form, with a field (Flex Microform) hosted entirely on CyberSource servers.  This field will accept and tokenize the customers credit card information directly FROM their browser (to CyberSource), replacing that data with a secure PCI-compliant token which you can then post up to your server along with the other non-PCI order data.  This provides PCI-DSS SAQ-A level compliance for your application as even your client-side code does not contain any code to handle the credit card number.
+This sample demonstrates how you can replace the sensitive data fields (credit card number) on your checkout form with a field (Flex Microform) hosted entirely on CyberSource servers. This field will accept and tokenize the customer's credit card information directly from their browser on a resource hosted by CyberSource, replacing that data with a secure PCI-compliant token. This can then be sent to your server along with the other non-PCI order data.  This can help achieve PCI-DSS SAQ A level compliance for your application as even your client-side code does not contain a mechanism to handle the credit card information.

jsp-flexjs/README.md

@@ -1,6 +1,6 @@
 # Flex API Sample
 
-A simple client-side tokenization example integration using Flex Javascript SDK to access the Flex API. For more details on this see our Developer Guide at https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexAPI.html 
+A simple client-side tokenization example integration using Flex JavaScript SDK to access the Flex API. For more details on this see our Developer Guide at: https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexAPI.html 
 
 ## Prerequisites
 
@@ -11,17 +11,17 @@ A simple client-side tokenization example integration using Flex Javascript SDK
 
 ## Setup Instructions
 
-1. Modify `./src/main/webapp/credentials.properties` with the Cybersource REST credentials created through [EBC Portal](https://ebc2.cybersource.com/).
+1. Modify `./src/main/webapp/credentials.properties` with the CyberSource REST credentials created through [EBC Portal](https://ebc2test.cybersource.com/).
 
   ```
   merchantId=YOUR MERCHANT ID
-  keyId=YOUR KEY ID
+  keyId=YOUR KEY ID (SHARED SECRET SERIAL NUMBER)
   sharedSecret=YOUR SHARED SECRET
   ```
 
 2. Build and run the application using maven
   ```bash
-  mvn package
+  mvn clean package
   ```
 
   This will produce a `.war` file that can be deployed to a Tomcat server instance. The deployed application will serve a demonstration card tokenization page on `http://localhost:8080/`. To serve from a different domain, ensure that `targetOrigin` domain is specified when making a call to the `/keys` endpoint. For a detailed example please see [FlexKeyProvider.java](./src/main/java/com/cybersource/example/FlexKeyProvider.java), line 47.

jsp-microform/README.md

@@ -1,6 +1,6 @@
 # Flex Microform Sample
 
-Flex Microform is a CyberSource-hosted HTML/Javascript component that replaces the card number input field on your checkout page and calls the Flex API on your behalf. This simple example integration demonstrates using the Flex Microform SDK to embed this PCI SAQ-A level component in your form. For more details on this see our Developer Guide at https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexMicroform.html
+Flex Microform is a CyberSource-hosted HTML/JavaScript component that replaces the card number input field on your checkout page and calls the Flex API on your behalf. This simple example integration demonstrates using the Flex Microform SDK to embed this PCI SAQ A level component in your form. For more details on this see our Developer Guide at:  https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexMicroform.html
 
 ## Prerequisites
 
@@ -11,24 +11,24 @@ Flex Microform is a CyberSource-hosted HTML/Javascript component that replaces t
 
 ## Setup Instructions
 
-1. Modify `./src/main/webapp/credentials.properties` with the Cybersource REST credentials created through [EBC Portal](https://ebc2.cybersource.com/).
+1. Modify `./src/main/webapp/credentials.properties` with the CyberSource REST credentials created through [EBC Portal](https://ebc2test.cybersource.com/).
 
   ```
   merchantId=YOUR MERCHANT ID
-  keyId=YOUR KEY ID
+  keyId=YOUR KEY ID (SHARED SECRET SERIAL NUMBER)
   sharedSecret=YOUR SHARED SECRET
   ```
 
 2. Build and run the application using maven
   ```bash
-  mvn clean install
+  mvn clean package
   ```
 
   This will produce a `.war` file that can be deployed to a Tomcat server instance. The deployed application will serve a demonstration card tokenization page on `http://localhost:8080/`. To serve from a different domain, ensure that `targetOrigin` domain is specified when making a call to the `/keys` endpoint. For a detailed example please see [FlexKeyProvider.java](./src/main/java/com/cybersource/example/FlexKeyProvider.java), line 47.
 
 ## Tips
 
-- If you are having issues, checkout the full [Hosted FLEX documentation](https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexMicroform.html).
+- If you are having issues, checkout the full [FLEX Microform documentation](https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexMicroform.html).
 
 - If the application throws `java.security.InvalidKeyException: Illegal key size` you have probably not installed the [JCE unlimited policy files](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html).