On This Page

Important: SOAP Toolkit Update

As part of ongoing Security Enhancements, we are planning to upgrade SOAP API authentication to P12 authentication. This upgrade is currently available for Java, C#, and PHP.
You can upgrade to P12 Authentication in your SOAP toolkit by doing the following:
  • Create a P12 certificate.
  • Update the files in your project directory.
  • Add your certificate information to a
    toolkit.properties
     file in your project directory.
  • Update your
    pom.xml
     file.
You must upgrade the SOAP authentication to use P12 by these dates.
Test
: April 14, 2025
Production
: May 13, 2025
This update is currently available only for the C#, Java, and PHP SOAP Toolkit. The updated SDK is available here on GitHub:
Other toolkits will be available in January 2025.
This Java SOAP Toolkit update works only with WSDL or XSD 1.219 or earlier.

Java Prerequisites

You must create a P12 certificate. See the .
With this change to use a P12 certificate in your Java SOAP toolkit configuration, your application must meet these new requirements:
  • Java 9 or higher
  • Jakarta XML Web Services API
  • JAX-WS Runtime
  • Jakarta XML Web Services Distribution
  • Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8
  • Apache XML Security
  • WSDL 1.219 or earlier

C# Prerequisites

You must create a P12 certificate. See the .
With this change to use a P12 certificate in your C# SOAP toolkit configuration, your application must meet these new requirements:

PHP Prerequisites

You must create a P12 certificate. See the .
With this change to use a P12 certificate in your PHP SOAP toolkit configuration, the new requirements for your application will be:
  • PHP 5.6x and higher
  • PHP SOAP extension
  • PHP OpenSSL extension

Java Migration Steps

Follow these steps to upgrade your Java code:
  1. Add these dependencies to the
    pom.xml
     file: 
    <dependencies>
  <dependency>
    <groupId>jakarta.xml.ws</groupId>
    <artifactId>jakarta.xml.ws-api</artifactId>
    <version>4.0.2</version>
  </dependency>
  <dependency>
    <groupId>com.sun.xml.ws</groupId>
    <artifactId>jaxws-rt</artifactId>
    <version>4.0.3</version>
    <scope>runtime</scope>
  </dependency>
  <dependency>
    <groupId>com.sun.xml.ws</groupId>
    <artifactId>jaxws-ri</artifactId>
    <version>4.0.3</version>
    <type>pom</type>
  </dependency>
  <dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15to18</artifactId>
    <version>1.78</version>
  </dependency>
  <dependency>
    <groupId>org.apache.santuario</groupId>
    <artifactId>xmlsec</artifactId>
    <version>4.0.3</version>
  </dependency>
</dependencies>
  2. Add this plugin to the
    pom.xml
     file: 
    <build>
  <plugins>
    <plugin>
      <groupId>com.sun.xml.ws</groupId>
      <artifactId>jaxws-maven-plugin</artifactId>
      <version>4.0.3</version>
      <configuration>
	  <wsdlUrls>
           <wsdlUrl>https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_1.219.wsdl</wsdlUrl>
        </wsdlUrls>
        <keep>true</keep>
        <packageName>com.cybersource.stub</packageName>
        <sourceDestDir>src/main/java</sourceDestDir>
      </configuration>
    </plugin>
  </plugins>
</build>
  3. Check the value that is set in the
    wsdlUrl
     tag, and update the version if necessary. The highest version of the WSDL that can be supported is 1.219.
  4. Run this command in your terminal:
    mvn clean jaxws:wsimport
  5. Find these lines in your existing code:
    TransactionProcessorLocator service = new 
    TransactionProcessorLocator();

URL endpoint = new URL(SERVER_URL);

ITransactionProcessorStub stub = 
    (ITransactionProcessorStub) service.getportXML
    (endpoint);

stub._setProperty(WSHandlerConstants.USER, request
    .getMerchantID());
    Replace them with these lines:
    TransactionProcessor service = new TransactionProcessor();

service.setHandlerResolver(portInfo - >{
  List < Handler > handlerList = new ArrayList < >();
  handlerList.add(new BinarySecurityTokenHandler());
  return handlerList;
});

