On This Page

Create REST API Keys

The Webhooks REST API requires you to create a shared secret key pair
. You may have already completed this requirement if your system is currently REST compliant. If you are using the OAuth with JWT security policy, you must also create a P12 certificate
. The shared secret key pair and P12 certificate are also known as REST API keys. REST API keys are used to enable secure communication between you and Cybersource when using the REST API.

Shared secret key pair:
A key pair used for HTTP signature authentication. It is consists of a key and a shared secret key. See Create a Shared Secret Key Pair.

P12 certificate:
A key used for JSON Web Token authentication. It consists of .p12
file and a password that you must set to use the file. See Create a P12 Certificate.

When using the test and production environments, you must create separate keys for each environment.

Securely store your created keys in your system. You must be able to access your key credentials while implementing and managing webhook subscriptions.

REST API keys expire after 3 years.