On This Page
Introduction to Creating and Using Security Keys
Cybersource
requires you to use security keys when sending and receiving API
messages. This guide explains how to create and manage your security keys using the
Business Center
.A security key, also known as a
cryptographic key
, is a string of randomly or
mathematically generated characters that are tied to a specific cryptographic algorithm.
These keys are used to:- Encrypt plain text to allow users to send text across the internet with confidence that the content is secure.
- Decrypt the encrypted message so that the text can be read by the intended recipient.
- Validate that the encrypted message has not been tampered with while in transit.
These are the available
Cybersource
security keys:- Message-Level Encryption (MLE) Keys
- Meta Keys
- PGP Keys
- REST API Keys
- Secure Acceptance Keys
- Simple Order Keys
- SOAP Toolkit Keys
WARNING
Cybersource
will no longer support SOAP toolkit keys by these dates:- Test environment:July 16, 2025
- Production environment:August 13, 2025
If you are integrating to the Simple Order API, you can use the compliant
certificate-based
Simple Order key
. For more information, see Simple Order API Keys.If your payment
system currently uses the SOAP toolkit key, you can transition your payment
system to use the certificate-based Simple Order API key. For more information
about how to transition your payment system to use the compliant Simple Order
API keys for authentication, see the
P12 Authentication for SOAP Toolkit Key
Users Migration Guide
. Your API requests to Cybersource
will be rejected if you do not implement P12
authentication by the above dates.Additional Information
For more information about cryptographic keys, see the article on Wikipedia.