You must secure messages that you send to CyberSource.
Message security has two components, channel security and authentication. Channel security is maintains the security of the message in transit between two endpoints. Authentication is how CyberSource determines that a secure message comes from a particular merchant. To sum up, channel security prevents eavesdropping and tampering in transit, and authentication proves that the message received came from the person it says it came from. Both components are necessary to establish trust and to process transactions.
REST uses transport layer security (TLS) for channel security like most CyberSource APIs do. REST uses two different authentication mechanisms: JSON Web Token (JWT) or HTTP Signature. Both use the http message header to transmit the merchant's credentials to CyberSource.