ITransactionProcessor stub = service.getPortXML();
  6. Copy these files to your project directory:
    • BinarySecurityTokenHandler.java
    • PropertiesUtil.java
    • SecurityUtil.java
  7. Add a
    toolkit.properties
     file in the
    src/main/resources
     folder in your project. The
    toolkit.properties
     file must contain this content:
    MERCHANT_ID = <your_merchant_id>
LIB_VERSION = 4.0.3
KEY_ALIAS = <your_certificate_key_alias>
KEY_FILE = <your_certificate_file>
KEY_PASS = <your_certificate_password>
KEY_DIRECTORY = src/main/resources
    If you want to use your own properties file, you can make these changes in the
    PropertiesUtil.java
     file.
  8. Add your P12 certificate to your key directory.
  9. Run these commands in your terminal:
    mvn clean install
    java -jar target\JavaSoapToolkit.jar
You can confirm that your configuration is updated successfully by sending a test request. A successful configuration is indicated when the request log shows that the request was authenticated using a Bearer token.

C# Migration Steps

Follow these steps to upgrade your C# code:
  1. Add the following service URL as a service reference to your project:
    https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_N.NNN.wsdl
    where
    N.NNN
     is the latest server API version.
    This will generate a Connected Services section in your project. It will also generate an
    app.config
     file for your project.
  2. Add the following sections to the top of your
    app.config
     file:
    <configuration>
   <configSections>
      <section name="toolkitProperties" type="System.Configuration.NameValueSectionHandler"/>
   </configSections>

   <toolkitProperties>
      <add key="MERCHANT_ID" value="<your_merchant_id>"/>
      <add key="KEY_ALIAS" value="<your_certificate_key_alias>"/>
      <add key="KEY_FILE" value="<your_certificate_file>"/>
      <add key="KEY_PASS" value="<your_certificate_password>"/>
      <add key="KEY_DIRECTORY" value="<path/to/certificate/file>"/>
   </toolkitProperties>
</configuration>
    The
    <configSections>
     tag must be the first section inside
    <configurations>
    .
  3. In the generated
    app.config
     file, leave the
    <binding>
     section as it is.
    The
    <binding>
     section must look like this:
    <bindings>
   <basicHttpBinding>
         <binding name="ITransactionProcessor">
         <security mode="Transport"/>
         </binding>
   </basicHttpBinding>
</bindings>
  4. Add this dependency to the
    packages.config
     file:
    <packages>
   <package id="Portable.BouncyCastle" version="1.9.0" targetFramework="net472" />
</packages>
  5. Install the dependency:
    nuget install packages.config -OutputDirectory packages
  6. Add this package reference to your
    .csproj
     file:
    <Reference Include="BouncyCastle.Crypto, Version=1.9.0.0, Culture=neutral, PublicKeyToken=0e99375e54769942, processorArchitecture=MSIL">
   <HintPath>packages\Portable.BouncyCastle.1.9.0\lib\net40\BouncyCastle.Crypto.dll</HintPath>
</Reference>
    The steps for adding a new dependency can also be done through Visual Studio Package Manager.
  7. Add your P12 certificate to the
    KEY_DIRECTORY
    .
    This
    KEY_DIRECTORY
     location must be accessible by your code. Ensure that your code has permissions to read this location.
  8. Copy these files to your project directory and import them to your project:
  9. Find these lines in your existing code:
    TransactionProcessorClient proc = new TransactionProcessorClient();

proc.ChannelFactory.Credentials.UserName.UserName =  request.merchantID;
proc.ChannelFactory.Credentials.UserName.Password =  TRANSACTION_KEY;

