cybersource_rest_client 0.0.83 → 0.0.84

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c7b2145187caddc5e65d832429b125682e89bd7cb5524cce56ac174480dd8fb8
-  data.tar.gz: '05439a8ea021577faf619bc4ceff17236524baf1cfaa3738f8712ae278c1f671'
+  metadata.gz: bb5d050b359e9fefb56a6f04e11510cc45f1c1b6f033a621495b4f82ff2d8a64
+  data.tar.gz: b8e37d57a3d3ec9a63ce79cb5115df8c41bedaeef333d774673f4ae07aafecc4
 SHA512:
-  metadata.gz: 82bf63f6b1166f9822849d41bbad0999a78318d158bd891af281e7cee28b6f421b45cc56c6bb309feaf660ecdd1551801976f5091f7bc5419c82f7fdd8e70e27
-  data.tar.gz: a2b31e89fea58024cf133481dc8ee379a7ab7f94d810150b77738456f62763125da4a0d0c7342cb7adc4cb05aa365c39ff8afe254ba65e089c7ce6f7146a96ad
+  metadata.gz: f712d7cca99ab978f9115b6dea2849c27c65ed3d899d5614d5687426f8d6b90d5b123f12647e7e3356f09028264f6a2a25f5a0dbeb3992af776533448f754836
+  data.tar.gz: bf26f45d42ad16decfe75998c29b338e0a111d36290064a2ac625f14627c47927e8828ca32e991bd067b07fdf5f21740f03278948f202f5192a569068321ea4e

data/lib/AuthenticationSDK/authentication/jwt/JwtToken.rb

@@ -22,19 +22,41 @@ public
       @log_obj = Log.new merchantconfig_obj.log_config, "JwtToken"
 
       begin
-        # Get payload claim set for JWTv2
+        # Get payload claim set for JWTv2 (identical for both key types)
         payload_claim_set = getPayloadClaimSet(merchantconfig_obj, isResponseMLEForApi)
-        
-        # Get cached certificate and private key
-        cache_value = Cache.new.fetchCachedP12Certificate(merchantconfig_obj)
-        private_key = cache_value.private_key
-        jwt_cert_obj = cache_value.cert
-
-        # Get header claim set for JWTv2
-        header_claim_set = getHeaderClaimSet(jwt_cert_obj)
-        
-        # Generate JWT token using RS256 algorithm
-        token = JWT.encode(payload_claim_set, private_key, 'RS256', header_claim_set)
+        token = ''
+        if merchantconfig_obj.is_shared_secret_key_type?
+          # Shared Secret (HMAC-SHA256) signing
+          @log_obj.logger.debug('Generating JWT token using shared secret (HS256)')
+
+          secret_key = merchantconfig_obj.merchantSecretKey
+          begin
+            secret_key_decoded = Base64.strict_decode64(secret_key)
+            rescue ArgumentError => e
+            raise StandardError.new("Invalid base64-encoded secret key: #{e.message}")
+          end
+
+          # Get header claim set with merchantKeyId as kid
+          header_claim_set = getHeaderClaimSet(merchant_key_id: merchantconfig_obj.merchantKeyId)
+
+          # Generate JWT token using HS256 algorithm
+          token = JWT.encode(payload_claim_set, secret_key_decoded, 'HS256', header_claim_set)
+        else
+          # P12 Certificate (RSA-SHA256) signing — existing behavior
+          @log_obj.logger.debug('Generating JWT token using P12 certificate (RS256)')
+
+          # Get cached certificate and private key
+          cache_value = Cache.new.fetchCachedP12Certificate(merchantconfig_obj)
+          private_key = cache_value.private_key
+          jwt_cert_obj = cache_value.cert
+
+          # Get header claim set with certificate serial number as kid
+          header_claim_set = getHeaderClaimSet(certificate: jwt_cert_obj)
+
+          # Generate JWT token using RS256 algorithm
+          token = JWT.encode(payload_claim_set, private_key, 'RS256', header_claim_set)
+        end
+
         return token
       rescue StandardError => err
         if err.message.include? 'PKCS12_parse: mac verify failure'
@@ -68,7 +90,7 @@ public
       # Set the request method, host and resource path in the JWT body as per the specification for all request types
       jwt_payload['request-method'] = request_type
       jwt_payload['request-host'] = merchantconfig_obj.requestHost
-      jwt_payload['request-resource-path'] = extractResourcePath(merchantconfig_obj.requestTarget)
+      jwt_payload['request-resource-path'] = merchantconfig_obj.requestTarget
 
