Passing six-digit BINs can result in no match being generated when there are multiple possible matches. We recommend that you update your systems to pass eight-digit BINs as soon as possible.

October 2023: REST and Simple Order API Security Updates

Three security requirements are mandated for completion beginning February 28, 2024. To avoid service interruptions, ensure that your systems are up to date to comply with these requirements:
  • REST API Digest Parentheses Removal (REST HTTP Signature)
    : Cybersource API calls using HTTP Signature authentication must adhere to industry standards and will no longer support the use of parentheses within the HTTP header.
    This requirement will be implemented in Production by March 22, 2024.
  • Default Password p12 Keys (Simple Order API, REST JWT, Batch Upload, Account Updater Batch Upload)
    : All Cybersource issued P12 keys created after the implementation date will be secured with a password set by the user during key generation within the Cybersource Business Center. This password will not be stored within Cybersource systems and must be securely stored by the user to open the key file or for use with your API implementation.
    This requirement will be implemented in Production on February 28, 2024.
  • SHA 256 Envelope p12 Keys (Simple Order API, REST JWT)
    : P12 keys will be generated with an enhanced HmacPBESHA-256 algorithm. This can cause older SDKs or operating systems to be unable to access the key.
    This requirement will be implemented in Production on February 28, 2024.
For more information on these updates, read the Support Center article here.