On This Page

Message-Level Encryption Upcoming Mandate

An updated version of message-level encryption (MLE) will become mandatory in order for merchants to use the APIs. Portfolio owners must enable this updated version of MLE for their merchants by September 2026
.

This required MLE update encrypts all data in your API response messages. The previous version of MLE encrypted only request messages. If your merchants are already using custom JSON Web Token messaging, they must also update how their system constructs JWTs. Merchants who are using HTTP signature messaging must migrate their system to JWT messaging.

You risk transaction failures if you do not implement this MLE update.

Overview of MLE

MLE is a robust security protocol designed to encrypt individual messages or payloads at the application layer. By protecting sensitive data at the message level, MLE ensures that your information remains secure as it moves through systems and networks, providing a layer of security beyond traditional transport encryption.

Enabling MLE requires you to create a REST API key for request messages and a REST – API Response MLE
key for response messages. If your organization is using a meta key, the portfolio account or merchant account user who created the meta key must also create the REST – API Response MLE key.

Update Methods: Create or update your custom MLE integration using JWTs with P12 certificates. For more information, see the Enable Message-Level Encryption Enable Message-Level Encryption section in the Getting Started with REST Developer Guide
. For a method using shared secret key pairs, see the HTTP Messaging Migration to JWT Messaging section below.
Update your REST API SDK. For more information, see the REST API related products
section in the Cybersource GitHub.

JSON Web Token Construction Update

There are new requirements for how to construct JSON Web Tokens (JWTs) in order to send API request messages. If you use a custom integration to construct JWTs, you must update your system to remain compliant. This update is necessary to support the new MLE requirements.

Update Methods: Construct JWT Messages Using a
P12 Certificate
Construct JWT Messages Using a
P12 Certificate
in the Getting Started with REST Developer Guide
Construct JWT Messages Using a
Shared Secret Key Pair
Construct JWT Messages Using a
Shared Secret Key Pair
in the Getting Started with REST Developer Guide

HTTP Messaging Migration to JWT Messaging

By September 2026
, all merchants using HTTP signature messaging must migrate to JWT messaging in order to support MLE. Merchants already using HTTP signature messaging with shared secret key pairs can now continue using their existing keys with JWT messaging.

Update Method: Construct JWT Messages Using a
Shared Secret Key Pair
Construct JWT Messages Using a
Shared Secret Key Pair
in the Getting Started with REST Developer Guide