       # Choose issuer claim in the JWT body as per the use_metakey flag in the config file
       if merchantconfig_obj.useMetaKey
@@ -90,26 +112,23 @@ public
       return jwt_payload
     end
 
-    def getHeaderClaimSet(jwt_cert_obj)
-      # Extract serial number from certificate for kid header
-      serial_number = MLEUtility.extract_serial_number_from_certificate(jwt_cert_obj)
-      
+    def getHeaderClaimSet(merchant_key_id: nil, certificate: nil)
+      kid_value = ''
+      if !certificate.nil?
+        kid_value = MLEUtility.extract_serial_number_from_certificate(certificate)
+      elsif !merchant_key_id.nil? && !merchant_key_id.to_s.empty?
+        kid_value = merchant_key_id
+      else
+        raise StandardError.new("Either certificate or merchant_key_id must be provided for JWT header")
+      end
+
       jwt_headers = {
-        'kid' => serial_number,
+        'kid' => kid_value,
         'typ' => 'JWT'
       }
 
-      # Add any other future parameters to the header claim set here
       return jwt_headers
     end
 
-    def extractResourcePath(request_target)
-      return '' if request_target.nil? || request_target.empty?
-      
-      # Split the string to remove the query params
-      parts = request_target.split('?', 2)
-      return parts[0]
-    end
-
     implements TokenInterface
   end

data/lib/AuthenticationSDK/core/MerchantConfig.rb

@@ -28,9 +28,11 @@ public
       @keyAlias = cybsPropertyObj['keyAlias']
       @keyPass = cybsPropertyObj['keyPass']
       @keyFilename = cybsPropertyObj['keyFilename']
+      @jwtKeyType = cybsPropertyObj['jwtKeyType'] ? cybsPropertyObj['jwtKeyType'].to_s.upcase : Constants::JWT_KEY_TYPE_P12
       @useMetaKey = cybsPropertyObj['useMetaKey']
       @portfolioID = cybsPropertyObj['portfolioID']
       @solutionId = cybsPropertyObj['solutionId']
+      @isSDK = cybsPropertyObj['isSDK'] == true || cybsPropertyObj['isSDK'].to_s.strip.casecmp?('true')
       @p12KeyFilePath = nil
       # MutualAuth & OAuth Parameters
       @enableClientCert = cybsPropertyObj['enableClientCert']
@@ -229,40 +231,52 @@ public
         elsif !@merchantId.instance_of? String
           @merchantId=@merchantId.to_s
         end
-        if @keyAlias.to_s.empty?
-          @keyAlias = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_ALIAS_NULL_EMPTY)
-        elsif !@keyAlias.instance_of? String
-          @keyAlias=@keyAlias.to_s
-        end
-        if !@useMetaKey && @keyAlias != @merchantId
-          @keyAlias = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::INCORRECT_KEY_ALIAS)
-        end
-        if @useMetaKey && @keyAlias != @portfolioID
-          @keyAlias = @portfolioID
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::INCORRECT_KEY_ALIAS_USE_METAKEY)
-        end
-        if @keyPass.to_s.empty?
-          @keyPass = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_PASS_NULL)
-        elsif !@keyPass.instance_of? String
-          @keyPass=@keyPass.to_s
-        end
-        if @keysDirectory.to_s.empty?
-          @keysDirectory = Constants::DEFAULT_KEY_DIRECTORY
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_DIRECTORY_EMPTY + @keysDirectory)
-        elsif !@keysDirectory.instance_of? String
-          @keysDirectory=@keysDirectory.to_s
-        end
-        if @keyFilename.to_s.empty?
-          @keyFilename = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_FILE_NAME_NULL_EMPTY)
-        elsif !@keyFilename.instance_of? String
-          @keyFilename=@keyFilename.to_s
-        end
-        if !check_key_file
-          @log_obj.logger.error(ExceptionHandler.new.new_custom_error "Error finding or accessing the Key Directory or Key File. Please review the values in the merchant configuration.")
+
+        # Validate jwtKeyType
+        check_jwt_key_type
+
+        if is_shared_secret_key_type?
+          # Shared Secret validation — same credentials as HTTP_SIGNATURE
+          validateSharedSecretKeyCredentials()
+        else
+          # P12 validation (existing behavior)
+          if @keyAlias.to_s.empty?
+            @keyAlias = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_ALIAS_NULL_EMPTY)
+          elsif !@keyAlias.instance_of? String
+            @keyAlias=@keyAlias.to_s
+          end
+          if !@useMetaKey && @keyAlias != @merchantId
+            @keyAlias = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::INCORRECT_KEY_ALIAS)
+          end
+          if @useMetaKey && @keyAlias != @portfolioID
+            @keyAlias = @portfolioID
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::INCORRECT_KEY_ALIAS_USE_METAKEY)
+          end
+          if @keyPass.to_s.empty?
+            @keyPass = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_PASS_NULL)
+          elsif !@keyPass.instance_of? String
+            @keyPass=@keyPass.to_s
+          end
+          if @keysDirectory.to_s.empty?
+            @keysDirectory = Constants::DEFAULT_KEY_DIRECTORY
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_DIRECTORY_EMPTY + @keysDirectory)
+          elsif !@keysDirectory.instance_of? String
+            @keysDirectory=@keysDirectory.to_s
+          end
+          if @keyFilename.to_s.empty?
+            @keyFilename = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_FILE_NAME_NULL_EMPTY)
+          elsif !@keyFilename.instance_of? String
+            @keyFilename=@keyFilename.to_s
+          end
+          if !check_key_file
+            err = StandardError.new(Constants::ERROR_PREFIX + "Cannot find or access the Key Directory or Key File. Please review the values in the merchant configuration.")
+            @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+            raise err
+          end
         end
       end
       if @authenticationType.upcase == Constants::AUTH_TYPE_MUTUAL_AUTH
@@ -305,20 +319,7 @@ public
         elsif !@merchantId.instance_of? String
           @merchantId=@merchantId.to_s
         end
-        if @merchantKeyId.to_s.empty?
-          err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_KEY_ID_MANDATORY)
-          @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
-          raise err
-        elsif !@merchantKeyId.instance_of? String
-          @merchantKeyId=@merchantKeyId.to_s
-        end
-        if @merchantSecretKey.to_s.empty?
-          err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_SECRET_KEY_MANDATORY)
-          @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
-          raise err
-        elsif !@merchantSecretKey.instance_of? String
-          @merchantSecretKey=@merchantSecretKey.to_s
-        end
+        validateSharedSecretKeyCredentials()
       end
       if @useMetaKey && @portfolioID.to_s.empty?
         err = StandardError.new(Constants::ERROR_PREFIX+ Constants::PORTFOLIO_ID_MANDATORY)
@@ -337,6 +338,23 @@ public
       end
     end
 
