What can we help you with?

How do the SCMP API and Simple Order API encrypt data during transmission?


000001664


33

07/12/2024 16:44 PM

4.0

Security of transactions submitted via the Simple Order API and SCMP API is achieved by employing encryption as described below. Only SSL connections from merchants with SSL keys of 128byte/1024bit strength or greater are accepted.  This is to ensure that encryption is strong enough to protect sensitive transaction data in transit.


Simple Order API Encryption

The Simple Order API uses PKCS#12 security in the form of a .p12 (Personal Information Exchange - 2048 bit) file. This is a certificate which wraps a public key with an identity using a digital signature. This certificate can then be used to verify that an individual is the real owner of that key.

When the p12 key file is used correctly, it enables an encrypted channel (port 443) for submitting transactions to our transaction processing servers. General use of the Simple Order API sees the connection itself being encrypted though the underlying data payload itself is not.

PKCS refers to a group of Public Key Cryptography Standards, devised and published by RSA Security.
 

SCMP API Encryption

The SCMP API uses a proprietary public/private key system to encrypt data. The data itself is encrypted and sent through an unencrypted channel (port 80). 
 

Encryption/Decryption of a SCMP API Transaction

  1. Merchant creates transaction data in clear text.
  2. Merchant, using a private key, merchantID.pvt, generates a base 64 hash and appends it to the transaction data, creating a signed message.
  3. Merchant encrypts the message with the our public certificate (CyberSource_SJC_US.crt), then sends to our transaction processing servers.
  4. Our servers decrypt the incoming message with our private key.
  5. We validate the signature using the merchant's public key, merchantID.crt.
  6. We encrypt the reply data using the merchant's public key.
  7. The merchant decrypts reply data with their private key.

 

Related Information

How to Generate a Simple Order API Security Key
How to Generate a SCMP API Security Key in Business Center
How To Create a SCMP API Security Key using eCert



Was this article helpful?


Articles Recommended for You