Generate Key

Generate Key

A POST to the /keys resource generates a one-time use public key and key ID to encrypt the card number in the follow-on POST to the /tokens resource. The key used to encrypt the card number on the cardholder’s device or browser is valid for 15 minutes and must be used to verify the signature in the response message.

CyberSource recommends creating a new key for each order. Generating a key is an authenticated POST to the /keys resource initiated from your servers, prior to requesting to tokenize the card data from your customer’s device or browser.

The keys resource is located here:

■

Test: https://apitest.cybersource.com/flex/v1/keys

■

Live: https://api.cybersource.com/flex/v1/keys

Authentication

Each POST to the /keys resource must be authenticated with a HTTP signature. Use the Secure Acceptance Flexible Token server-side SDKs to generate the signature.

Request Fields

Table 2

Request Field Names

Field Name

Description

Data Type

encryptionType

How the card number should be encrypted in the subsequent Tokenize Card request.

Possible values:

■

RsaOaep256

■

None—if using this value the card number must be in plain text when included in the Tokenize Card request.

The Tokenize Card request uses a secure connection (TLS 1.2+) regardless of which encryption type is specified.

String

Response Fields

Table 3

Response Field Names

Attribute

Description

Data Type

keyId

Unique identifier for the generated token. This is obtained from the generate key request. See the Java examples on how to import the key and encrypt using the imported key.

String

der

format

Specifies the format of the public key: X.509.

algorithm

Algorithm used to encrypt the public key.

publicKey

Base64 encoded public key value.

jwk

The public key in JSON Web Key (JWK) format. This format is useful for client side encryption in JavaScript based implementations.

kty

Algorithm used to encrypt the public key.

use

Defines whether to use the key for encryption (enc) or verifying a signature (sig). Always returned as enc.

kid

The key ID in JWK format.

n

JWK RSA Modulus.

e

JWK RSA Exponent.

Examples

Example 1

Generate Key Headers

POST https://apitest.cybersource.com/flex/v1/keys

v-c-merchant-id: [mid_123]

digest: [SHA-256=bena9bhB3Jy4uPvfu1tAC0uN8AuzzM+xjqmDwR5//EA=]

date: [Tue, 04 Jul 2017 14:41:08 GMT]

Content-Type: [application/json]

signature: [keyid="dd19f90b-2cdd-4f66-a03c-172e7d73e78b", algorithm="HmacSHA256",headers="v-c-merchant-id host digest (request-target) date content-type",

signature="GZmvknvih/NR5hJNbXZJK2V7WCy1OL/1hI0Qsqpw2Kw="]

Example 2

Generate Key Payload

{

"encryptionType": "RsaOaep256"

}

Example 3

Generate Key Response

{

"keyId": "05BgbFie7vX5vzSMKOoqEAAdfpdR4kas",

"der": {

"format": "X.509",

"algorithm": "RSA",

"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgC1G6rVue4w/jjJrKPZusGN9G+Y7mWuLJ0O2/GHd94LvR51+ok7ahuQUVMZLdigixnspaGo/WVLvTTZ5J28Cc1uSx0o/BsxpNaAQD8/aBZL3nnAiBLACxI1JHAVo7SXbJQmz+mqVFYTppg9QmpB2ATTmXjUOQy+Fqkw3EByfCANHhHSNs4+HASovsfcRMUmmvDfTd5qBb23KzDJeDVqTYWa3XjUorlZOCJuLyPgeDEK8oOC9C4W9dn32z8FJ4E6Dz28M/2O3g8FLQD2F+NezkQJsl8MEYo4rl1nr7/oIkMsYLCCoG8jwmryErb7km9JWWgqZ80trkjijFqDAbHfUEwIDAQAB"

},

"jwk": {

"kty": "RSA",

"use": "enc",

"kid": "05BgbFie7vX5vzSMKOoqEAAdfpdR4kas",

"n": "fC1G6rVue4w_jjJrKPZusGN9G-Y7mWuLJ0O2_GHd94LvR51-ok7ahuQUVMZLdigixnspaGo_WVLvTTZ5J28Cc1uSx0o_BsxpNaAQD8_aBZL3nnAiBLACxI1JHAVo7SXAJQmz-mqVFYTppg9QmpB2ATTmXjUOQy-Fqkw3EByfCANHhHSNs4-HASovsfcRMUmmvDfTd5qBb23KzDJeDVqTYWa3XjUorlZOCJuLyPgeDEK8oOC9C4W9dn32z8FJ4E6Dz28M_2O3g8FLQD2F-NezkQJsl8MEYo4rl1nr7_oIkMsYLCCoG8jwmryErb7km9JWWgqZ80trkjijFqDAbHfUEw",

"e": "AQAB"

}

}