+    def validateSharedSecretKeyCredentials()
+      if @merchantKeyId.to_s.empty?
+        err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_KEY_ID_MANDATORY)
+        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        raise err
+      elsif !@merchantKeyId.instance_of? String
+        @merchantKeyId=@merchantKeyId.to_s
+      end
+      if @merchantSecretKey.to_s.empty?
+        err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_SECRET_KEY_MANDATORY)
+        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        raise err
+      elsif !@merchantSecretKey.instance_of? String
+        @merchantSecretKey=@merchantSecretKey.to_s
+      end
+    end
+
     def validateMLEConfiguration(cybsPropertyObj)
       if !@useMLEGlobally.nil? && !cybsPropertyObj['enableRequestMLEForOptionalApisGlobally'].nil?
         if @useMLEGlobally != cybsPropertyObj['enableRequestMLEForOptionalApisGlobally']
@@ -588,6 +606,20 @@ public
       @log_obj.logger.info('Merchant Configuration :\n' + propertyObj.to_s)
     end
 
+    # Returns true when jwtKeyType is SHARED_SECRET
+    def is_shared_secret_key_type?
+      !@jwtKeyType.nil? && @jwtKeyType.upcase == Constants::JWT_KEY_TYPE_SHARED_SECRET
+    end
+
+    # Validates that jwtKeyType is either P12 or SHARED_SECRET
+    def check_jwt_key_type
+      unless @jwtKeyType.upcase == Constants::JWT_KEY_TYPE_P12 || @jwtKeyType.upcase == Constants::JWT_KEY_TYPE_SHARED_SECRET
+        err = StandardError.new(Constants::ERROR_PREFIX + Constants::INVALID_JWT_KEY_TYPE)
+        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        raise err
+      end
+    end
+
     def check_key_file
       # Directory exists?
       unless Dir.exist?(@keysDirectory)
@@ -629,6 +661,7 @@ public
     attr_accessor :keyAlias
     attr_accessor :keyPass
     attr_accessor :keyFilename
+    attr_accessor :jwtKeyType
     attr_accessor :useMetaKey
     attr_accessor :portfolioID
     attr_accessor :keepAliveTime
@@ -652,6 +685,7 @@ public
     attr_accessor :requestTarget
     attr_accessor :log_obj
     attr_accessor :solutionId
+    attr_accessor :isSDK
     attr_accessor :defaultCustomHeaders
     attr_accessor :pemFileDirectory
     attr_accessor :useMLEGlobally

