Introduction to P12 Authentication for SOAP Toolkit Key Users

Cybersource
 will no longer support username and password-based authentication for merchants who use the
SOAP toolkit key
. You are required to remove username and password-based authentication from your SOAP toolkit integration, and transition to certificate-based authentication, by these dates:
  • Test Environment:
     July 16, 2025
  • Production Environment:
     August 13, 2025
Your API requests to
Cybersource
 will be rejected if you do not implement P12 authentication by the above dates.
This migration guide explains how to transition your SOAP authentication to use a compliant P12 certificate. You must complete this update to remain compliant and avoid service disruptions. Updated toolkit examples for these programming environments are available in GitHub:
If your SOAP integration uses a different programming environment or commercial off-the-shelf software (COTS), see Overview of WS-Security 1.0 with the SOAP API for more information about implementing this change.

How to Set Up P12 Certificate Keys

These are the tasks you must complete to configure your system to support P12 certificate authentication.
  1. Create a .p12 file in the
    Business Center
    . For more information, see Introduction to P12 Authentication for SOAP Toolkit Key Users.
  2. Edit the files in your application to use P12 authentication. How you edit your files is dependent on your system's programming environment:
  3. Send a test authorization request using your P12 certificate. For more information, see Send a Test Request with P12 Authentication.
  4. Verify that your request used your P12 certificate. For more information, see Verify Your P12 Certificate in Transaction Management.

Endpoints for the Simple Order API

While you complete this security update, verify that your integration uses one of these valid Simple Order API endpoints.
Production endpoints:
  • https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
  • https://ics2wsa.ic3.com/commerce/1.x/transactionProcessor
  • India:
    https://ics2ws.in.ic3.com/commerce/1.x/transactionProcessor
Test endpoints:
  • https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
  • https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor
  • India:
    https://ics2wstest.in.ic3.com/commerce/1.x/transactionProcessor

Master Shared Secret Keys

If you are a portfolio user who creates
master shared secret keys
 using the API, contact your technical account manager for more information about automatically creating security keys. The current process for creating master shared secret keys is not compatible with the certificate-based authentication.