Skip to content

README.md

Latest commit

 

History

History
64 lines (44 loc) · 2.61 KB

README.md

File metadata and controls

64 lines (44 loc) · 2.61 KB
Raw

JWT Authentication with Shared Secret (HS256)

Why Migrate from HTTP Signature?

HTTP Signature authentication is being deprecated. JWT with Shared Secret is the recommended replacement because:

  1. Same credentials — Uses the same apiKeyID and secretKey you already have for HTTP Signature. No new credentials needed.
  2. Enables MLE — Message Level Encryption (MLE) requires JWT authentication. HTTP Signature does not support MLE.
  3. Minimal code change — Only two properties need to change in your configuration.

Migration from HTTP Signature

Before (HTTP Signature)

$config->setAuthenticationType("HTTP_SIGNATURE");
$config->setMerchantID("your_merchant_id");
$config->setApiKeyID("your_key_id");
$config->setSecretKey("your_shared_secret");

After (JWT with Shared Secret)

$config->setAuthenticationType("JWT");
$config->setJwtKeyType("SHARED_SECRET");
$config->setMerchantID("your_merchant_id");
$config->setApiKeyID("your_key_id");
$config->setSecretKey("your_shared_secret");

That's it. The apiKeyID and secretKey values remain exactly the same.

Samples in This Folder

Sample Description
SimpleAuthorizationWithJwtSharedSecret.php Basic payment authorization using JWT + Shared Secret — drop-in replacement for HTTP Signature
MLEPaymentWithJwtSharedSecret.php Payment authorization with MLE enabled — the main benefit of migrating to JWT

Configuration

Configuration is defined in Resources/JwtSharedSecretConfiguration.php:

  • merchantConfigObject() — JWT + Shared Secret (no MLE)
  • merchantConfigObjectWithMLE() — JWT + Shared Secret + MLE enabled (Request MLE on, Response MLE configurable)

MLE Certificate

When using MLE with Shared Secret credentials, the MLE public certificate must be provided separately via the mleForRequestPublicCertPath property (since there is no P12 file to auto-extract it from).

Download the MLE public certificate from the CyberSource Business Center:

Comparison of Authentication Types

Feature HTTP Signature JWT with P12 JWT with Shared Secret
Algorithm HMAC-SHA256 RS256 (asymmetric) HS256 (symmetric)
Credentials Key ID + Shared Secret P12 certificate file Key ID + Shared Secret
MLE Support No Yes Yes
Status Deprecated Active Recommended for migration