On This Page {#jumplink-list} [Markdown](/docs/cybs/en-us/oauth/developer/all/rest/oauth/implementation-overview.md) Filter FILTER BY TAG pilot How to Set Up OAuth 2.0 {#implementation-overview} ================================================== This overview describes the steps that you and the merchant must complete to implement OAuth. #### Figure: OAuth 2.0 Implementation ![](/content/dam/new-documentation/documentation/en-us/topics/platform/bam/oauth/images/oauth-implement-700x400.svg/jcr:content/renditions/original) 1. You enable mutual authentication by obtaining a Certificate Signing Request (CSR) from a supported certificate authority (CA). After obtaining a CSR, you provide your common name details to `Cybersource`. For more information, see [Enable Mutual Authentication](/docs/cybs/en-us/oauth/developer/all/rest/oauth/Supporting-Mutual-Authentication.md ""). 2. You register your web-application in the `Business Center` and set a scope of permissions and a redirect URL to your web-application. For more information, see [Register Your Application](/docs/cybs/en-us/oauth/developer/all/rest/oauth/register-application.md ""). 3. The merchant accesses your web-application, logs into their account using their credentials, and clicks a button or link to set up their `Cybersource` account. 4. Your application redirects the merchant to a `Cybersource`-hosted webpage. For more information, see [Redirect the Merchant](/docs/cybs/en-us/oauth/developer/all/rest/oauth/redirect-merchant-to-cybs.md ""). 5. The merchant logs in to their `Cybersource` account and approves your request. This authorizes your web-application to perform specific actions on their behalf which are set by the permissions scope that the merchant approved. Notify the merchant that their account must have access to grant OAuth permissions to complete this requirement. 6. `Cybersource` redirects the merchant to your application using the redirect URL you registered. An authentication code is appended to the redirect URL. For more information, see [Interpreting the Redirect Response](/docs/cybs/en-us/oauth/developer/all/rest/oauth/redirect-merchant-to-cybs/response-parameters.md ""). 7. Your application exchanges the authorization code with `Cybersource` for these two tokens: * **Access token** : A token to authenticate transactions using `Cybersource`. For more information about how to authenticate `Cybersource` transactions using this token, see [Submit API Requests Using OAuth](/docs/cybs/en-us/oauth/developer/all/rest/oauth/submitting-api-request-using-cybs-extend.md ""). * **Refresh token**: A token that you can use to request additional access tokens. For more information about requesting tokens, see [Request the Access and Refresh Tokens](/docs/cybs/en-us/oauth/developer/all/rest/oauth/obtaining-access-refresh-tokens.md ""). For more information about refreshing your existing tokens, see [Refresh the Access Token](/docs/cybs/en-us/oauth/developer/all/rest/oauth/refreshing-access-token.md "") and [Refresh the Refresh Token](/docs/cybs/en-us/oauth/developer/all/rest/oauth/refreshing-the-refresh-token.md ""). To change the permissions the merchant grants you, you must repeat steps 2--7. You can view examples of these steps in the [demo application](https://oauthsample.test.cybersource.com/cybersource-oauth-app/ ""). You must obtain test merchant credentials to emulate the access delegation. Your test account must contain at least one card-based transaction from within the past 7 days. To sign up for a sandbox test account to create your test credentials, see: [`https://developer.cybersource.com/hello-world/sandbox.html`](https://developer.cybersource.com/hello-world/sandbox.md "")