You can test your integration in the sandbox before you go live. Sandbox transactions are for testing purposes only. You cannot perform load or stress testing in the sandbox, and simulated gateways and processors are not available.
A shared secret key is a Base64-encoded transaction key string. You authenticate to the API using this key, which is unique to your account. Cybersource uses it to connect your website or API integration to the Cybersource Payment Gateway for transaction processing. It is different from your login credentials for the Merchant Portal.
A certificate is one way to authenticate to APIs. The certificate contains public and private keys unique to your account. Cybersource generates the public key. You generate the private key from a Java Network Launch Protocol (JNLP) file provided by Cybersource.
Note: Certificate authentication uses a PKCS12 key file with the .p12 extension to digitally sign your API request message before transmitting it to Cybersource.
The sandbox is for integration tests only and is not provisioned for load or stress tests. Cybersource might suspend your sandbox account if we observe unusually high transaction volumes.