HTTP Signature authentication is being deprecated. JWT with Shared Secret is the recommended replacement because:
- Same credentials — Uses the same
apiKeyIDandsecretKeyyou already have for HTTP Signature. No new credentials needed. - Enables MLE — Message Level Encryption (MLE) requires JWT authentication. HTTP Signature does not support MLE.
- Minimal code change — Only two properties need to change in your configuration.
$config->setAuthenticationType("HTTP_SIGNATURE");
$config->setMerchantID("your_merchant_id");
$config->setApiKeyID("your_key_id");
$config->setSecretKey("your_shared_secret");$config->setAuthenticationType("JWT");
$config->setJwtKeyType("SHARED_SECRET");
$config->setMerchantID("your_merchant_id");
$config->setApiKeyID("your_key_id");
$config->setSecretKey("your_shared_secret");That's it. The apiKeyID and secretKey values remain exactly the same.
| Sample | Description |
|---|---|
| SimpleAuthorizationWithJwtSharedSecret.php | Basic payment authorization using JWT + Shared Secret — drop-in replacement for HTTP Signature |
| MLEPaymentWithJwtSharedSecret.php | Payment authorization with MLE enabled — the main benefit of migrating to JWT |
Configuration is defined in Resources/JwtSharedSecretConfiguration.php:
merchantConfigObject()— JWT + Shared Secret (no MLE)merchantConfigObjectWithMLE()— JWT + Shared Secret + MLE enabled (Request MLE on, Response MLE configurable)
When using MLE with Shared Secret credentials, the MLE public certificate must be provided separately via the mleForRequestPublicCertPath property (since there is no P12 file to auto-extract it from).
Download the MLE public certificate from the CyberSource Business Center:
- Test: https://businesscentertest.cybersource.com/ebc2
- Production: https://businesscenter.cybersource.com/ebc2
| Feature | HTTP Signature | JWT with P12 | JWT with Shared Secret |
|---|---|---|---|
| Algorithm | HMAC-SHA256 | RS256 (asymmetric) | HS256 (symmetric) |
| Credentials | Key ID + Shared Secret | P12 certificate file | Key ID + Shared Secret |
| MLE Support | No | Yes | Yes |
| Status | Deprecated | Active | Recommended for migration |