Set Up HTTP Signature Message

Setting up your HTTP signature message requires you to follow these steps.

Figure:

Set Up HTTP Signature Message Workflow
  1. Sign up and register a
    Cybersource
    Business Center
     sandbox account. See Sign Up for a Sandbox Account.
  2. Create a shared secret key. See Create a Shared Secret Key Pair.
  3. Construct a message using HTTP signature security. See Construct Messages Using HTTP Signature Security.
  4. Go live by signing up and registering a
    Cybersource
    Business Center
     production account. Going Live.

Sign Up for a Sandbox Account

The first step to set up your account is to sign up for a sandbox account. From this account you can obtain your security keys and test your implementation.
Follow these steps to sign up for a sandbox account:
  1. Go to the
    Cybersource
     Developer Center sandbox account sign up page:
  2. Enter your information into the sandbox account form and click
    Create Account
    .
  3. Go to your email and find a message titled:
    Merchant Registration Details
    . Click the
    Set up your username and password now
     link.
    Your browser opens the New User Sign Up wizard.
  4. Enter the Organization ID and Contact email you supplied previously. Follow the wizard pages to add your name, a username, and a password.
  5. Log in to the
    Business Center
    .
    When you log in for the first time, you will be asked to verify your identity through a system-generated email to your email account.
  6. Check your email for a message titled:
    Cybersource
     Identification Code
    . A passcode is included in the message.
  7. Enter the passcode on the
    Verify your Identity
     page.
    You should be directed to the
    Business Center
     home page.
    You have successfully signed up for a sandbox account.
Set Up HTTP Signature Message

Create a Shared Secret Key Pair

Key pairs are used with HTTP Signature message security.
Set Up HTTP Signature Message

Construct Messages Using HTTP Signature Security

HTTP signatures use a digital signature to enable the receiver to validate the sender's authenticity and ensure that the message was not tampered with during transit. For more information about HTTP signatures, see the IETF Draft that is maintained by the IETF HTTP Working Group (https://httpwg.org).
Follow these steps to implement HTTP signatures:
  1. Create the shared secret key pair. See Create a Shared Secret Key Pair.
  2. Generate a hash of the message body. See Generate a Hash of the Message Body.
  3. Generate a signature hash. See Generate the Signature Hash.
  4. Populate the
    signature
     header field. See Update Header Fields.
Set Up HTTP Signature Message

Going Live

When you are ready to process payments in a live environment, you must transition your account to a live status with a valid configuration for your chosen payment processor. When live, your transaction data flows through the production
Cybersource
 gateway, to your processor, and on to the appropriate payment network.
To transition your account:
  1. Sign up for a merchant account.
  2. to establish a contract with
    Cybersource
     that enables you to process real transactions and receive support.
  3. Submit a merchant ID (MID) activation request.
It may take up to three business days to complete a MID activation request.
Set Up HTTP Signature Message