Limited Availability Release

Recent Revisions to This Document

About This Guide

VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introducing Webhooks
- Webhooks Benefits
- Webhooks Requirements
- Webhooks Workflow Options

Set Up Webhooks
- Mutual Trust Subscriptions
  - Set Up Server Security
  - Creating a Shared Secret Key Pair
  - Request a Digital Signature Key
    - Required Fields for Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Products and Events
    - Request a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribe to Webhooks Using Mutual Trust
    - Required Fields for Subscribing to Webhooks Using Mutual Trust
    - Optional Fields for Subscribing to Webhooks Using Mutual Trust
    - Example: Creating a Webhook Subscription Using Mutual Trust
    - Notification Scope
    - Health Check URL
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload
- OAuth Subscriptions
  - Set Up Server Security
  - Creating a Shared Secret Key Pair
  - Request a Digital Signature Key
    - Required Fields for Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Send OAuth Credentials
    - Required Fields for Sending Your OAuth Credentials
    - Example: Sending Your OAuth Credentials
  - Products and Events
    - Request a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribe to Webhooks Using OAuth
    - Required Fields for Subscribing to Webhooks Using OAuth
    - Optional Fields for Subscribing to Webhooks Using OAuth
    - Example: Creating a Webhook Subscription Using OAuth
    - Notification Scope
    - Health Check URL
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload
- OAuth with JWT Subscriptions
  - Set Up Server Security
  - Creating a PKCS12 File
  - Request a Digital Signature Key
    - Required Fields for Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Send OAuth Credentials
    - Required Fields for Sending Your OAuth Credentials
    - Example: Sending Your OAuth Credentials
  - Products and Events
    - Request a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribe to Webhooks Using OAuth with JWT
    - Required Fields for Subscribing to Webhooks Using OAuth with JWT
    - Optional Fields for Subscribing to Webhooks Using OAuth with JWT
    - Example: Creating a Webhook Subscription Using OAuth with JWT
    - Notification Scope
    - Health Check URL
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload

Managing Subscriptions
- Retrieving the Details of a Webhook Subscription
  - Example: Retrieving the Details of a Webhook Subscription
- Retrieving an Organization's Subscriptions Using the Product and Event
  - Required Query Parameters for Retrieving an Organization's Subscriptions Using the Product and Event
  - Example: Retrieving an Organization's Subscriptions Using the Product and Event
- Updating a Webhook Subscription
  - Example: Updating a Webhook Subscription
- Deleting a Webhook Subscription
  - Example: Deleting a Webhook Subscription

Troubleshooting Webhook Subscriptions

REST API Keys
- Creating a REST API Key

Optional Tasks
- Notification Validation
  - Digital Signature Format
  - Validating a Notification
  - Example: Validating a Notification
- Retry Policy
  - Example: Retry Policy in a Subscription Request
- Notification Replay
  - Replaying Notifications Using Transaction Trace Identifiers
    - Required Field for Replaying Notifications Using Transaction Trace Identifiers
    - Example: Replaying Notifications Using Transaction Trace Identifiers
  - Replaying Notifications Using Start Time and End Time
    - Required Fields for Replaying Notifications Using Start and End time
    - Example: Replaying Notifications Using Start and End Time
  - Replaying Notifications Using Hours Back
    - Required Fields for Replaying Notifications using Hours Back
    - Example: Replaying Notifications Using Hours Back
- Testing API Requests
  - Triggering a Test Webhook Notification Using the Token Management Service

On This Page

REST API

Request a Digital Signature Key

A digital signature key is required before you can subscribe to webhooks notifications. The API request to generate the digital signature key is documented in this section. We use the digital signature key to add a unique signature to each notification. You can use the digital signature key to validate the integrity of webhooks notifications and prevent replay attacks. To verify the integrity of a notification payload using the digital signature key, see Notification Validation.

To request the service, use the endpoint specified below. After you send the request, check the response message to verify that the request was successful. A 200-level response code indicates success.

For information about response codes, see

Transaction Response Codes

.

Endpoint

Test:

POST apitest.cybersource.com/kms/egress/v2/keys-sym

Production:

POST api.cybersource.com/kms/egress/v2/keys-sym

Production
in India:

POST api.in.cybersource.com/kms/egress/v2/keys-sym