What can I do in the Sandbox Environment ?
* Test APIs **without writing any code**
* The API Reference Page offers a Live Console that points to the Sandbox Environment.
* It uses API endpoint : https://apitest.cybersource.com
* You can**test your integration in the sandbox** before you go live.
* Sandbox transactions are for testing purposes only are run against a Simulator
* You **should not perform load or stress testing** in the sandbox, and simulated gateways and processors are not available.  
  How do I sign up for a Sandbox Account ?  
  You can sign up for a Sandbox Account [here](https://developer.cybersource.com/hello-world/sandbox.md)

After you sign up successfully, you should receive an email with instructions to create Sandbox Account on [Enterprise Business Portal](https://ebc2test.cybersource.com/ebc2/)

If you do not receive an email,

* Ensure that your sign up was successful and a confirmation message was displayed

* Please check the spam folder in your inbox

* Alternatively, you can raise a support request [here](/support/contact-us.md)  
  What types of Authentication are supported for APIs hosted on API reference ?  
  There are**two forms of authentication** available:

* HTTP Signature is a hash-based method which uses a shared secret key.

  * A shared secret key is a Base64-encoded transaction key string.
  * You **authenticate to the API using this key, which is unique to your account**.
  * Cybersource uses it to connect your website or API integration to the Cybersource Payment Gateway for transaction processing.
  * It is different from your login credentials for the Merchant Portal
* JSON Web Token (JWT). This requires signing a P12 Certificate

  * A certificate is one way to authenticate to APIs.
  * The certificate contains public and private keys unique to your account.
  * Cybersource generates the public key.
  * You generate the private key from a Java Network Launch Protocol (JNLP) file provided by Cybersource.
* Note: **Certificate authentication uses a PKCS12 key file with the .p12 extension to digitally sign your API request message before transmitting it to Cybersource**  
  How do I obtain shared secret key for my sandbox account ?

* If you do not have a Merchant portal account, [sign up](https://ebc2.cybersource.com/ebc2).

* Use your Merchant portal account to [create a shared secret key](https://developer.cybersource.com/docs/cybs/en-us/platform/get-started/all/rest/get-started-rest/authentication/createSharedKey.md)  
  How do I obtain .p12 key for my Sandbox Account ?  
  If you do not have a Merchant Portal account, [sign up](https://ebc2.cybersource.com/ebc2).

Use your Merchant Portal account to [create a P12 Certificate for JSON Web Token Authentication](https://developer.cybersource.com/docs/cybs/en-us/platform/get-started/all/rest/get-started-rest/authentication/createCert.md).  
Are there SDKs I can use, to integrate with Cybersource APIs ?
* Yes! For your convenience, Cybersource provides SDKs for 6 popular development languages and are hosted on [GitHub](https://github.com/cybersource). You can find SDK Overview [here](https://developer.cybersource.com/hello-world.md)

* If you have a need to build a custom solution with direct API requests to our endpoints, you can modify the [samples SDK](https://github.com/Cybersource?q=samples&type=all&language=&sort=) to include specific examples from [API reference](/api-reference-assets/index.md) for your custom scenario  
  What does a particular error or response code mean ?  
  Cybersource's ++[Response code](/api/reference/response-codes.md)++ page provides

* status

* reason

* error and

* response code information  
  How can I build PCI-compliant sites and apps?  
  Cybersource's Flex Microform solution provides tools to build PCI-compliant sites and apps. To understand all of the options available to you, see our [Flex microform documentation](/api/soap-developer-guides/dita-flex/SAFlexibleToken/FlexMicroform.md).  
  Is there a developer forum where I can seek help ?  
  Yes! Check out our Developer Forum [here](https://community.developer.cybersource.com/t5/Cybersource-Developer-Community/ct-p/CybersourceDeveloperCommunity).

Also find our Developer Announcement Blog [here](https://community.developer.cybersource.com/t5/cybersource-Developer-Blog/bg-p/CyberSourceBlog).  
What are best practices for communicating with Cybersource servers?  
You are responsible for maintaining communication with Cybersource servers. Set your client applications that communicate with Cybersource to direct requests to a host name and not an IP address. For more information, see [best practices for communicating with Cybersource](https://www.cybersource.com/developers/getting_started/test_and_manage/best_practices/cybs_comms.md).