data/lib/AuthenticationSDK/util/Cache.rb

@@ -126,8 +126,8 @@ public
       if merchantConfig.mleForRequestPublicCertPath && !merchantConfig.mleForRequestPublicCertPath.strip.empty?
         certificate_identifier = Constants::MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT
         certificate_file_path = merchantConfig.mleForRequestPublicCertPath
-      # Priority #2: If mleForRequestPublicCertPath not provided, get mlecert from p12 if provided and jwt auth type
-      elsif Constants::AUTH_TYPE_JWT.downcase == merchantConfig.authenticationType.downcase && merchantConfig.p12KeyFilePath
+      # Priority #2: If mleForRequestPublicCertPath not provided, get mlecert from p12 if provided and jwt auth type (only for P12 key type, not SHARED_SECRET)
+      elsif Constants::AUTH_TYPE_JWT.downcase == merchantConfig.authenticationType.downcase && !merchantConfig.is_shared_secret_key_type? && merchantConfig.p12KeyFilePath
         certificate_identifier = Constants::MLE_CACHE_IDENTIFIER_FOR_P12_CERT
         certificate_file_path = merchantConfig.p12KeyFilePath
       # Priority #3: Get mlecert from default cert in SDK as per CAS or PROD env.
@@ -224,10 +224,13 @@ public
           merchant_config.responseMlePrivateKeyFilePassword
         )
 
-        merchant_cert = Utility.getCertificateBasedOnKeyAlias(certificate_list, merchant_config.merchantId)
+        # Use correct alias for MetaKey mode: portfolioID when useMetaKey is true, merchantId otherwise
+        response_mle_key_alias = merchant_config.useMetaKey ? merchant_config.portfolioID : merchant_config.merchantId
+
+        merchant_cert = Utility.getCertificateBasedOnKeyAlias(certificate_list, response_mle_key_alias)
 
         if merchant_cert.nil?
-          raise StandardError.new("No certificate found for Response MLE Private Key file with merchant ID alias #{merchant_config.merchantId}")
+          raise StandardError.new("No certificate found for Response MLE Private Key file with alias '#{response_mle_key_alias}'")
         end
 
         # Check if this is a CyberSource-generated P12 file

data/lib/AuthenticationSDK/util/Constants.rb

@@ -66,6 +66,12 @@
 
       AUTH_TYPE_JWT = 'JWT' unless const_defined?(:AUTH_TYPE_JWT)
 
+      JWT_KEY_TYPE_P12 = 'P12' unless const_defined?(:JWT_KEY_TYPE_P12)
+
+      JWT_KEY_TYPE_SHARED_SECRET = 'SHARED_SECRET' unless const_defined?(:JWT_KEY_TYPE_SHARED_SECRET)
+
+      INVALID_JWT_KEY_TYPE = "Invalid jwtKeyType. Must be 'P12' or 'SHARED_SECRET'." unless const_defined?(:INVALID_JWT_KEY_TYPE)
+
       OLD_RUN_ENVIRONMENT_CONSTANTS = ['CYBERSOURCE.ENVIRONMENT.SANDBOX', 'CYBERSOURCE.ENVIRONMENT.PRODUCTION', 'CYBERSOURCE.IN.ENVIRONMENT.SANDBOX', 'CYBERSOURCE.IN.ENVIRONMENT.PRODUCTION', 'BANKOFAMERICA.ENVIRONMENT.SANDBOX', 'BANKOFAMERICA.ENVIRONMENT.PRODUCTION']
 
