P12 Authentication Upgrade for SOAP Toolkit Key Users Migration Guide

Audience and Purpose

This guide is written for merchants who need to upgrade their system to use P12 authentication.

Convention

This statement appears in this document:
An
Important
statement contains information essential to successfully completing a task or learning a concept.

Customer Support

For support information about any service, visit the Support Center:

Recent Revisions to This Document

25.07.01

Updated the deadline for transitioning your system to certificate-based authentication. See Introduction to P12 Authentication for SOAP Toolkit Key Users.

25.05.01

This guide has undergone a reorganization.
Added information about how to verify your P12 authentication upgrade. See Verify Your P12 Certificate in Transaction Management.

25.04.01

Changed title of guide to
P12 Authentication Upgrade for SOAP Toolkit Key Users Migration Guide
.
Added authorization example request endpoint information. See Send a Test Request with P12 Authentication.
Added new section about how to configure WS-Security 1.0. See Overview of WS-Security 1.0 with the SOAP API.
Updated the instructions for creating and downloading a Simple Order API key as a .p12 file. See Create a .p12 File.

25.02.02

Updated the deadline for when merchants must upgrade to P12 authentication. See the deadline for upgrading section in the Introduction to P12 Authentication for SOAP Toolkit Key Users.

25.02.01

Initial release.

VISA Platform Connect: Specifications and Conditions for Resellers/Partners

The following are specifications and conditions that apply to a Reseller/Partner enabling its merchants through
Cybersource for
Visa Platform Connect
(“VPC”) processing
. Failure to meet any of the specifications and conditions below is subject to the liability provisions and indemnification obligations under Reseller/Partner’s contract with Visa/Cybersource.
  1. Before boarding merchants for payment processing on a VPC acquirer’s connection, Reseller/Partner and the VPC acquirer must have a contract or other legal agreement that permits Reseller/Partner to enable its merchants to process payments with the acquirer through the dedicated VPC connection and/or traditional connection with such VPC acquirer.
  2. Reseller/Partner is responsible for boarding and enabling its merchants in accordance with the terms of the contract or other legal agreement with the relevant VPC acquirer.
  3. Reseller/Partner acknowledges and agrees that all considerations and fees associated with chargebacks, interchange downgrades, settlement issues, funding delays, and other processing related activities are strictly between Reseller and the relevant VPC acquirer.
  4. Reseller/Partner acknowledges and agrees that the relevant VPC acquirer is responsible for payment processing issues, including but not limited to, transaction declines by network/issuer, decline rates, and interchange qualification, as may be agreed to or outlined in the contract or other legal agreement between Reseller/Partner and such VPC acquirer.
DISCLAIMER: NEITHER VISA NOR CYBERSOURCE WILL BE RESPONSIBLE OR LIABLE FOR ANY ERRORS OR OMISSIONS BY THE
Visa Platform Connect
ACQUIRER IN PROCESSING TRANSACTIONS. NEITHER VISA NOR CYBERSOURCE WILL BE RESPONSIBLE OR LIABLE FOR RESELLER/PARTNER BOARDING MERCHANTS OR ENABLING MERCHANT PROCESSING IN VIOLATION OF THE TERMS AND CONDITIONS IMPOSED BY THE RELEVANT
Visa Platform Connect
ACQUIRER.

Introduction to P12 Authentication for SOAP Toolkit Key Users

Cybersource
will no longer support username and password-based authentication for merchants who use the
SOAP toolkit key
. You are required to remove username and password-based authentication from your SOAP toolkit integration, and transition to certificate-based authentication, by these dates:
  • Test Environment:
    September 1, 2025
  • Production Environment:
    September 15, 2025
Your API requests to
Cybersource
will be rejected if you do not implement P12 authentication by the above dates.
This migration guide explains how to transition your SOAP authentication to use a compliant P12 certificate. You must complete this update to remain compliant and avoid service disruptions. Updated toolkit examples for these programming environments are available in GitHub:
If your SOAP integration uses a different programming environment or commercial off-the-shelf software (COTS), see Overview of WS-Security 1.0 with the SOAP API for more information about implementing this change.

