@gr4vy/secure-fields
TypeScript icon, indicating that this package has built-in type declarations

1.21.1 • Public • Published

Secure Fields

NPM Version GitHub license Changelog

Add Secure Fields to your Node app.

Use @gr4vy/secure-fields-react in a React application or @gr4vy/secure-fields-cdn in non-Node web application.

Usage

Via the command line, install this package as follows.

npm install @gr4vy/secure-fields --save-prod
# yarn add @gr4vy/secure-fields --save

Get started

To use Secure Fields, you need some placeholder elements to attach the secure fields on to. Each of these elements will be replaced by a secure field. These elements can be <input> but do not need to be.

<label for="cc-number">Card Number</label>
<input id="cc-number" />

<label for="cc-cvv">Security code</label>
<input id="cc-cvv" />

<label for="cc-expiry">Expiry date</label>
<input id="cc-expiry" />

<button id="cc-button">Submit</button>

To use Secure Fields, call the new SecureFields() method with a configuration object that includes the environment (sandbox or production), your gr4vyId and a sessionId obtained from calling the Checkout Sessions API. An optional paymentMethodId parameter can also be passed to use Secure Fields with a stored payment method.

Then, add the fields and event listeners needed to handle the form submission.

const { SecureFields } = require('@gr4vy/secure-fields')

// Alternatively
// import { SecureFields } from '@gr4vy/secure-fields'

const secureFields = new SecureFields({
  gr4vyId: '[GR4VY_ID]',
  environment: 'sandbox',
  sessionId: '[SESSION_ID]',
  // paymentMethodId: '[PAYMENT_METHOD_ID]', // uuid of a stored payment method (optional)
})

secureFields.addFont('Lato')

const styles = {
  color: 'black',
  fontSize: '18px',
  fontFamily: 'Lato',
  ':focus': {
    color: 'blue',
  },
}

const number = secureFields.addCardNumberField('#cc-number', { styles })
const expiry = secureFields.addExpiryDateField('#cc-expiry', { styles })
const cvv = secureFields.addSecurityCodeField('#cc-cvv', { styles })

secureFields.addEventListener(SecureFields.Events.CARD_VAULT_SUCCESS, () =>
  console.log('Card tokenized successfully')
)

secureFields.addEventListener(
  SecureFields.Events.CARD_VAULT_FAILURE,
  (data) => console.log('Card tokenization failed', data) // data.status, data.code, data.message
)

number.addEventListener('input', (data) => {
  console.warn('Input changed', data) // data.schema, data.codeLabel...
})

const button = document.querySelector('#cc-button')
button.addEventListener('click', () => {
  secureFields.submit()
})

Note: Replace [GR4VY_ID] with your Gr4vy ID and [SESSION_ID] with a valid checkout session id.

This will initialize Secure Fields and replace each of the inputs with a corresponding secure element. On submit, it will store the card data securely with Gr4vy, after which you can create a transaction or vault the card for later use.

For more information please refer to the Secure Fields get started guide.

Styles

The outer styling of every Secure Field is completely in your control by applying your own CSS to the following class names.

/* Applied to each field */
.secure-fields__input {
}
/* Applied to the card number field */
.secure-fields__input--number {
}
/* Applied to the expiry date field */
.secure-fields__input--expiry-date {
}
/* Applied to the security code field */
.secure-fields__input--security-code {
}
/* Applied to a focused field */
.secure-fields__input[data-secure-fields-focused] {
}
/* Applied to an invalid field */
.secure-fields__input[data-secure-fields-invalid] {
}
/* Applied to an autofilled field */
.secure-fields__input[data-secure-fields-autofilled] {
}

To set the CSS of the content of a field an object of CSS rules can be passed to the addCardNumberField, addExpiryDateField and addSecurityCodeField methods.

const styles = {
  // Default styles applied to field
  color: "#66666",
  fontSize: "1.3em",
  // ...etc

  // Applied when field has a value autofilled by browser/extension
  ':autofill': { ... },
  // Applied when field is hovered
  ':hover': { ... },
  // Applied when field is focused
  ':focus': { ... },
  // Applied when field is disabled
  ':disabled': { ... },
  // Applied when field is valid
  ':valid': { ... },
  // Applied when field is invalid
  ':invalid': { ... },
  // Applied to field placeholder
  '::placeholder': { ... },
}

Not all CSS properties can be set. The currently supported list is as follows.

backgroundColor
boxShadow
caretColor
color
colorScheme
cursor
font
fontFamily
fontFeatureSettings
fontKerning
fontSize
fontSizeAdjust
fontStretch
fontStyle
fontVariant
fontVariantAlternates
fontVariantCaps
fontVariantEastAsian
fontVariantLigatures
fontVariantNumeric
fontVariationSettings
fontWeight
letterSpacing
lineHeight
opacity
padding
textAlign
textShadow
textRendering
transition
MozOsxFontSmoothing
WebkitFontSmoothing

Events

Global events

The following events can be listened to by attaching an event handler to the SecureFields instance using the addEventListener method.

