Starting May 13, 2025, CyberSource will require all SOAP API connections to use a certificate instead of API keys. This will break payment processing for all sites using our CyberSource extension in versions 1.0 to 1.5.
It is mandatory to update your ParadoxLabs CyberSource extension to 2.0 and configure a new P12 Certificate.
Notification from CyberSource: https://developer.cybersource.com/docs/cybs/en-us/platform/relnote/all/na/rn-2025-01-03/rn-announce.html
As part of ongoing Security Enhancements, we are planning to upgrade SOAP API authentication to P12 authentication. This upgrade is currently available for Java, C#, and PHP.
You must upgrade the SOAP authentication to use P12 by these dates.
Test: April 14, 2025
Production: May 13, 2025
Solution
To prepare for this API change, you must update your CyberSource extension to the latest version (2.0.0 or higher).
This update is currently available from our store and on composer through Packagist. It is undergoing Adobe Commerce Marketplace review.
When you upgrade, it will still use the old API keys until you enter a new P12 Certificate. That means you can upgrade without breaking checkout. Once you have the new version installed, you can configure the new SOAP certificate, and change over seamlessly.
Steps to fix:
- Update to ParadoxLabs CyberSource 2.0.0.
- Follow the directions below to create a new CyberSource certificate and configure it in Magento.
- Confirm your checkout payment form loads successfully.
Configuring the new API Certificate
Open your Admin Panel and go to Stores > Settings > Configuration > Sales > Payment Methods. Toward the bottom of the page, you’ll find a ‘CyberSource’ settings section:
Change the Authentication Type setting to "Simple Order API Certificate".
Now go to your CyberSource Enterprise Business Center (EBC) account. Once you've logged in, click Payment Configuration (the second to last menu icon), then go to Key Management:
Once you’ve loaded the Key Management page, click Generate Key at the top right:
You’ll be taken to an API Key creation form. Select Simple Order API, and then click ‘Generate Key’ to continue:
On the next page, click ‘Download key’:
To continue, you must create a password for the certificate. You don’t need to remember it, but you do need to enter the same password into the Magento settings. We suggest randomly generating a secure password.
Enter a password, and put the same password in the Magento Admin settings in the P12 Certificate Password field. Then in EBC, click ‘Generate key’.
The API key will be automatically downloaded to your computer as a *.p12 file.
Upload this file to the Magento settings page into the P21 Certificate setting.
Now save your Magento configuration.
If you’ve done everything correctly, you should see a green message: Simple Order API connected successfully. If you get a red error message instead, fix any problems it mentions, and recheck the values you entered.
Once you have a successful API test, load your website checkout and go to the payment step to confirm the payment form loads successfully.
If you have multiple CyberSource accounts and websites, you will have to repeat this for each account.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article