Introduction to P12 Authentication for SOAP Toolkit Key Users

Cybersource

will no longer support username and password-based authentication for merchants who use the SOAP toolkit key
. You are required to remove username and password-based authentication from your SOAP toolkit integration, and transition to certificate-based authentication, by these dates:

Test Environment:
July 16, 2025

Production Environment:
August 13, 2025

This migration guide explains how to transition your SOAP authentication to use a compliant P12 certificate. You must complete this update to remain compliant and avoid service disruptions. Updated toolkit examples for these programming environments are available in GitHub:

C++ SOAP toolkit

C# SOAP toolkit

Java SOAP toolkit

PHP SOAP toolkit

If your SOAP integration uses a different programming environment or commercial off-the-shelf software (COTS), see Overview of WS-Security 1.0 with the SOAP API for more information about implementing this change.

Your API requests to Cybersource will be rejected if you do not implement P12 authentication by the above dates.

Endpoints for the Simple Order API

While you complete this security update, verify that your integration uses one of these valid Simple Order API endpoints.

Production endpoints:

https://ics2ws.ic3.com/commerce/1.x/transactionProcessor

https://ics2wsa.ic3.com/commerce/1.x/transactionProcessor

India:

https://ics2ws.in.ic3.com/commerce/1.x/transactionProcessor

Test endpoints:

https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor

https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor

India:

https://ics2wstest.in.ic3.com/commerce/1.x/transactionProcessor

Master Shared Secret Keys

If you are a portfolio user who creates master shared secret keys
using the API, contact your technical account manager for more information about automatically creating security keys. The current process for creating master shared secret keys is not compatible with the certificate-based authentication.