How to Create a Secure Acceptance Security Key
03/03/2022 18:37 PM
RequirementsYou must generate and download a unique security key for each environment, Test or Production (Live), and Secure Acceptance profile you will use to submit transactions.
You must have the user permission Secure Acceptance Settings in order to proceed with these instructions.
Security Key Expiration
If the security key for a specific Secure Acceptance profile has, or is about to expire, you must create a new key in order to continue submitting transactions via that profile.
Secure Acceptance keys expire every two years. CyberSource provides email notification of expiring keys to merchants prior to their expiration.
Create and Activate a Secure Acceptance Security Key
- Select Payment Configuration > Secure Acceptance Settings.
- From ACTIVE PROFILES, select the checkbox for the profile that you want to create keys for.
- Select Edit Profile ().
- Select the SECURITY tab
- Select Create Key () to generate a new key.
- From the Key Creation screen, enter a descriptive Key Name.
- Leave the following fields at the default:
- Signature Version as 1.
- Signature Method as HMAC-SHA256.
- Select CREATE, Confirm.
- Within 30 seconds, copy and paste the displayed access key and secret key into a text editor or select the file download icon to save both in a .txt file.
- After seeing the new key listed under ACTIVE KEYS, set the profile to active by selecting BACK TO PROFILES, select the desired profile's checkbox
- Select Promote Profile (), and Confirm.
Use your Security Key
Your Secure Acceptance security key consists of two components: an access (public) key, and a secret key.
|Access Key||Secure Sockets Layer (SSL) authentication with Secure Acceptance. This value must be passed in as a name/value pair in each POST/transaction you send to CyberSource. You can have many access keys per profile.|
|Secret Key||Signs the transaction data and is required for each transaction. Copy and paste this secret key into your security script.|
The access key and secret key value are linked. To avoid mis-matching this new pair with older/expiring values from other keys, you must update both the access key used in your code and the secret key used in your security script at the same time.
Security Best Practices
As a security best practice and to prevent receiving expiring key notifications for keys you no longer use, CyberSource recommends that you Deactivate any keys in the list that are no longer needed after you have inserted newer key values (Access Key, Secret Key) into your transaction code and security script.
Remember to delete copied keys from your system's clipboard or cached memory.
By default, any newly created security key is in Active status. You may select a key and change it status by using the following buttons available from the SECURITY tab visible after selecting Payment Configuration > Secure Acceptance Settings, and Edit Profile.
|Deactivate||Makes the security key listed under ACTIVE KEYS inactive - it cannot be used for transaction processing.|
|Activate||Makes the security key listed under INACTIVE KEYS available for use in transaction processing.|
Was this article helpful?