How to Set Up P12 Certificate Keys

These are the tasks you must complete to configure your system to support P12 certificate authentication.
  1. Create a .p12 file in the
    Business Center
    . For more information, see Introduction to P12 Authentication for SOAP Toolkit Key Users.
  2. Edit the files in your application to use P12 authentication. How you edit your files is dependent on your system's programming environment:
  3. Send a test authorization request using your P12 certificate. For more information, see Send a Test Request with P12 Authentication.
  4. Verify that your request used your P12 certificate. For more information, see Verify Your P12 Certificate in Transaction Management.

Endpoints for the Simple Order API

While you complete this security update, verify that your integration uses one of these valid Simple Order API endpoints.
Production endpoints:
  • https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
  • https://ics2wsa.ic3.com/commerce/1.x/transactionProcessor
  • India:
    https://ics2ws.in.ic3.com/commerce/1.x/transactionProcessor
Test endpoints:
  • https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
  • https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor
  • India:
    https://ics2wstest.in.ic3.com/commerce/1.x/transactionProcessor

Master Shared Secret Keys

If you are a portfolio user who creates
master shared secret keys
using the API, contact your technical account manager for more information about automatically creating security keys. The current process for creating master shared secret keys is not compatible with the certificate-based authentication.

Create a .p12 File

To begin upgrading to P12 authentication, you must first create a P12 certificate.
Follow these steps to create a .p12 file that contains your P12 certificate.
  1. Log in to the
    Business Center
    :
  2. On the left navigation panel, choose
    Payment Configuration > Key Management
    .
  3. Click
    + Generate Key
    .
    The Create Key page appears.
  4. Select
    Simple Order API
    and click
    Generate Key
    .
  5. Click
    Download key
    to download the .p12 file.
    The
    Set Password
    page appears.
  6. Enter your new password and confirm it.
  7. Click
    Generate Key
    when done.
  8. The .p12 file that contains your Simple Order API key downloads to your desktop.
    Store your .p12 file in a secure location with restricted access.

AFTER COMPLETING THE TASK

After creating your .p12 file, you must edit the files in your application to use P12 authentication.

Overview of WS-Security 1.0 with the SOAP API

Upgrading to certificate-based authentication requires your programming library to support WS-Security 1.0. This overview section provides helpful information about which WS-Security elements all merchants must configure in their SOAP integration. If your SOAP integration uses a programming environment that is not available as a toolkit example or a commercial off-the-shelf software (COTS), follow the instructions in this section to remain compliant.

Configurable WS-Security Elements

WS-Security ensures secure SOAP communications between you and
Cybersource
. These are the WS-Security elements you must support and configure for this upgrade:
  • Digest algorithm
    to verity the integrity of message bodies.
  • X.509 Binary Security Token (BST)
    for authentication.
  • Security timestamps
    to prevent replay attacks.
  • Digital signature
    to ensure message integrity.
  • Canonicalization
    to standardize XML formatting for signing.
For more information about the WS-Security standards, see the OASIS
Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)
guide.

Configure WS-Security Algorithms

Find the elements listed in the Security Element column in your payment system and set them to the values in the Required Value column. You must verify that your WS-Security library is configured to use these algorithms. The method for setting these values is dependent on your language library.
Some WS-Security libraries use algorithms by default, while others require you to configure the algorithms. Before setting these values, verify what your library's default values are and configure the necessary values.
WS-Security Algorithms
Security Element
Required Value
Signature Algorithm
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Digest Algorithm
http://www.w3.org/2001/04/xmlenc#sha256
Canonicalization Algorithm
http://www.w3.org/10/xml-exc-c14n#
Signature Transformations
http://www.w3.org/2001/10/xml-exc-c14n#

Update Your Authentication Method

You must configure your SOAP payment system to authenticate using the X.509 certificate in your .p12 file as a Binary Security Token (BST). For more information, see the Security Tokens section on page 18 in the OASIS
Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)
guide.

Add Security Timestamps

Verify that security timestamps are enabled in your WS-Security configuration. Enabling timestamps is typically sufficient for most payment systems. Timestamps help prevent replay attacks by validating how recent message was sent.

Generate Digital Signatures

Use your private key in your .p12 file to generate digital signatures. Embed the signatures in your SOAP message. For more information about how to message signatures, see the Signing Messages section on page 28 in the OASIS
Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)
guide.

Extract Keys from .p12 File

Run these commands to the extract your private key and public certificate from your .p12 file:
openssl pkcs12 -in <Merchant_ID>.p12 -nocerts -out <Merchant_ID>.key
openssl pkcs12 -in <Merchant_ID>.p12 -clcerts -nokeys -out <Merchant_ID>.crt
To create your p12 certificate, see Create a .p12 File.

