API Overview

Webhooks Implementation Guide
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introduction to Webhooks
- Webhooks Integration Overview
- Supported Products and Event Types

Set Up Your Security

Create REST API Keys
- Create a Shared Secret Key Pair
- Create a P12 Certificate

Create a Digital Signature Key

(Optional) Provide Your OAuth Credentials

Retrieve a List of Products and Events

Message-Level Encryption
- Preparing Your Workspace
- Generate Certificate and Key Pair
- Register the Certificate
  - Required Fields for Registering Your Message-Level Encryption Keys
  - Example: Registering Your Certificate
  - REST Interactive Example: Registering Your Certificate
- Security Best Practices
- Troubleshooting
- Viewing Certificate Details

Create a Webhook Subscription
- Create a Webhook Subscription
- Create a Webhook Subscription Using OAuth
- Create a Webhook Subscription Using OAuth with JWT
- Create a Sample Webhook Subscription

Optional Set-Up Tasks
- Webhook Health Check URL and Automatic Revalidation
- Configure the Retry Policy

Webhook Notification Field Descriptions

Example: Notification Payload

Manage Webhook Subscriptions Requests
- Retrieve the Details of a Webhook Subscription
- Retrieve All of an Organization's Subscriptions
- Update a Webhook Subscription
- Delete a Webhook Subscription
- Verify a Webhook Subscription's Configuration
- Activate a Webhook Subscription
- Deactivate a Webhook Subscription

Troubleshooting Webhook Subscriptions

On This Page

Create REST API Keys

The Webhooks REST API requires you to create a shared secret key pair
. You might have already completed this requirement if your system is currently REST compliant. If you are using the OAuth with JWT security policy, you must also create a P12 certificate
. The shared secret key pair and P12 certificate are also known as REST API keys. REST API keys are used to enable secure communication between you and Cybersource when using the REST API.

Shared secret key pair:
A key pair used for HTTP signature authentication. It is consists of a key and a shared secret key. See Create a Shared Secret Key Pair.

P12 certificate:
A key used for JSON Web Token authentication. It consists of .p12
file and a password that you must set to use the file. See Create a P12 Certificate.

When using the test and production environments, you must create separate keys for each environment.

Securely store your created keys in your system. You must be able to access your key credentials while implementing and managing webhook subscriptions.

REST API keys expire after 3 years.

Back to top