CyberSource API URLs changing
Posted: Tue Dec 01, 2015 9:52 am
Got a notice from CyberSource this morning, stating in part:
We're still on R5, but it looks like the same changes would be needed in R11. Since this requires a source code change, should I file a bug report?
I changed both URLs at the top of the PaymentProvider class in IntegratedProviders/CyberSource/CyberSourceProvider.cs. An address using the test URL is also in IntegratedProviders/CyberSource/cybersource_wcf.config, so I changed that as well, and recompiled the CyberSource project. Also, I had previously copied the info in the cybersource_wcf.config to the site's web.config (the readerQuotas parameters needed to be very large to avoid errors, and changing the info in cybersource_wcf.config in the bin folder didn't help), so I changed the URL in the web.config file too. With those changes and the recompiled CommerceBuilder.CyberSource.dll and the modified cybersource_wcf.config in the web site's bin folder, everything seems to work OK in the test environment on our test server. I haven't tried the live environment on my live server yet, but I don't expect any problems. I'm guessing I didn't have to mess with the certs because the server already trusts GeoTrust's root / intermediate certs.ALL ICS API ACCESS TO OUR DATA CENTERS WILL UTILIZE AKAMAI SUREROUTE TECHNOLOGY AS OF JUNE 30, 2016. THEREFORE, YOU MUST ENSURE YOUR SYSTEMS ARE APPROPRIATELY CONFIGURED FOR ACCESS BY THE MIGRATION DATE.
<snip>
The new, Akamai-dedicated URLs are similar to those you currently use, but with an "a" inserted to designate Akamai routing:
Simple Order API / SOAP Toolkit API
Test Environment: ics2wstesta.ic3.com
Production Environment: ics2wsa.ic3.com
<snip>
Any applications opening secure connections to the CyberSource API endpoints will need to trust the new GeoTrust-signed certificates in use by Akamai. This is currently the case with the ‘a’ domains listed above, and will be the case for the legacy API endpoints after June 30th, 2016 as well. These certificates may be obtained by using a web browser to navigate to either of the URLs listed above and clicking on the ‘padlock’ to view and/or export the certificates as necessary.
CyberSource advises adding either the intermediate or root-level certificates in use for these URLs to your application trust stores in order to ensure uninterrupted transaction processing once you migrate to the Akamai-enabled infrastructure (either on your chosen migration date to the ‘a’ domains, or June 30th, 2016 - whichever comes first).
We're still on R5, but it looks like the same changes would be needed in R11. Since this requires a source code change, should I file a bug report?