Remove Username and Password Authentication

Search your application for any code or configuration related to your merchant credentials and remove it. Your WS-Security library should now automatically add your binary security token instead.
If your integration contains multiple merchants that require you to complete this transition over a period of time,
Cybersource
will support both authentication methods until the deadline.

C++ Upgrade to P12 Authentication

This section describes how to upgrade your application using the C++ programming language.

Application Requirements

Your C++ SOAP toolkit must have access to these system requirements:
  • gSOAP 2.8.135 or later (developer version including header files)
  • OpenSSL 3.4.0 or later (developer version including header files)
  • G++ compiler

Version Compatibility for C++

This P12 authentication upgrade is compatible with WSDL and XSD version
1.219
or later.

Migrate with C++

This section explains how to edit the files in your application to use P12 authentication. If you do not have the files that are mentioned in this section, you can find them in the most recent version of the C++ SOAP toolkit in GitHub.
Follow these steps to upgrade your existing C++ code:
  1. Update your existing
    .Makefile
    by changing the
    cybsdemo
    target from the text in the first example to the text in the second example:
    cybsdemo: sample.cpp $(SOAPH) $(SOAPCPP) ../gsoap/dom.cpp wsseapi.o smdevp.o $(CPP) $(CFLAGS) -o cybsdemo sample.cpp soapC.cpp soapClient.cpp ../gsoap/dom.cpp $(SOAPCPP) wsseapi.o smdevp.o $(LIBS)
    cybsdemo: sample.cpp $(SOAPH) $(SOAPCPP) ../gsoap/dom.cpp wsseapi.o smdevp.o $(CPP) $(CFLAGS) -o cybsdemo sample.cpp soapC.cpp ../gsoap/dom.cpp stdsoap2.cpp ../gsoap/import/custom/struct_timeval.cpp ../gsoap/plugin/threads.c ../gsoap/plugin/mecevp.c ../gsoap/plugin/wsaapi.c wsseapi.o smdevp.o soapITransactionProcessorProxy.cpp ../gsoap/import/gsoapWinInet.cpp PropertiesUtil.cpp BinarySecurityTokenHandler.cpp $(LIBS)
    If you do not have an existing
    .Makefile
    , you can use one of these
    .Makefile
    files from the
    CPlusPlusSoapToolkit
    folder in GitHub:
    Cybersource
    recommends that you use
    UnixBuildAllCommented.Makefile
    or
    WindowsBuildAllCommented.Makefile
    . If you need to make changes to individual targets,
    Cybersource
    recommends that you use
    UnixQuickBuild.Makefile
    or
    WindowsQuickBuild.Makefile
    , which enable you to build each target individually.
  2. Download either the
    CyberSourceTransaction
    WSDL or XSD version 1.224 file from the
    CPlusPlusSoapToolkit
    folder in GitHub to your project directory:
    If you want to use a different version, download your preferred version to the project directory and update the versions in the
    header
    target of your
    .Makefile
    from the text in the first example to the text in the second example.
    header: CyberSourceTransaction_1.224.wsdl $(GWSDL) -t ../gsoap/WS/WS-typemap.dat -s -o cybersource.h CyberSourceTransaction_1.224.wsdl
    header: CyberSourceTransaction_1.219.wsdl $(GWSDL) -t ../gsoap/WS/WS-typemap.dat -s -o cybersource.h CyberSourceTransaction_1.219.wsdl
  3. Add
    gsoap
    to the compile path by using one of these methods:
    • Option 1:
      Copy the
      gsoap
      directory, including the header files, to one level above the project directory.
    • Option 2:
      Update all paths in the .Makefile that reference
      gsoap
      to point to the
      gsoap
      location.
  4. Update your
    sample.cpp
    file to include your test credentials:
    const char *MERCHANT_ID = "your_merchant_id"; const char *TRANSACTION_KEY = "your_transaction_key";
    If you do not have an existing
    sample.cpp
    file, you can use the
    sample.cpp
    file in the
    CPlusPlusSoapToolkit
    folder in GitHub.
    If you are using an existing
    sample.cpp
    file from a previous C++ SOAP Toolkit, you must refer to current version of the
    sample.cpp
    file and find all
    upgrading from previous versions
    comments to see what has changed.
  5. Include these new source files from the
    CPlusPlusSoapToolkit
    folder in your project:
  6. Edit the
    toolkit.properties
    configuration file to include your test credentials:
    MERCHANT_ID= KEY_ALIAS= KEY_FILE= KEY_PASS= KEY_DIRECTORY=
    The
    toolkit.properties
    configuration file is read from the same location as the executable at run time.
    You must verify that there are no spaces at the start and end of each line, or on either side of the equal sign (
    =
    ).
    If you do not have an existing
    toolkit.properties
    file, you can use the
    toolkit.properties
    file in the
    CPlusPlusSoapToolkit
    folder in GitHub.
  7. Run this command in your terminal:
    make header
    This command generates the
    cybersource.h
    file.
  8. Insert this text in the Import section of the
    cybersource.h
    file:
    #import "WS-Header.h"
  9. Run this command in your terminal:
    make source
    This command generates these files:
    • soapITransactionProcessorProxy.cpp
    • soapITransactionProcessorProxy.h
    • ITransactionProcessor.runTransaction.req.xml
    • ITransactionProcessor.runTransaction.res.xml
    • ITransactionProcessor.nsmap
    • soapStub.h
    • soapH.h
    • soapC.cpp
  10. Run these three commands in this order in your terminal to generate the
    cybsdemo.exe
    executable file:
    make wsseapi.o make smdevp.o make cybsdemo
  11. Add your P12 certificate to the Key directory.
  12. Run the
    cybsdemo.exe
    executable file in your terminal.
    A successful console output consists of the
    keyFile
    full path, followed by the response from the web service, and no errors.
    keyFile full path: C:/keys/test_p12_file.p12 decision = APPROVED reasonCode = 0 requestID = 6017349752184504643266 requestToken = Axxd6DCgJoj77wSTjm5pe7DwFPfjpNDMyadDIZ/u1Pfje7D9IGU1ogwAGkmXoDc3JoZmTToZDIAAvxSz ccAuthReply.reasonCode = 0

