Whether you’re getting started with Cybersource APIs or expanding an existing integration, these resources can help you securely create and manage access credentials, authenticate API requests, and implement reliable connectivity across your payment experiences.
Learn how to create and manage security keys in Business Center. Security keys help encrypt data, decrypt messages for authorized recipients, and verify that messages were not changed in transit.
Boarding guide
Set up your REST integration to exchange secure API requests and responses with the Cybersource gateway over HTTP. JWT is recommended for new integrations. It uses digitally signed tokens to help verify message integrity and supports message-level encryption (MLE). HTTP Signature uses a shared secret to sign API requests and verify authenticity and integrity. It is not supported for browser-based or mobile applications.
Important: By September 2026, merchants using HTTP Signature must migrate to JWT to support MLE and avoid potential transaction failures.
OAuth 2.0 lets merchants securely authorize your application to access data and process payments through Visa Acceptance Solutions, without sharing credentials. Visa Acceptance Solutions authenticates merchants and helps ensure your application acts only within approved permissions. Use this guide to set up and enable OAuth 2.0 for your application.
Message Level Encryption:
Important: with the upcoming Message Level Encryption (MLE) Mandate, all REST API calls must have MLE by September 30, 2026.
The endpoints below are currently available to integrate with MLE and test on API Reference.
Note: if an endpoint is marked as "Mandatory", you must have MLE enabled for the API call to go through. If it's marked as "Optional", your API call can go through with or without MLE. All REST endpoints are expected to have Mandatory MLE by the mandate deadline.
Product |
Endpoint |
Request MLE |
Response MLE |
|---|---|---|---|
| Token Management | /tms/v2/tokenize |
Mandatory |
Not enabled |
/tms/v2/tokenized-cards |
Optional |
Not enabled |
|
/tms/v2/tokenized-cards/{tokenizedCardId}/delete |
Optional |
Not enabled |
|
| /tms/v3/tokens/{tokenId}/payment-credentials | Optional |
Not enabled |
|
/tms/v2/tokens/{tokenId}/payment-credentials |
Optional |
Not enabled |
|
/tms/v1/instrumentidentifiers |
Optional |
Not enabled |
|
/tms/v1/instrumentidentifiers/{instrumentIdentifierId} |
Optional |
Not enabled |
|
/tms/v1/instrumentidentifiers/{instrumentIdentifierId}/enrollment |
Optional |
Not enabled |
|
/tms/v1/paymentinstruments |
Optional |
Not enabled |
|
/tms/v1/paymentinstruments/{paymentInstrumentId} |
Optional |
Not enabled |
|
/tms/v2/customers |
Optional |
Not enabled |
|
/tms/v2/customers/{customerId} |
Optional |
Not enabled |
|
/tms/v2/customers/{customerId}/shipping-addresses |
Optional |
Not enabled |
|
/tms/v2/customers/{customerId}/shipping-addresses/{shippingAddressId} |
Optional |
Not enabled |
|
/tms/v2/customers/{customerId}/payment-instruments |
Optional |
Not enabled |
|
/tms/v2/customers/{customerId}/payment-instruments/{paymentInstrumentId} |
Optional |
Not enabled |
|
Billing |
/rbs/v1/plans |
Optional |
Optional |
/rbs/v1/subscriptions |
Optional |
Optional |
|
/rbs/v1/subscriptions/follow-ons/{requestId} |
Optional |
Optional |
|
Bank Account Validator |
/bavs/v1/account-validations | Mandatory |
Not enabled |
Agentic Commerce Platform |
/acp/v1/tokens |
Mandatory |
Mandatory |
/acp/v1/instructions |
Mandatory |
Mandatory |
|
/acp/v1/instructions/{instructionId} |
Mandatory |
Mandatory |
|
/acp/v1/instructions/{instructionId}/cancel |
Mandatory |
Mandatory |
|
/acp/v1/instructions/{instructionId}/credentials |
Mandatory |
Mandatory |
|
/acp/v1/instructions/{instructionId}/confirmations |
Mandatory |
Mandatory |
|
|
|
|
If you would like to enable MLE via our SDKs, please follow this guide Set Up a JSON Web Token Message Using the REST SDK.
You can also follow along to this video for an easy tutorial for integrating with SDKs
MLE Integrations are supported for both REST-Certificate and REST-Shared Secret Key Types. Please follow the guide that correlates to your preferred integration:
Kickstart your integration journey to build agent driven payment experiences faster with access to APIs in Sandbox environment