Home > Introduction > Merchant Management Service API Authentication


Merchant Management Service API Authentication

Merchant Management Service REST API uses a custom HTTP scheme, based on Public Key Infrastructure (PKI) for authentication. You can use either an HTTP Signature key or a JWT key. After you have created a security key, you must generate a header to include in your API request. See the Developer Center Getting Started Guide for instructions.

Create a Shared Secret Key for HTTP Signature Authentication

HTTP Signature authentication is provided by a Base-64 encoded transaction key, represented in a string format. The shared secret key created in the Business Center is valid for 3 years. The public key and the shared secret key generated in this process are required to use the HTTP signature as an authentication mechanism.

 

You must use separate keys for the test and production environments.

To create a shared secret key:

Step 1Log in to the Business Center.

Step 2On the left navigation pane, click the Payment Configuration icon.

Step 3Click Key Management. The Key Management page appears.

Step 4Click Generate Key. The Create Key page appears.

Step 5Select API Cert/Secret.

Step 6Click Next.

Step 7Select Shared Secret.

Step 8Click Submit.

Step 9To download the shared secret key to a .txt file, click Download Key.

 

Make note of the public key that is also generated. This value is required in the header of each REST API call.

Create a P12 Certificate for JSON Web Token Authentication

The certificate contains both the public and private key.

To create a P12 certificate:

Step 1Log in to the Business Center.

Step 2On the left navigation pane, click the Payment Configuration icon.

Step 3Click Key Management. The Key Management page appears.

Step 4Click Generate Key. The Create Key page appears.

Step 5Select API Cert/Secret.

Step 6Click Next.

Step 7Select Certificate.

Step 8Click Submit.

Step 9When prompted, download the certificate file.

 

To get access to the Merchant Management Service use the syntax as described below:

POST /merchant-mgmt/v2/merchant-batch-jobs HTTP/1.1

Host: api.cybersource.com

Organization-Id: <organization_id>

Content-Type: application/xml