What to Do Next

After completing the above migration steps, you must send a test authorization request using your P12 certificate to validate your migration. For more information, see Send a Test Request with P12 Authentication.

C# Upgrade to P12 Authentication

This section describes how to upgrade your application using the C# programming language.

Application Requirements

Your C# SOAP toolkit must have access to these system requirements:

Version Compatibility for C#

This P12 authentication upgrade is compatible with WSDL and XSD version
1.219
or later.

Migrate with C#

This section explains how to edit the files in your application to use P12 authentication. If you do not have the files that are mentioned in this section, you can find them in the most recent version of the C# SOAP toolkit in GitHub.
Follow these steps to upgrade your C# code:
  1. Add this service URL as a service reference to your project, and set
    N.NNN
    to the most recent server API version.
    https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_N.NNN.wsdl
    This step generates a Connected Services section in your project. It will also generate an
    app.config
    file for your project.
  2. Add these sections to the top of your
    app.config
    file:
    <configuration> <configSections> <section name="toolkitProperties" type="System.Configuration.NameValueSectionHandler"/> </configSections> <toolkitProperties> <add key="MERCHANT_ID" value="<your_merchant_id>"/> <add key="KEY_ALIAS" value="<your_certificate_key_alias>"/> <add key="KEY_FILE" value="<your_certificate_file>"/> <add key="KEY_PASS" value="<your_certificate_password>"/> <add key="KEY_DIRECTORY" value="<path/to/certificate/file>"/> </toolkitProperties> </configuration>
    The
    <configSections>
    element must be the first dependent element in the
    <configurations>
    element.
  3. In the generated
    app.config
    file, leave the
    <binding>
    section as it is.
    The
    <binding>
    section must look like this:
    <bindings> <basicHttpBinding> <binding name="ITransactionProcessor"> <security mode="Transport"/> </binding> </basicHttpBinding> </bindings>
  4. Add this dependency to the
    packages.config
    file:
    <packages> <package id="Portable.BouncyCastle" version="1.9.0" targetFramework="net472" /> </packages>
  5. Install this dependency by either running this command in your terminal or by another method:
    nuget install packages.config -OutputDirectory packages
  6. Add this package reference to your
    .csproj
    file:
    <Reference Include="BouncyCastle.Crypto, Version=1.9.0.0, Culture=neutral, PublicKeyToken=0e99375e54769942, processorArchitecture=MSIL"> <HintPath>packages\Portable.BouncyCastle.1.9.0\lib\net40\BouncyCastle.Crypto.dll</HintPath> </Reference>
    The steps for adding a new dependency can also be comleted through Visual Studio Package Manager.
  7. Add your P12 certificate to the Key directory.
    This
    KEY_DIRECTORY
    location must be accessible to your code. Ensure that your code has permission to read this location.
  8. Copy these files from the
    CSharpSoapToolkit/CSharpSoapToolkit
    folder to your project directory and import them to your project:
  9. Find these lines in your existing code:
    TransactionProcessorClient proc = new TransactionProcessorClient(); proc.ChannelFactory.Credentials.UserName.UserName = request.merchantID; proc.ChannelFactory.Credentials.UserName.Password = TRANSACTION_KEY; ReplyMessage reply = proc.runTransaction(request);
    Replace them with these lines:
    TransactionProcessorClient proc = new TransactionProcessorClient(); proc.Endpoint.EndpointBehaviors.Add(new InspectorBehavior()); ReplyMessage reply = proc.runTransaction(request);
  10. Find your installation of the .NET Framework.
    It is often in one of these locations:
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319
      (32-bit)
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319
      (64-bit)
  11. Use the
    msBuild.exe
    file that is already in your system to compile your project.
    <path_to_framework>\msBuild.exe <name_of_project>.csproj
  12. Run the project executable:
    bin\<configuration>\<project_name>.exe
  13. To confirm that your configuration is updated successfully, you can use a Bearer token that verifies that your request is authenticated. To do so, add this command after line 59 in the
    InspectorBehavior.cs
    file from the
    CSharpSoapToolkit
    folder:
    Console.WriteLine(request.ToString());