Name Description Example
CARD_VAULT_SUCCESS Triggered when the card is successfully vaulted. secureFields.addEventListener(SecureFields.Events.CARD_VAULT_SUCCESS, () => { console.log('Card has been tokenized successfully!') })
CARD_VAULT_FAILURE Triggered when the card vaulting fails. secureFields.addEventListener(SecureFields.Events.CARD_VAULT_FAILURE, ({ code, status, message }) => { console.log('Couldn\'t tokenize the card', { code, status, message }) })
FORM_CHANGE Triggered when one of the form field is changed. The complete property shows if the form is ready to be submitted, i.e. card number and expiry date are filled and valid. secureFields.addEventListener(SecureFields.Events.FORM_CHANGE, ({ complete, fields }) => { console.log('Form state', { complete, fields }) })
READY Triggered when Secure Fields is loaded and ready to be used. secureFields.addEventListener(SecureFields.READY, () => { console.log('Secure fields loaded') })

Field events

The following events can be listened to by attaching an event handler to a field (returned by the addCardNumberField, addExpiryDateField and addSecurityCodeField methods) using the addEventListener method.

Some of these provide additional useful data like the card BIN, validation status, and scheme. For example, the input event on a card number field might include { schema: 'visa', codeLabel: 'CVV', valid: true, ... }.

Name Description Example
blur Triggered when the field loses focus. cardNumberField.addEventListener('blur', (data) => { console.log(data) /* { type: 'number' } */ })
focus Triggered when the field gains focus. cardNumberField.addEventListener('focus', (data) => { console.log(data) /* { type: 'number' } */ })
input Triggered when the field value has been changed. cardNumberField.addEventListener('input', (data) => { console.log(data) /* { type: 'number', schema: 'visa', codeLabel: 'CVV', valid: true, empty: true, autofilled: false, bin: '411111' } */

Click to Pay

Click to Pay is the better way to pay online – featuring advanced payment technology built on secure remote commerce industry standards.

Prerequisites

Follow the instructions for Click to Pay Merchant Setup.

Adding Click to Pay

Once Secure Fields is configured, you can start adding Click to Pay to your checkout.

Firstly, add a placeholder component to your form so Secure Fields knows where to render the Click to Pay component.

Then, add a simple sign-in form to let users access their Click to Pay stored cards.

Additionally, add a checkbox to allow a customer not already enrolled to determine if they want to share the card data with Click to Pay or not.

Finally, ensure card inputs are wrapped with a container element (e.g. <form />) with a specific id.

<div id="click-to-pay"></div>

<div id="click-to-pay-sign-in" style="display: none;">
  <label>Access your Click to Pay stored cards</label>
  <input type="text" id="phoneOrEmail" />
  <button id="signInButton">Continue</button>
</div>

<form id="card-form" style="display: none;">
  <label htmlFor="cc-number">Card number</label>
  <input type="text" id="cc-number" />

  <label htmlFor="cc-expiry-date">Expiry date</label>
  <input type="text" id="cc-expiry-date" />

  <label htmlFor="cc-security-code">Security code</label>
  <input type="text" id="cc-security-code" />
</form>

<input type="checkbox" id="click-to-pay-consent-checkbox" />
<label for="click-to-pay-consent-checkbox"
  >Store my card with Click to Pay</label
>

<script>
  var phoneOrEmail = document.querySelector('#phoneOrEmail')
  var signInButton = document.querySelector('#signInButton')
  signInButton.addEventListener('click', function () {
    clickToPay.signIn({ email: phoneOrEmail.value })
  })
</script>

Next, attach the secure field for Click to Pay to this element. This will require the email and/or phone number of the user you want to create a transaction for. It also requires an HTML query for the consent checkbox that controls if the card data for a new card is shared with Click to Pay or not.

const clickToPay = secureFields.addClickToPay('#click-to-pay', {
  dpaLocale: 'en_AU',
  cardBrands: ['mastercard', 'visa', 'american-express'],
  email: 'john@example.com',
  mobileNumber: {
    countryCode: '61',
    phoneNumber: '491570159',
  },
  consentCheckbox: '#click-to-pay-consent-checkbox',
  signIn: '#click-to-pay-sign-in',
  cardForm: '#card-form',
})
// clickToPay = { element: <div id="click-to-pay" />, signIn: ..., options: { dpaName: ... } }

The available Click to Pay options are the following:

Option Name Description
srcDpaId DPA Identifier. This is a unique identifier for you Digital Payment Application (DPA), which was generated during onboarding.
dpaName Legal name of registered DPA.
cardBrands List of card schemes the merchant accepts. We currently support mastercard, maestro, visa, amex, discover
cardForm A reference to the card form wrapper.
signIn A reference to the sign-in elements wrapper.
consentCheckbox A reference to the opt-in consent checkbox element.
learnMoreLink A reference to the learn more link element.
email The user email used to access Click to Pay.
mobileNumber The user phone number used to access Click to Pay. Required format is { countryCode: string, phoneNumber: string }
dynamicDataType The type of cryptogram or token used for the card data. See the Mastercard docs for more information. Possible values are NONE and CARD_APPLICATION_CRYPTOGRAM_SHORT_FORM.

