What can we help you with?



03/03/2022 18:37 PM



You must generate and download a unique security key for each environment, Test or Production (Live), and Secure Acceptance profile you will use to submit transactions.


You must have the user permission Secure Acceptance Settings in order to proceed with these instructions.

Security Key Expiration

If the security key for a specific Secure Acceptance profile has, or is about to expire, you must create a new key in order to continue submitting transactions via that profile.

Secure Acceptance keys expire every two years. CyberSource provides email notification of expiring keys to merchants prior to their expiration.

Create and Activate a Secure Acceptance Security Key

Sign in to the Business Center environment (Test or Production) that contains the Secure Acceptance profile you are working with.

  1. Select Payment Configuration > Secure Acceptance Settings.
  2. From ACTIVE PROFILES, select the checkbox for the profile that you want to create keys for.
  3. Select Edit Profile (Edit Profile button - pencil icon).
  4. Select the SECURITY tab
  5. Select Create Key (Create Key button) to generate a new key.
  6. From the Key Creation screen, enter a descriptive Key Name.
Note: your key cannot exceed 40 alphanumeric characters. Spaces and other special characters are not allowed.
  1. Leave the following fields at the default:
    • Signature Version as 1.
    • Signature Method as HMAC-SHA256.
  2. Select CREATE, Confirm
  3. Within 30 seconds, copy and paste the displayed access key and secret key into a text editor or select the file download icon to save both in a .txt file.
If the windows closes before you are done, select View Key (View Key button) to display it again.
  1.  After seeing the new key listed under ACTIVE KEYS, set the profile to active by selecting BACK TO PROFILES, select the desired profile's checkbox
  2. Select Promote Profile (Promote Profile button), and Confirm.


Use your Security Key

Your Secure Acceptance security key consists of two components: an access (public) key, and a secret key.

Access Key  Deactivate Key button Secure Sockets Layer (SSL) authentication with Secure Acceptance. This value must be passed in as a name/value pair in each POST/transaction you send to CyberSource. You can have many access keys per profile.
Secret Key Promote Profile button Signs the transaction data and is required for each transaction. Copy and paste this secret key into your security script.

The access key and secret key value are linked. To avoid mis-matching this new pair with older/expiring values from other keys, you must update both the access key used in your code and the secret key used in your security script at the same time.

Security Best Practices


As a security best practice and to prevent receiving expiring key notifications for keys you no longer use, CyberSource recommends that you Deactivate any keys in the list that are no longer needed after you have inserted newer key values (Access Key, Secret Key) into your transaction code and security script.

Remember to delete copied keys from your system's clipboard or cached memory.

By default, any newly created security key is in Active status. You may select a key and change it status by using the following buttons available from the SECURITY tab visible after selecting Payment Configuration > Secure Acceptance Settings, and Edit Profile.

Button Action
Deactivate  Makes the security key listed under ACTIVE KEYS inactive - it cannot be used for transaction processing.
Activate   Makes the security key listed under INACTIVE KEYS available for use in transaction processing.

Was this article helpful?

Articles Recommended for You