What to Do Next

After completing the above migration steps, you must send a test authorization request using your P12 certificate to validate your migration. For more information, see Send a Test Request with P12 Authentication.

Java Upgrade to P12 Authentication

This section describes how to upgrade your application using the Java programming language.

Application Requirements

Your Java SOAP toolkit must have access to these system requirements:
  • Java 9 or later
  • Jakarta XML Web Services API
  • JAX-WS Runtime
  • Jakarta XML Web Services distribution
  • Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8
  • Apache XML Security

Version Compatibility for Java

This P12 authentication upgrade is compatible with WSDL and XSD version
1.219
or earlier.

Migrate with Java

This section explains how to edit the files in your application to use P12 authentication. If you do not have the files that are mentioned in this section, you can find them in the most recent version of the Java SOAP toolkit in GitHub.
Follow these steps to upgrade your Java code:
  1. Add these dependencies in the
    pom.xml
    file.
    <dependencies> <dependency> <groupId>jakarta.xml.ws</groupId> <artifactId>jakarta.xml.ws-api</artifactId> <version>4.0.2</version> </dependency> <dependency> <groupId>com.sun.xml.ws</groupId> <artifactId>jaxws-rt</artifactId> <version>4.0.3</version> <scope>runtime</scope> </dependency> <dependency> <groupId>com.sun.xml.ws</groupId> <artifactId>jaxws-ri</artifactId> <version>4.0.3</version> <type>pom</type> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15to18</artifactId> <version>1.78</version> </dependency> <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> <version>4.0.3</version> </dependency> </dependencies>
    If you do not have an existing
    pom.xml
    file, you can use the one in the
    JavaSoapToolkit
    folder in GitHub.
  2. Add this plugin in your
    pom.xml
    file:
    <build> <plugins> <plugin> <groupId>com.sun.xml.ws</groupId> <artifactId>jaxws-maven-plugin</artifactId> <version>4.0.3</version> <configuration> <wsdlUrls> <wsdlUrl>https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_1.219.wsdl</wsdlUrl> </wsdlUrls> <keep>true</keep> <packageName>com.cybersource.stub</packageName> <sourceDestDir>src/main/java</sourceDestDir> </configuration> </plugin> </plugins> </build>
  3. Verify that the
    wsdlUrl
    tag is set to a valid WSDL version value, and update it if necessary. Only version 1.219 or earlier is valid.
  4. Run this command in your terminal:
    mvn clean jaxws:wsimport
  5. Find these lines in your existing code:
    TransactionProcessorLocator service = new TransactionProcessorLocator(); URL endpoint = new URL(SERVER_URL); ITransactionProcessorStub stub = (ITransactionProcessorStub) service.getportXML (endpoint); stub._setProperty(WSHandlerConstants.USER, request .getMerchantID());
    Replace them with these lines:
    TransactionProcessor service = new TransactionProcessor(); service.setHandlerResolver(portInfo - >{ List < Handler > handlerList = new ArrayList < >(); handlerList.add(new BinarySecurityTokenHandler()); return handlerList; }); ITransactionProcessor stub = service.getPortXML();
  6. Go to GitHub and copy these files from the
    JavaSoapToolkit/src/main/java/com/cybersource
    folder. Add them to your project directory:
  7. Add the
    toolkit.properties
    file from the
    src/main/resources
    folder in GitHub to your project.
    Edit the
    toolkit.properties
    file to contain this required content:
    MERCHANT_ID = <your_merchant_id> LIB_VERSION = 4.0.3 KEY_ALIAS = <your_certificate_key_alias> KEY_FILE = <your_certificate_file> KEY_PASS = <your_certificate_password> KEY_DIRECTORY = src/main/resources
    If you are using your own properties file, you can make these changes in your
    PropertiesUtil.java
    file.
  8. Add your P12 certificate to your key directory.
  9. Run these two commands in your terminal:
    mvn clean install
    java -jar target\JavaSoapToolkit.jar
  10. To confirm that your configuration is updated successfully, you can add a Bearer token that verifies that your requests are authenticated. To do so, add this command after line 54 in the
    BinarySecurityTokenHandler.java
    file in the
    src\main\java\com\cybersource
    folder.
    System.out.println( soapMessageContext );

