Introducing Cybersource platform support for OAuth 2.0

February 14, 2020
Read time: 3 min
Iris Yuan
Iris Yuan
Cybersource | Product Manager, API and Developer Experience Team

We're excited to announce the Cybersource pilot program for the OAuth 2.0 authorization framework! OAuth 2.0 greatly simplifies the workflows for anyone looking to securely connect their accounts across multiple software vendors without sharing their passwords.

Developers and partners can integrate with Cybersource to streamline boarding processes and help businesses connect their technology more easily.

In this blog post, I'll go over key highlights on how OAuth 2.0 works on Cybersource. For those familiar with OAuth support on Authorize.Net, we've taken much of the same approach but added more configurability and a few other additions. Cybersource technology partners participating in our pilot program will also gain access to our new Developer Portal to onboard and manage their applications with us.

Overview of process

We use the authorization code grant flow to issue access tokens. To get started, partners must register their application with Cybersource. We'll ask for information such as the application name, redirect URL and which APIs they wish to use. The app will then be assigned a unique Client ID and Client Secret Key for use in the OAuth 2.0 authorization flow, where the partner will receive the merchant’s permission, redirect the merchant to us and retrieve the access token.

API permissions

For our pilot program, technology partners will be able to scope their client applications for specific Cybersource APIs such as payments, analytics, fraud management, alternative payments and tokenization.

Revoking access

Merchants will have full control over which applications they allow access to their account. At any point, they can revoke access through the Business Center (the Cybersource account access portal). Cybersource will promptly remove access to any revoked application to ensure account security and that any API requests are from authorized parties only.

Sign up for our pilot program today

Interested in learning more about OAuth and how we are making the boarding process easier? Access our developer documentation and sign up for our first Partner Product Hour where we will demo and cover the next steps to get started. Don't hesitate to reach out to me, Iris Yuan, if you have any questions or feedback.