On This Page

Introduction to Webhooks

Webhooks are automated notifications generated by system events that occur for your organization. By using the
Cybersource
 Webhooks REST API, you can subscribe to receive notifications for the events of your choice and designate a URL in your system to receive the notifications. This is helpful for events that are not a part of an API request and response, or are not covered by the Reporting API. For example, you can receive webhook notifications when these events occur:
  • Fraud alerts
  • Invoice status updates
  • Network token is provisioned
  • Security key expires
  • Transaction monitoring
You can also program your system to respond to these events in any way you choose.
The Webhooks REST API enables you to:
  • Create webhook subscriptions
  • Update and delete existing webhook subscriptions
  • Check the status of a webhook notification
  • Retrieve webhook notification history and details
For more information about the products and event types that you can receive notifications for, see Retrieve Products and Event Types.

Benefits

The Webhooks REST API provides these key benefits:
  • Visibility into system events that are otherwise not visible.
  • Ability to respond to events programmatically and to automate workflows.
  • Multiple security options.

Webhooks Server

You must set up a server with a URL to receive webhook notifications. You can also set up an additional URL for the health check service. For more information about how
Cybersource
 uses your health check URL, see Webhook Health Check URL and Automatic Revalidation.

Security Policies

Your system must support the
mutual trust
 security policy to authenticate webhook notifications. The Webhooks REST API uses the mutual trust security policy by default. In addition to mutual trust, you can also use the
OAuth
 or
OAuth JWT
 security policy to authenticate your webhook notifications.

Business Center
 Account

You must have a
Business Center
 account:
If you do not have an account, you can sign up for
test
 account on the Developer Center:
During the test account signup, you receive a security key for testing API requests in the test environment. When you are ready to transition your test account to a
production
 account, contact your
Cybersource
 account manager.

Getting Started with the REST API

To begin implementing webhooks through
Cybersource
, you must set up your system to be REST compliant.
Cybersource
 uses the REST architecture for developing web services. REST enables communication between a client and server using HTTP protocols.
If you have not set up secure communications between your client and server using either a
JSON Web Token
 or
HTTP signature
, see the