What to Do Next

After completing the above migration steps, you must send a test authorization request using your P12 certificate to validate your migration. For more information, see Send a Test Request with P12 Authentication.

PHP Upgrade to P12 Authentication

This section describes how to upgrade your application using the PHP programming language.

Application Requirements

Your PHP SOAP toolkit must have access to these system requirements:
  • PHP 5.6x or higher
  • PHP SOAP extension
  • PHP OpenSSL extension

Version Compatibility for PHP

This P12 authentication upgrade is compatible with WSDL and XSD version
1.219
or later.

Migrate with PHP

This section explains how to edit the files in your application to use P12 authentication. If you do not have the files that are mentioned in this section, you can find them in the most recent version of the PHP SOAP toolkit in GitHub:
Follow these steps to upgrade your existing PHP code:
  1. Update this service URL (
    WSDL_URL
    ) in your code, and set the
    N.NNN
    to the most recent server API version.
    https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_N.NNN.wsdl
  2. Copy these files from the
    PHPSoapToolkit
    folder and put them in your project directory:
  3. Find these lines in your existing code:
    $soapClient = new ExtendedClient(WSDL_URL, array());
    Replace them with these lines:
    $soapClient = new ExtendedClientWithToken( WSDL_URL, array( 'SSL' => array( 'KEY_ALIAS' => 'YOUR KEY ALIAS', 'KEY_FILE' => 'YOUR CERTIFICATE FILE', 'KEY_PASS' => 'YOUR KEY PASS', 'KEY_DIRECTORY' => 'PATH TO CERTIFICATES' ) ) );
  4. Update these field values in your code with your information:
    • MERCHANT_ID
    • KEY_ALIAS
    • KEY_FILE
    • KEY_PASS
    • KEY_DIRECTORY
  5. Add your P12 certificate to the Key directory.
    This Key directory location must be accessible to your code. Ensure that your code has permission to read this location.
  6. Run this command in your terminal:
    php <sample_PHP_file>
  7. To confirm that your configuration is updated successfully, you can use a Bearer token that verifies that your request is authenticated. To do so, add this command after line 109 in the
    ExtendedClientWithToken.php
    file from the
    PHPSoapToolkit
    folder:
    print_r($request);

What to Do Next

After completing the above migration steps, you must send a test authorization request using your P12 certificate to validate your migration. For more information, see Send a Test Request with P12 Authentication.

Send a Test Request with P12 Authentication

After you complete the migration requirements documented in this guide, you can send this valid SOAP API request with P12 authentication to verify that your migration is valid.
You must configure the header information in this example to include your credentials.

