Introduction to P12 Authentication for SOAP Toolkit Key Users

Cybersource

will no longer support username and password-based authentication for merchants who use the SOAP toolkit key
. You are required to remove username and password-based authentication from your SOAP toolkit integration, and transition to certificate-based authentication, by these dates:

Test Environment:
September 1, 2025

Production Environment:
September 15, 2025

Your API requests to Cybersource will be rejected if you do not implement P12 authentication by the above dates.

This migration guide explains how to transition your SOAP authentication to use a compliant P12 certificate. You must complete this update to remain compliant and avoid service disruptions. Updated toolkit examples for these programming environments are available in GitHub:

C++ SOAP toolkit

C# SOAP toolkit

Java SOAP toolkit

PHP SOAP toolkit

If your SOAP integration uses a different programming environment or commercial off-the-shelf software (COTS), see Overview of WS-Security 1.0 with the SOAP API for more information about implementing this change.

How to Set Up P12 Certificate Keys

These are the tasks you must complete to configure your system to support P12 certificate authentication.

Create a .p12 file in the Business Center. For more information, see Introduction to P12 Authentication for SOAP Toolkit Key Users.

Edit the files in your application to use P12 authentication. How you edit your files is dependent on your system's programming environment:

C++ Upgrade to P12 Authentication

C# Upgrade to P12 Authentication

Java Upgrade to P12 Authentication

PHP Upgrade to P12 Authentication

Other programming languages

Send a test authorization request using your P12 certificate. For more information, see Send a Test Request with P12 Authentication.

Verify that your request used your P12 certificate. For more information, see Verify Your P12 Certificate in Transaction Management.

Endpoints for the Simple Order API

While you complete this security update, verify that your integration uses one of these valid Simple Order API endpoints.

Production endpoints:

https://ics2ws.ic3.com/commerce/1.x/transactionProcessor

https://ics2wsa.ic3.com/commerce/1.x/transactionProcessor

India:

https://ics2ws.in.ic3.com/commerce/1.x/transactionProcessor

Test endpoints:

https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor

https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor

India:

https://ics2wstest.in.ic3.com/commerce/1.x/transactionProcessor

Master Shared Secret Keys

If you are a portfolio user who creates master shared secret keys
using the API, contact your technical account manager for more information about automatically creating security keys. The current process for creating master shared secret keys is not compatible with the certificate-based authentication.