Create a Digital Signature Key {#tms-net-tkn-webhook-create-key-intro} ====================================================================== Use the information in this section to create a *digital signature key*. The Digital Signature Key request uses Visa's key management service to store your credentials. The Webhooks platform retrieves your credentials from key management to digitally authenticate your notifications. You must create a digital signature key to enable `Cybersource` to send notifications to your servers. Replace the digital signature key every year. When you generate a new digital signature key, it overrides the old key and new transactions must use the new key. Notifications that use message-level encryption must also the digital signature key. > IMPORTANT Store the created digital signature key in a secure location in your system. Optional Notification Validation -------------------------------- After you set up a webhook subscription, you can validate each notification you receive using your digital signature key. For more information, see [Validating a Notification with the Digital Signature Key](/docs/cybs/en-us/tms/developer/all/rest/tms/wh-fg-optional-validate-intro.md ""). Endpoints --------- Send a POST request to one of these endpoints: * **Test:** `POST ``https://apitest.cybersource.com``/kms/egress/v2/keys-sym` * **Production:** `POST ``https://api.cybersource.com``/kms/egress/v2/keys-sym` * **India Production:** `POST https://api.in.cybersource.com/kms/egress/v2/keys-sym` Required Fields for Creating a Digital Signature Key {#tms-net-tkn-webhook-create-key-reqfields} ================================================================================================ clientRequestAction : Set the value to `CREATE`. keyInformation.expiryDuration : Set to a number of days. We recommend `365`. keyInformation.keyType : Set the value to `sharedSecret`. keyInformation.organizationId : Set the value to the organization ID of the organization requesting the key. keyInformation.provider : Set the value to `nrtd`. keyInformation.tenant : Set the value to the organization ID of the organization requesting the key. REST Example: Creating a Digital Signature Key {#tms-net-tkn-webhook-create-key-ex-rest} ======================================================================================== Digital Signature Key Request ``` { "clientRequestAction": "CREATE", "keyInformation": { "provider": "nrtd", "tenant": "merchantName", "keyType": "sharedSecret", "organizationId": "merchantName" } } ``` Digital Signature Key Response ``` { "submitTimeUtc": "2021-03-17T06:53:06+0000", "status": "SUCCESS", "keyInformation": { "provider": "NRTD", "tenant": "merchantName", "organizationId": "merchantName", "keyId": "bdc0fe52-091e-b0d6-e053-34b8d30a0504", //ID associated with the key in the key field "key": "u3qgvoaJ73rLJdPLTU3moxrXyNZA4eo5dklKtIXhsAE=", //Base64 encoded key "keyType": "sharedSecret", "status": "Active", "expirationDate": "2022-03-17T06:53:06+0000" } ```