Menu

Redirecting the Merchant

Your application must redirect the merchant to Cybersource so that the merchant can log in with their Cybersource credentials and provide permissions for your application.
IMPORTANT
A merchant giving permissions to your application must log in as an Account Owner or Account Administrator.
After the merchant provides or denies permissions for your application, Cybersource redirects the merchant to the redirect URL that you provided when you registered. If the merchant attempted to grant permissions using an account with insufficient privileges, the redirect response is the same as when a merchant denies permission. 
When you redirect the merchant to Cybersource, encode the URL with the following parameters as a query string:
URL-Encoded Query Parameters in Your Redirect
Parameter Name
Required
Notes
sub
Yes
Must be set to
oauth
.
client_id
Yes
The client ID that you received when you registered your application in the Business Center.
redirect_url
Yes
The page to which Cybersource redirects the merchant after the merchant grants your application permissions. The value of the
redirect_url
parameter must exactly match the redirect URL that you supplied during registration.
state
No
Value that is sent in the response to prevent malicious interception, such as a CSRF attack.
Sample Redirect for Testing
https://businesscentertest.cybersource.com/ebc2/oauth/authorize?sub=oauth&redirect_url=https://www.example.com&client_id=yourClientId&state=StateValue
Sample Redirect for Production
https://businesscenter.cybersource.com/ebc2/oauth/authorize?sub=oauth&redirect_url=https://www.example.com&client_id=yourClientId&state=StateValue
Back to top