On This Page
A POST to the
/keysresource generates a one-time-use public key and a key ID. The public key and key ID can be used in a follow-on POST to the
/tokensresource, which encrypts the card number. The key used to encrypt the card number on the cardholder’s device or browser is valid for 15 minutes and must be used to verify the signature in the response message.
CyberSource recommends creating a new key for each order. To generate a key, send an authenticated POST from your server to the
/keysresource. Do this before requesting the tokenized card data.
The keys resource is located here: