Developer Guide Menu

Create a Shared Secret Key for HTTP Signature Authentication

HTTP Signature authentication is provided by a Base-64 encoded transaction key, represented in a string format.
Before you can send requests for CyberSource REST API services that are authenticated using HTTP Signature, you must create a shared secret key for your CyberSource merchant account in the Business Center.

IMPORTANT

You must use separate keys for the test and production environments.
The shared secret key created in the Business Center is viable for 3 years.
To create a shared secret key:
  1. In the left navigation panel, choose
    Key Management
    .
  2. Expand the
    Transaction Processing
    menu.
  3. From the drop-down menu, choose
    API Keys
    .
  4. Click
    GENERATE KEY
    .
  5. Choose
    API Cert / Secret
    , then click
    NEXT STEP
    .
  6. Choose
    Shared Secret
    , then click
    SUBMIT
    .
  7. To download the shared secret key to a
    .txt
    file, click
    DOWNLOAD KEY
    .

    IMPORTANT

    Make note of the public key (key) that is generated. This value is required in the header of each REST API call.
  8. If you need another key, click
    CREATE ANOTHER KEY
    .
  9. To see the newly generated key at the bottom of the Key list, click
    KEY MANAGEMENT
    .
  10. The CyberSource SDK requires the key and the shared secret key to use the HTTP signature as an authentication mechanism.

Deactivating Shared Secret Keys

When you deactivate a key it is immediately removed from active status.
To deactivate a shared secret key:
  1. In the left navigation panel, choose
    Key Management
    .
  2. Expand the Transaction Processing menu.
  3. From the drop-down menu, choose
    API Keys
    .
  4. Select the key and click the
    X
    icon to deactivate the key.
Top