On This Page
REST API
Redirecting the Merchant
Your application must redirect the merchant to Cybersource so that the merchant can log in with their Cybersource credentials and provide permissions for your application.
IMPORTANT
A merchant giving permissions to your application must log in as an Account Owner or Account Administrator.
After the merchant provides or denies permissions for your application, Cybersource redirects the merchant to the redirect URL that you provided when you registered. If the merchant attempted to grant permissions using an account with insufficient privileges, the redirect response is the same as when a merchant denies permission.
When you redirect the merchant to Cybersource, encode the URL with the following parameters as a query string:
Parameter Name | Required | Notes |
|---|---|---|
sub | Yes | Must be set to oauth . |
client_id | Yes | The client ID that you received when you registered your application in the Business Center. |
redirect_url | Yes | The page to which Cybersource redirects the merchant after the merchant grants your application permissions. The value of the redirect_url parameter must exactly match the redirect URL that you supplied during registration. |
state | No | Value that is sent in the response to prevent malicious interception, such as a CSRF attack. |
Sample Redirect for Testing
https://businesscentertest.cybersource.com/ebc2/oauth/authorize?sub=oauth&redirect_url=https://www.example.com&client_id=yourClientId&state=StateValue
Sample Redirect for Production
https://businesscenter.cybersource.com/ebc2/oauth/authorize?sub=oauth&redirect_url=https://www.example.com&client_id=yourClientId&state=StateValue