npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cybersource-auth

v2.1.0

Published

A Node.js method to generate HTTP headers for CyberSource REST API requests, and validate Cybersource JWT tokens

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

scriptpapiscriptpapi

Keywords

httpcybersourceauthenticationsha256hmacsignaturevisapaymentgatewayrestapi

Readme

Cybersource Authentication

A javascript package that conveniently:

  • Generates your Cybersource API authentication headers for you.
  • Validate your JWT token from Cybersource and decodes.

Installation.

using NPM

npm install cybersource-auth

Or with YARN

yarn add cybersource-auth

Generate Request Headers

This method helps you create your Cybersource API request headers.

Import the package

const { createHeaders } = require('cybersource-auth');

Then just plug in the required params.

If it's a POST or PUT request:

const headers = createHeaders(
    "testrest", // cybersource merchant id
    "apitest.cybersource.com", // your host
    "POST", // http method 
    "/pts/v2/payments", // your target api path
    JSON.stringify(requestPayload), // Your JSON payload as string
    "08c94330-f618-42a3-b09d-e1e43be5efda", // Your key ID from Cybersource
    "yBJxy6LjM2TmcPGu+GaJrHtkke25fPpUX+UY6/L/1tE=" // Cybersource secret key a.k.a Shared Secret
);

Sample output

{
    "v-c-merchant-id": "testrest",
    "Date": "Fri, 07 Mar 2025 18:38:56 GMT",
    "Host": "apitest.cybersource.com",
    "Signature": "keyid=\"08c94330-f618-42a3-b09d-e1e43be5efda\", algorithm=\"HmacSHA256\", headers=\"host date (request-target) digest v-c-merchant-id\", signature=\"Sz74Sw7dRSePxcC/hxUkvnwAgLmrAVB7nCrPcO+j7qE=\"",
    "Content-Type": "application/json",
    "Digest": "SHA-256=yeL5bhMyypYx8RkK8sGx/LcWP2ltjglhXpvBJjXTMdc="
}

Then go ahead and plugs the headers directly in your request, like this:

 try {
    let jsonString = JSON.stringify({
        "targetOrigins": [
            "http://localhost:3000",
            "https://www.example.net"
        ],
        "allowedCardNetworks": [
            "VISA",
            "MASTERCARD",
            "AMEX"
        ],
        "allowedPaymentTypes": [
            "CARD"
        ],
        "clientVersion": "v2.0"
    })
    let requestPath = "/microform/v2/sessions"
    let host = "apitest.cybersource.com"
    let merchantId = "testrest"
    let keyId = "08c94330-f618-42a3-b09d-e1e43be5efda"
    let secretKey = "yBJxy6LjM2TmcPGu+GaJrHtkke25fPpUX+UY6/L/1tE="

    const requestHeaders = createHeaders(
        merchantId,
        host,
        "POST",
        requestPath,
        jsonString,
        keyId,
        secretKey
    )

    let cybsResponse = await axios.post(
        "https://" + host + requestPath,
        jsonString,
        {
            headers: requestHeaders
        }
    )
    response.status(cybsResponse.status).send(cybsResponse.data)
} catch (error) {
    response.status(500).send(error.message);
}

If it's a GET request:

const headers = createHeaders(
    "testrest", // cybersource merchant id
    "apitest.cybersource.com", // your host
    "GET", // http method 
    "/invoicing/v2/invoiceSettings", // your target api path
    '', // just an empty string
    "08c94330-f618-42a3-b09d-e1e43be5efda", // Your key ID from Cybersource
    "yBJxy6LjM2TmcPGu+GaJrHtkke25fPpUX+UY6/L/1tE=" // Cybersource secret key a.k.a Shared Secret
);

Sample output. Note how the absence of the 'Digest' header.

{
    "v-c-merchant-id": "testrest",
    "Date": "Fri, 07 Mar 2025 16:56:09 GMT",
    "Host": "apitest.cybersource.com",
    "Signature": "keyid=\"08c94330-f618-42a3-b09d-e1e43be5efda\", algorithm=\"HmacSHA256\", headers=\"host date (request-target) v-c-merchant-id\", signature=\"WDaGQFWDaeSeveTXxvFBAOgiVFOGscNHPel2tOaMifQ=\"",
    "Content-Type": "application/json"
}

Then go ahead and plugs the headers directly in your request, like this:

try {
    let jsonString = ''
    let requestPath = "/invoicing/v2/invoiceSettings"
    let host = "apitest.cybersource.com"
    let merchantId = "testrest"
    let keyId = "08c94330-f618-42a3-b09d-e1e43be5efda"
    let secretKey = "yBJxy6LjM2TmcPGu+GaJrHtkke25fPpUX+UY6/L/1tE="

    const requestHeaders = createHeaders(
        merchantId,
        host,
        "GET",
        requestPath,
        jsonString, 
        keyId,
        secretKey
    )

    let cybsResponse = await axios.get(
        "https://" + host + requestPath,
        {
            headers: requestHeaders
        }
    )
    response.status(cybsResponse.status).send(cybsResponse)
} catch (error) {
    response.status(500).send(error.message);
}

Validate JWT

const { validateJwt } = require('cybersource-auth');

Then plug in the token and your host:

let jwtToken = "big.JwtToken.String"
let host = "apitest.cybersource.com"
let decoded = await validateJwt(jwtToken, host)

If token is valid, the decoded output would be:

{
    "flx": {
        "path": "/flex/v2/tokens",
        "data": "q1SrfE6JO3aYhV7tmuEO3xAAEAGaC/flb/z5754fOJ8Ypza+kZwcb0YhJ1ih1D1WxzUiYgYwpgiCZ0NOrObwkAMmUP3bh5CsvbhQT2CZtmkj/d/wAYUIOfBn4mqFbWmSNgmd",
        "origin": "https://testflex.cybersource.com",
        "jwk": {
            "kty": "RSA",
            "e": "AQAB",
            "use": "enc",
            "n": "3iYvhPuMQoyH_xX8AiI3orn0yjxvr4ufIkSmoxVSmOFg12sTVbRAPUdS5TrZAKJUwhdpLaoVoC5-TtQTYwkIXagEC4QAmdYllqmH0fw0lfckyTMzAtLvFX6rqU7jkHf-QgIxDohwQiXLhEe06Kre6RqNtL-5vwug4uT6peLaI5q1EoDSZa1nWSqLAXCKuVMw3qfGxVvrFl_r-K8DblG3xHrYDn0XHVeBURpIh-UlnyeZJXj72GsyrxZy0J-uk6LUOQQSuJJan0cHgy164UZAcedTRDFvuIQQf8s5ieTG6mm9g8WoMeTdpYZSSUFaMdrZqPAQeMYueYInCXfzjMnjCw",
            "kid": "07IywPACanM9UPuO9TQ6riy88mEdqUv6"
        }
    },
    "ctx": [
        {
            "data": {
                "clientLibraryIntegrity": "sha256-4TUKBd3VMIGGNs1ZLzfU6bG0YG4kUScSOtPu5ec7Ygo=",
                "clientLibrary": "https://testflex.cybersource.com/microform/bundle/v2.0.2/flex-microform.min.js",
                "allowedCardNetworks": [
                    "VISA",
                    "MASTERCARD",
                    "AMEX"
                ],
                "targetOrigins": [
                    "http://localhost:3000",
                    "https://www.example.net"
                ],
                "mfOrigin": "https://testflex.cybersource.com"
            },
            "type": "mf-2.0.0"
        }
    ],
    "iss": "Flex API",
    "exp": 1741417277,
    "iat": 1741416377,
    "jti": "YEoklGF9hS78usgy"
}