Find Answers

Find Answers

Specified Languages
British English

How do I Create or Update a Secure Acceptance security key?



Note: You must generate and download a unique security key for each environment in which you submit transactions.
Production (Live)

If the security key for a specific Secure Acceptance profile has, or is about to expire, you must create a new key to continue submitting transactions via Secure Acceptance with that profile.  Secure Acceptance keys expire every 2 years. CyberSource e-mails notification of any upcoming key expiration to merchants on intervals of 60, 30, 7, 3, 2, and 1 day(s) prior to the expiration.

To create and activate a Secure Acceptance security key

  1. Login to the appropriate version of the CyberSource Business Center for the Secure Acceptance profile that you wish to reference (Test or Production environment as noted above).
  2. Click Tools & Settings from navigation pane on the left.
  3. Click Profiles under Secure Acceptance,
  4. Select the profile for which you will generate a new security key.
  5. Click Security.
  6. Click Create New Key.
  7. Fill in the Create New Key form:
    • Enter a Key Name.
    • Select Version 1 for the Signature Version.
    • Select HMAC-SHA256 for the Signature Method.
  8. Click Generate Key.
    The Create New Key window will expand, displaying the 'access key' and 'secret key' components of the new key. This window closes after 30 seconds.
  9. Copy and save the new access key and secret key values.
    Note: The access key and secret key value are linked. To avoid mis-matching this new pair with older/expiring values from other keys, you must update both the access key value in your transactional code and the secret key value in your security script at the same time.

    The two components of the key are:
    Access Key   Secure Sockets Layer (SSL) authentication with Secure Acceptance. This value will need to be passed in as a name/value pair in each POST/transaction you send to CyberSource.  You can have many access keys per profile.
    Secret Key  Signs the transaction data and is required for each transaction. Copy and paste this secret key into your security script.
    Note: Remember to delete the copied keys from your clipboard or cached memory as a security best practice.
All the keys for the current profile are listed on the Security page. You may view values for a key by clicking on its row in the list. As a security best practice and to prevent receiving expiring key notifications, CyberSource recommend that you Deactivate any keys in the list that are no longer needed after you have inserted the new key values (Access Key and Secret Key) into your transactional code and security script.

By default, any newly created security key is in Active status. You may select a key and change it status by using the following buttons:
Button  Action
Deactivate  Makes the security key inactive - it cannot be used for transaction processing.
Activate  Makes the security key available for use in transaction processing.


Rate This Item