ReplyMessage reply = proc.runTransaction(request);
    and replace them with these lines: 
    TransactionProcessorClient proc = new TransactionProcessorClient();

proc.Endpoint.EndpointBehaviors.Add(new InspectorBehavior());

ReplyMessage reply = proc.runTransaction(request);
  10. Find your installation of .NET Framework.
    This is often located at
    C:\Windows\Microsoft.NET\Framework\v4.0.30319
     (32-bit) or
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319
     (64-bit).
  11. Use
    msBuild.exe
     to compile your project.
    <path_to_framework>\msBuild.exe <name_of_project>.csproj
  12. Run the project executable:
    bin\<configuration>\<project_name>.exe
You can confirm that your configuration is updated successfully by sending a test request. A successful configuration is indicated when the request log shows that the request was authenticated using a Bearer token.

PHP Migration Steps

Follow these steps to upgrade your existing PHP code:
  1. Update the following service URL (
    WSDL_URL
    ) in your code:
    https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_N.NNN.wsdl
    where
    N.NNN
     is the latest server API version.
  3. Locate these lines in your existing code:
    $soapClient = new ExtendedClient(WSDL_URL, array());
    and replace them with these lines:
    $soapClient = new ExtendedClientWithToken(
    WSDL_URL,
    array(
        'SSL' => array(
                'KEY_ALIAS' => 'YOUR KEY ALIAS',
                'KEY_FILE' => 'YOUR CERTIFICATE FILE',
                'KEY_PASS' => 'YOUR KEY PASS',
                'KEY_DIRECTORY' => 'PATH TO CERTIFICATES'
            )
        )
);
  4. Update the necessary values for the following fields in your code:
    • MERCHANT_ID
    • KEY_ALIAS
    • KEY_FILE
    • KEY_PASS
    • KEY_DIRECTORY
  5. Add your P12 certificate to the
    KEY_DIRECTORY
    .
    This
    KEY_DIRECTORY
     location must be accessible by your code. Ensure that your code has permissions to read this location.
  6. Run the code:
    php <sample_PHP_file>
You can confirm that your configuration is updated successfully by sending a test request. A successful configuration is indicated when the request log shows that the request was authenticated using a Bearer token.

SSL/TLS Certification Migration

To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the Visa Acceptance Solutions platform (including Cybersource), we are transitioning all Cybersource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL/TLS certificates that correspond to the specific Cybersource endpoint they use.
If your application requires trusting of certificates at the server level, you must install (trust) the new certificates prior to expiration of existing certificates to avoid any production impact. The link to the Server-Level (leaf) SSL certificate will be updated when they become available.
We recommended that merchants trust only the Root and Intermediate CA SSL/TLS certificates on all secure endpoints. This method avoids the annual necessity to renew the server-level certificate.
Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system, in addition to the existing certificates, and verify their functionality in the testing environment.
There will be two phases and each phase will update different endpoints.
First Phase
The first phase is complete and updated the following endpoints:
Test URLs
Production URLs
apitest.cybersource.com
accountupdater.cybersource.com
accountupdatertest.cybersource.com
api.cybersource.com
batchtest.cybersource.com
batch.cybersource.com
api.accountupdatertest.cybersource.com
api.accountupdater.cybersource.com
ics2wstest.ic3.com
ics2ws.ic3.com
ics2wstesta.ic3.com
ics2wsa.ic3.com
apitest.cybersource.com
ics2ws.in.ic3.com
api.in.cybersource.com
batch.in.cybersource.com
We strongly urge you to test your implementation as soon as possible.
Second Phase
The second phase will update the following endpoints:
Test URLs
Production URLs
testflex.cybersource.com
flex.cybersource.com
testsecureacceptance.cybersource.com
secureacceptance.cybersource.com
flex.in.cybersource.com
secureacceptance.in.cybersource.com
The Testing Environment was updated November 5, 2024, 4:00 GMT. The production environment December 10, 2024, 4:00 GMT. The old certifications will expire on December 31, 2024.