API Overview

Webhooks Implementation Guide
- Limited Availability Release
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introducing Webhooks
- Webhooks Benefits
- Webhooks Requirements
- Webhooks Workflow Options

Set Up Webhooks
- Subscribing to Webhooks Using Mutual Trust
  - Setting Up Server Security
  - Create a Shared Secret Key Pair
  - Requesting a Digital Signature Key
    - Required Fields for Requesting a Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Products and Events
    - Requesting a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribing to Webhooks Using Mutual Trust
    - Required Fields for Subscribing to Webhooks Using Mutual Trust
    - Optional Fields for Subscribing to Webhooks Using Mutual Trust
    - Example: Creating a Webhook Subscription Using Mutual Trust
    - Notification Scope
    - Health Check URL
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload
- Subscribing to Webhooks Using OAuth
  - Setting Up Server Security
  - Create a Shared Secret Key Pair
  - Requesting a Digital Signature Key
    - Required Fields for Requesting a Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Sending OAuth Credentials
    - Required Fields for Sending Your OAuth Credentials
    - Example: Sending Your OAuth Credentials
  - Products and Events
    - Requesting a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribing to Webhooks Using OAuth
    - Required Fields for Subscribing to Webhooks Using OAuth
    - Optional Fields for Subscribing to Webhooks Using OAuth
    - Example: Creating a Webhook Subscription Using OAuth
    - Notification Scope
    - Health Check URL
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload
- Subscribing to Webhooks Using OAuth with JWT
  - Setting Up Server Security
  - Create a P12 File
  - Requesting a Digital Signature Key
    - Required Fields for Requesting a Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Sending OAuth Credentials
    - Required Fields for Sending Your OAuth Credentials
    - Example: Sending Your OAuth Credentials
  - Products and Events
    - Requesting a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribe to Webhooks Using OAuth with JWT
    - Required Fields for Subscribing to Webhooks Using OAuth with JWT
    - Optional Fields for Subscribing to Webhooks Using OAuth with JWT
    - Example: Creating a Webhook Subscription Using OAuth with JWT
    - Notification Scope
    - Health Check URL
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload

Managing Subscriptions
- Retrieving the Details of a Webhook Subscription
  - Example: Retrieving the Details of a Webhook Subscription
- Retrieving an Organization's Subscriptions Using the Product and Event
  - Required Query Parameters for Retrieving an Organization's Subscriptions Using the Product and Event
  - Example: Retrieving an Organization's Subscriptions Using the Product and Event
- Updating a Webhook Subscription
  - Example: Updating a Webhook Subscription
- Deleting a Webhook Subscription
  - Example: Deleting a Webhook Subscription

Troubleshooting Webhook Subscriptions

Health Check URL

Create REST API Keys
- Create a P12 File
- Create a Shared Secret Key Pair

Requesting a Digital Signature Key

Product and Event Types
- Requesting a List of Products and Events

Optional Tasks
- Notification Validation
  - Digital Signature Format
  - Validating a Notification
  - Example: Validating a Notification
- Retry Policy
  - Example: Retry Policy in a Subscription Request
- Testing API Requests
  - Triggering a Test Webhook Notification Using the Token Management Service

Create REST API Keys

REST API keys are used to enable secure communication between the merchant and Cybersource when using REST APIs. To enable payments using the REST API, see: Getting Started with REST

The REST API supports two types of security keys:

P12 certificate
for using JSON Web Token authentication. See Create a P12 File.

Shared secret key
for using HTTP signature authentication. See Create a Shared Secret Key Pair.

REST API keys expire after 3 years.

Security keys can be used to make any request, including payments. Treat your security keys as you would any secure password.

You must use separate keys for the test and production environments.

When you sign up for a Sandbox account, your confirmation email contains a key and shared secret key for HTTP Signature authentication.

For more information about the REST API, see the REST Getting Started Guide.

Create a Shared Secret Key Pair

Follow these steps to create a shared secret key pair.

Log in to the Business Center:

https://businesscentertest.cybersource.com

On the left navigation panel, navigate to

Payment Configuration > Key Management
.

Click + Generate key
.

Under REST APIs, select REST – Shared Secret
and then click Generate key
.

The REST API Shared Secret Key page appears.

Click Download key

.

The .pem file is downloaded to your desktop.

When you generate one or more keys, you can view the keys on the Key Management page.

Create REST API Keys

Back to top