How to Create a Secure Acceptance Security Key
000002082
5634
05/03/2023 23:55 PM
2.1
Requirements
You must generate and download a unique security key for each environment, Test or Production (Live), and for each Secure Acceptance profile you will use to submit transactions.
You must have the user permission Secure Acceptance Settings in order to proceed with these instructions.
Security Key Expiration
If the security key for a specific Secure Acceptance profile has, or is about to expire, you must create a new key in order to continue submitting transactions via that profile.
Secure Acceptance keys expire every two years. Cybersource provides email notification of expiring keys to merchants prior to their expiration.
Create and Activate a Secure Acceptance Security Key
Sign in to the Business Center environment (Test or Production) that contains the Secure Acceptance profile you are working with.
Select Payment Configuration > Secure Acceptance Settings.
From the Active Profiles, select the three dots for the profile that you want to create keys for.
Select Edit Profile and select Confirm.
Select the SECURITY tab.
Select Create key to generate a new key.
From the Key Creation screen, enter a descriptive Key Name and follow the prompts.
Note: Your key cannot exceed 40 alphanumeric characters. Spaces and other special characters are not allowed.
Leave the following fields at the default:
Signature Version as 1.
Signature Method as HMAC-SHA256.
Select Create and then Confirm.
If the windows closes before you are done, select View Key to display it again.
Within 120 seconds, copy and paste the displayed access key and secret key into a text editor or select the file download icon to save both in a .txt file.
After seeing the new key listed under Active Keys, set the profile to active by selecting Promote Profile in the top right corner and confirm.
Use your Security Key
Your Secure Acceptance security key consists of two components: an access (public) key, and a secret key.
Access Key | Secure Sockets Layer (SSL) authentication with Secure Acceptance. This value must be passed in as a name/value pair in each POST/transaction you send to Cybersource. You can have many access keys per profile. |
Secret Key | Signs the transaction data and is required for each transaction. Copy and paste this secret key into your security script. |
The access key and secret key value are linked. To avoid mis-matching this new pair with older/expiring values from other keys, you must update both the access key used in your code and the secret key used in your security script at the same time.
Security Best Practices
As a security best practice and to prevent receiving expiring key notifications for keys you no longer use, Cybersource recommends that you Deactivate any keys in the list that are no longer needed after you have inserted newer key values (Access Key, Secret Key) into your transaction code and security script.
Remember to delete copied keys from your system's clipboard or cached memory.
By default, any newly created security key is in Active status. You may select a key and change its status by using the following buttons available from the SECURITY tab visible after selecting Payment Configuration > Secure Acceptance Settings, and Edit Profile.
Button | Action |
|---|---|
Deactivate | Makes the security key listed under Active Keys inactive - it cannot be used for transaction processing. |
Activate | Makes the security key listed under Inactive Keys available for use in transaction processing. |
Was this article helpful?