Endpoint

Send your test request to one of these valid test endpoints:
  • https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
  • https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor
  • India:
    https://ics2wstest.in.ic3.com/commerce/1.x/transactionProcessor
Request with P12 Authentication
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:schemas-cybersource-com:transaction-data-1.215"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="X509Token"> MIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigAMIICXzCCAcigA........ </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethodAlgorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#Body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue> KRmKx6digestvalye12389012367u7hlkV1vvbtec........... </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>otrfnrck17dwxI4UR12345612yNG7TtE8L3XFhfEa/63r2uBDsg7b2YY8C6nKvkJGop4NHW7d30yfrz5dK2CHkp18TM+hVkyNIVLGokZzZpAwuc0sXm33+J4i765421duLsE4jM0FfIABsPHT2vgSq+T0g+812312jOeIk5R5kLhwnlVd92wQvBmpxINBW2Hh5adwwtpv+gj4AtvuhLYe1ky4R/oDNSWLPmyY1dSIyGDKO4ko8CT0mFlAvxECa8dLHRsyFrZVlK6................ </ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#X509Token" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <soapenv:Body> <requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.215"> <merchantID>johndoe</merchantID> <merchantReferenceCode>MRC-123</merchantReferenceCode> <billTo> <firstName>John</firstName> <lastName>Doe</lastName> <street1>123 Example Road</street1> <city>Austin</city> <state>TX</state> <postalCode>12345</postalCode> <country>US</country> <email>abc@company.com</email> </billTo> <shipTo> <firstName>John</firstName> <lastName>Doe</lastName> <street1>123 Example Road</street1> <city>Austin</city> <state>TX</state> <postalCode>12345</postalCode> <country>US</country> </shipTo> <purchaseTotals> <currency>USD</currency> <grandTotalAmount>100.00</grandTotalAmount> </purchaseTotals> <card> <accountNumber>4111111111111111</accountNumber> <expirationMonth>12</expirationMonth> <expirationYear>2029</expirationYear> <cvNumber>111</cvNumber> </card> <ccAuthService run="true"></ccAuthService> <ccCaptureService run="true"></ccCaptureService> </requestMessage> </soapenv:Body> </soapenv:Envelope>

What to Do Next

After sending a test request, you must verify that the request used your p12 certificate. For more information, see Verify Your P12 Certificate in Transaction Management.

Verify Your P12 Certificate in Transaction Management

After transitioning your SOAP authentication to use a P12 certificate, you must verify that your transaction requests are using the P12 certificate. Send a test request before beginning this task. For more information about sending a test request, see Send a Test Request with P12 Authentication.
Choose one of these methods to verify that your P12 certificate using transaction management in the
Business Center
:
  • Use the
    client application
    search filter.
  • Add the
    client application
    search results column.
  • View the request transaction details.

Verifying with a Search Filter

Follow these steps to verify that your test request used your P12 certificate by adding a search filter.
  1. On the left navigation panel, choose
    Transaction Management > Transactions
    .
    The Transactions page appears.
  2. In the New Filter field, choose
    Client Application
    .
  3. In the Client Application field, choose
    Simple Order API
    .
  4. When done, click
    Search
    .
    The Search Results table displays all of your transactions that used a Simple Order API key. If your test transaction is in the search results table, your P12 certificate was used in the request and is verified.

Verifying with a Results Column

Follow these steps to verify that your test request used your P12 certificate by adding a results column.
  1. On the left navigation panel, choose
    Transaction Management > Transactions
    .
    The Transactions page appears.
  2. In the Search Results section, click
    Edit columns
    .
    The Edit Table Layout page appears.
  3. Click
    Add item
    .
    The
    Add Table Column
    window appears.
  4. In the Select Table Column drop-down menu, choose Client Application, then click
    Save
    .
    You are returned to the Edit Table Layout page.
  5. When done, click
    Save
    .
    The Transaction page appears. Now when you search for transactions, the search results table displays the Client Application column. When the Client Application column displays the
    Simple Order API
    value, the corresponding transaction used a P12 certificate.

Verifying with Transaction Details

Follow these steps to verify that your test request used your P12 certificate in transaction details.
  1. On the left navigation bar, choose
    Transaction Management > Transactions
    .
    The Transactions page appears.
  2. Use the search fields to find a transaction you sent using your P12 certificate, then click
    Search
    .
    The Search Results table updates.
  3. In the Search Results table, click the request ID for the transaction you are verifying.
    The Transaction Details page appears.
  4. In the Request Information section, verify that the Client App is set to Simple Order API. You can also verify that the Security Key ID is set to your key ID.