Additional Global events

The following Click to Pay events can be listened to by attaching an event handler to the SecureFields instance using the addEventListener method.

Name Description Example
CLICK_TO_PAY_INITIALIZED Triggered when Click to Pay has been initialized. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_INITIALIZED, (clickToPay) => { console.log('Click to Pay initialized', clickToPay) })
CLICK_TO_PAY_READY Triggered when Click to Pay is ready. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_READY, ({ buyerExists }) => { console.log('Click to Pay ready', { buyerExists }) })
CLICK_TO_PAY_SIGN_OUT Triggered when a user signs out of Click to Pay. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_SIGN_OUT, ({ buyerExists }) => { console.log('User signed out') })
CLICK_TO_PAY_ERROR Triggered when Click to Pay throws an error. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_ERROR, (error) => { console.log('Click to Pay error', error) }) // "RETRIES_EXCEEDED" | "CODE_INVALID" | "INVALID_CARD" | "SIGN_OUT_FAILED" | "ACCT_INACCESSIBLE" | "UNKNOWN" | "USER_NOT_RECOGNIZED" |
CLICK_TO_PAY_CANCEL Triggered when a user closes / cancels Click to Pay. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_CANCEL, () => { console.log('User cancelled Click to Pay') })
CLICK_TO_PAY_CHECKOUT_WITH_NEW_CARD Triggered when a user performs the checkout with a new card (not yet enrolled in Click to Pay). secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_CHECKOUT_WITH_NEW_CARD, () => { console.log('User is using a new card') })
CLICK_TO_PAY_UNABLE_TO_LOAD_DPA Triggered when the provided Click to Pay DPA cannot be loaded. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_UNABLE_TO_LOAD_DPA, () => { console.log('Unable to load Click to Pay DPA') })
CLICK_TO_PAY_VISIBILITY_CHANGE Triggered when the Click to Pay element is shown or hidden. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_VISIBILITY_CHANGE, (visible) => { console.log('Click to Pay element is ' + visible ? "visible" : "not visible") })
CLICK_TO_PAY_CARD_FORM_VISIBILITY_CHANGE Triggered when the card form container is shown or hidden. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_CARD_FORM_VISIBILITY_CHANGE, (visible) => { console.log('Card form is ' + visible ? "visible" : "not visible") })
CLICK_TO_PAY_SIGN_IN_VISIBILITY_CHANGE Triggered when the sign in container is shown or hidden. secureFields.addEventListener(SecureFields.Events.CLICK_TO_PAY_SIGN_IN_VISIBILITY_CHANGE, (visible) => { console.log('Sign in is ' + visible ? "visible" : "not visible") })
METHOD_CHANGE Triggered when the user selects a different method (either card or click-to-pay) secureFields.addEventListener(SecureFields.Events.METHOD_CHANGE, (method) => { console.log('Selected method changed', method) })

API reference

Getters

Name Description
Events Gives access to the supported events.

SecureFields.Events.READY
version Returns the current version of the instance.

SecureFields.version

Methods

Name Description
constructor Instantiates SecureFields with a configuration object include environment, gr4vyId and a session id. An optional paymentMethodId parameter can also be passed to use Secure Fields with a stored payment method.

new SecureFields({...})
addCardNumberField Injects a secure field of type number.

secureFields.addCardNumberField('#cc-number', { placeholder: 'Enter card number', ... })
addSecurityCodeField Injects a secure field of type securityCode.

secureFields.addSecurityCodeField('#cc-security-code', { placeholder: 'Enter security code', ... })
addExpiryDateField Injects a secure field of type expiryDate.

secureFields.addExpiryDateField('#cc-expiry-date', { placeholder: 'Enter expiry date', ... })
addClickToPay Injects a field that initializes Click to Pay.

secureFields.addClickToPay('#click-to-pay', { dpaLocale: 'en_AU', cardBrands: ['mastercard', 'visa'], ... })
addEventListener Attaches an event handler to the SecureFields instance or to a secure field in order to listen to specific events. Requires one of the events supported and a callback.

secureFields.addEventListener(SecureFields.Events.READY, (data) => { ... })

cardNumberField.addEventListener('input', (data) => { ... })
removeEventListener Removes a previously attached event handler.
submit Calls the Vault API to tokenize and store the card data.

secureFields.submit()
setDebug Enable / disable debug mode. When the debug mode is enabled, SecureFields logs information to the console.

secureFields.setDebug(true)
addFont Load a custom font from Google Fonts to be used inside inputs. You can define the font family as well as styles or weights as a string (e.g. "Lato:400,600"). To use the loaded font, add the correct fontFamily property to the styles object when creating fields.

secureFields.addFont('Lato')

Readme

Keywords

none

Package Sidebar

Install

npm i @gr4vy/secure-fields

Homepage

gr4vy.com

Weekly Downloads

191

Version

1.21.1

License

MIT

Unpacked Size

99.2 kB

Total Files

25

Last publish

Collaborators

  • luca-gr4vy
  • gr4vy!
  • douglaseggleton
  • cbetta