Developer Guide Menu

Create a Shared Secret Key for HTTP Signature Authentication

HTTP Signature authentication is provided by a Base-64 encoded transaction key, represented in a string format.

Before you can send requests for CyberSource REST API services that are authenticated using HTTP Signature, you must create a shared secret key for your CyberSource merchant account in the Business Center.

IMPORTANT

You must use separate keys for the test and production environments.

The shared secret key created in the Business Center is viable for 3 years.

To create a shared secret key:

  1. In the left navigation panel, choose

    Key Management
    .
  2. Expand the

    Transaction Processing
    menu.
  3. From the drop-down menu, choose

    API Keys
    .

  4. Click

    GENERATE KEY
    .

  5. Choose

    API Cert / Secret
    , then click

    NEXT STEP
    .

  6. Choose

    Shared Secret
    , then click

    SUBMIT
    .

  7. To download the shared secret key to a

    .txt
    file, click

    DOWNLOAD KEY
    .

    IMPORTANT

    Make note of the public key (key) that is generated. This value is required in the header of each REST API call.

  8. If you need another key, click

    CREATE ANOTHER KEY
    .
  9. To see the newly generated key at the bottom of the Key list, click

    KEY MANAGEMENT
    .

  10. The CyberSource SDK requires the key and the shared secret key to use the HTTP signature as an authentication mechanism.

Deactivating Shared Secret Keys

When you deactivate a key it is immediately removed from active status.

To deactivate a shared secret key:

  1. In the left navigation panel, choose

    Key Management
    .
  2. Expand the Transaction Processing menu.
  3. From the drop-down menu, choose

    API Keys
    .
  4. Select the key and click the

    X
    icon to deactivate the key.
Top