On This Page
FILTER BY TAG

(Optional) Provide Your OAuth Credentials

If your system uses the
OAuth
 or
OAuth with JWT
 security policy, you must provide your OAuth credentials to
Cybersource
. The OAuth credentials request uses Visa's key management service to store your credentials. When
Cybersource
 sends you webhook notifications in the future,
Cybersource
 will use your OAuth credentials to access your server and deliver the notification message.
For more information about using OAuth, see .
IMPORTANT
If you are using only the default
mutual trust
 security policy, you do not need to provide OAuth credentials to
Cybersource
.
OAuth
The OAuth security policy with client credentials is an authentication method that is designed for applications that communicate with each other. Basic authentication is the most common mechanism for authenticating a client with the client credentials. This authentication method enables
Cybersource
 services to obtain only the relevant user data without exposing the user's credentials.
OAuth with JWT
The OAuth with JWT security policy is an authentication method in which your system sends a JSON Web Token. This method bypasses domain headers and minimizes the need for server-side authentication checks.

Endpoints

Send a POST request to one of these endpoints:
  • Test:
    POST
    https://apitest.cybersource.com
    /kms/egress/v2/keys-sym
  • Production:
    POST
    https://api.cybersource.com
    /kms/egress/v2/keys-sym
  • India Production:
    POST https://api.in.cybersource.com/kms/egress/v2/keys-sym

Headers

Each API request should use headers that provide your client credentials, which are the username and password of your webhooks server. Here is an example:
curl --location 'Client's OAauth URL' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode ‘client_id=webhooks-server-username' \
--data-urlencode ‘client_secret=webhooks-server-password'

Required Fields for Providing Your OAuth Credentials

clientRequestAction
Set to
STORE
.
keyInformation.clientKeyId
Set to the webhook server's username.
keyInformation.expiryDuration
Set to
365
.
keyInformation.key
Set to the webhooks server's secret key.
keyInformation.keyType
Set to
oAuthClientCredentials
.
keyInformation.organizationId
Set to the organization ID or merchant ID of the organization requesting the key.
keyInformation.provider
Set to the organization ID that the requesting organization belongs to.
keyInformation.tenant
Set to
nrtd
.

Example: Providing Your OAuth Credentials

{
  "clientRequestAction": "STORE",
  "keyInformation": {
    "provider": "merchantName",
    "tenant": "nrtd",
    "keyType": "oAuthClientCredentials",
    "organizationId": "merchantName",
    "clientKeyId": "Webhook server's username",
    "key": "Webhook server's secret key",
    "expiryDuration": "365"
  }
}
{
    "submitTimeUtc": "2022-02-18T19:49:52Z",
    "status": "SUCCESS",
    "keyInformation": {
        "provider": "org1",
        "tenant": "nrtd",
        "organizationId": "org1",
        "clientKeyId": "ef400ac1-edfe-406e-94b3-0d73be09a1a0",
        "keyId": "d8512fb5-1d8c-4f2d-e053-3cb8d30a764c",
        "key": "KTTY1LLGYR6A2LL4XZTT9W9RGCVJ5Z4XZAP6AFTRUFWLSXX0NX4N88N9EJED3BMM",
        "keyType": "oAuthClientCredentials",
        "status": "active",
        "expirationDate": "2023-02-18T19:49:52Z"
    }
}

REST Interactive Example: Providing Your OAuth Credentials

Click this image to access the interactive code example for providing your OAuth credentials to
Cybersource
. The Live Console refers to this request as
Store oAuth Credentials
.

Figure:

Providing Your OAuth Credentials
Image and link to the interactive code example for providing your OAuth credentials.
RELATED TO THIS PAGE