REST API Keys

The REST API uses public key cryptography to securely exchange information over the Internet. Before you can send requests for
Cybersource
services using the REST API, you must create a security key for your
Cybersource
merchant account.
The REST API supports two types of security key:
  • Shared secret key for using HTTP signature authentication
  • P12 certificate for using JSON Web Token authentication
REST API keys expire after 3 years.
Security keys can be used to make any call, including payments. Treat your security keys as you would any secure password.
You must use separate keys for the test and production environments.
When you sign up for a Sandbox account, your confirmation email contains a key and shared secret key for HTTP Signature authentication. To create the keys manually, or to use a JSON Web Token instead, follow the instructions in Creating a REST API Key.
For more information about REST API authentication, see the Developer Center's Authentication section.