On This Page

Develop Your Integration

Learn about integration models, best practices, and authentication options for developing your integration with
Cybersource
.
This section provides an overview of the available integration models and supporting resources to help you develop your integration.
Develop your integration according to the product specifications for the APIs you are integrating. For guidance on the products to include in your integration, see the integration guides in the Developer Center.

Best Practices

Cybersource
 recommends using the
Cybersource
 REST APIs and the hosted payment fields. These integration methods capture sensitive payment data securely. Use Microform, Unified Checkout, and tokenization methods to ensure the safety of the cardholder data and reduce PCI requirements for your customers. For more information, see Secure Integration Methods.
Legacy APIs, such as Simple Order API, are supported but may not include the full feature set.
Many regions require the use of the 3-D Secure feature, which facilitates Strong Customer Authentication (SCA).
Cybersource
 recommends using the Payer Authentication service to ensure your software is available in those regions.
Consider your customers' needs when deciding which products and services to include in your integration.

SDKs and GitHub

You can access various APIs with the REST API SDKs to begin development of your solution. For more information about the
Cybersource
 API SDKs, see REST API SDKs.

Authentication Options

Determine the authentication method for your integration. The options include:
  • Merchant API Key Credentials:
     Support both HTTP signature and JWT authentication mechanisms. The merchant generates the relevant key type from within the Business Center and shares it with you (Tech Partner) to include in the integration and API requests to our acceptance platform.
  • Partner Solution API Key Credentials (Pilot):
     Support JWT authentication mechanisms with REST API integrations. This delegate authentication method, where you (the Tech Partner) generate and manage the key lifecycle, is currently in pilot.
  • OAuth 2.0 (Pilot):
     OAuth 2.0 is offered as a pilot for tech partners exploring secure, token-based, permission-scoped API integrations. This industry-standard authorization protocol allows applications securely access APIs on behalf of merchants, without exposing sensitive credentials. It enables safer, more controlled interactions by issuing short-lived access tokens with specific scopes. For more information, see the OAuth 2.0 Developer Guide.
To become an early adopter for Partner Solution Key or OAuth 2.0, contact your
Cybersource
 representative.