       # constants for fall back logic

data/lib/AuthenticationSDK/util/MLEUtility.rb

@@ -48,6 +48,15 @@ public
         return requestBody
       end
 
+      # Check if using shared secret JWT without explicit MLE certificate path
+      if mleCertificate.nil? &&
+         Constants::AUTH_TYPE_JWT.downcase == merchantConfig.authenticationType.downcase &&
+         merchantConfig.is_shared_secret_key_type?
+        @log_obj.logger.debug("MLE for requests with JWT shared secret authentication requires mleForRequestPublicCertPath to be explicitly provided in merchant configuration.")
+        @log_obj.logger.debug("Please set mleForRequestPublicCertPath to the path of your MLE public certificate file.")
+        raise StandardError.new(Constants::ERROR_PREFIX + "Missing MLE certificate for JWT shared secret authentication. Please provide the MLE public certificate path in the configuration.")
+      end
+
       begin
         serial_number = self.extract_serial_number_from_certificate(mleCertificate)
 

data/lib/cybersource_rest_client/api/batches_api.rb

@@ -239,7 +239,7 @@ module CyberSource
       # header parameters
       header_params = {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json;charset=utf-8'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json', 'application/json;charset=utf-8'])
       # HTTP header 'Content-Type'
       header_params['Content-Type'] = @api_client.select_header_content_type(['application/json;charset=utf-8'])
 

data/lib/cybersource_rest_client/api/create_new_webhooks_api.rb

@@ -138,7 +138,7 @@ module CyberSource
       # header parameters
       header_params = {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/hal+json;charset=utf-8'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json;charset=utf-8'])
       # HTTP header 'Content-Type'
       header_params['Content-Type'] = @api_client.select_header_content_type(['application/json;charset=utf-8'])
 
@@ -182,27 +182,27 @@ module CyberSource
     # Create Webhook Security Keys
     # Create security keys that CyberSource will use internally to connect to your servers and validate messages using a digital signature.  Select the CREATE example for CyberSource to generate the key on our server and maintain it for you as well. Remember to save the key in the API response, so that you can use it to validate messages later. 
     #
-    # @param v_c_sender_organization_id Sender organization id
-    # @param v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @param [Hash] opts the optional parameters
     # @option opts [String] :v_c_correlation_id A globally unique id associated with your request
+    # @option opts [String] :v_c_sender_organization_id Sender organization id
+    # @option opts [String] :v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @option opts [SaveSymEgressKey] :save_sym_egress_key Provide egress Symmetric key information to save (create or store or refresh)
     # @return [InlineResponse2015]
     #
-    def save_sym_egress_key(v_c_sender_organization_id, v_c_permissions, opts = {})
-      data, status_code, headers = save_sym_egress_key_with_http_info(v_c_sender_organization_id, v_c_permissions, opts)
+    def save_sym_egress_key(opts = {})
+      data, status_code, headers = save_sym_egress_key_with_http_info(opts)
       return data, status_code, headers
     end
 
     # Create Webhook Security Keys
     # Create security keys that CyberSource will use internally to connect to your servers and validate messages using a digital signature.  Select the CREATE example for CyberSource to generate the key on our server and maintain it for you as well. Remember to save the key in the API response, so that you can use it to validate messages later. 
-    # @param v_c_sender_organization_id Sender organization id
-    # @param v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @param [Hash] opts the optional parameters
     # @option opts [String] :v_c_correlation_id A globally unique id associated with your request
+    # @option opts [String] :v_c_sender_organization_id Sender organization id
+    # @option opts [String] :v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @option opts [SaveSymEgressKey] :save_sym_egress_key Provide egress Symmetric key information to save (create or store or refresh)
     # @return [Array<(InlineResponse2015, Fixnum, Hash)>] InlineResponse2015 data, response status code and response headers
-    def save_sym_egress_key_with_http_info(v_c_sender_organization_id, v_c_permissions, opts = {})
+    def save_sym_egress_key_with_http_info(opts = {})
 
       if @api_client.config.debugging
           begin
@@ -212,22 +212,14 @@ module CyberSource
                 puts 'Cannot write to log'
             end
       end
-      # verify the required parameter 'v_c_sender_organization_id' is set
-      if @api_client.config.client_side_validation && v_c_sender_organization_id.nil?
-        fail ArgumentError, "Missing the required parameter 'v_c_sender_organization_id' when calling CreateNewWebhooksApi.save_sym_egress_key"
-      end
-      #if @api_client.config.client_side_validation && v_c_sender_organization_id !~ Regexp.new(/^[A-Za-z0-9\\-_]+$/)
-        #fail ArgumentError, "invalid value for 'v_c_sender_organization_id' when calling CreateNewWebhooksApi.save_sym_egress_key, must conform to the pattern /^[A-Za-z0-9\\-_]+$/."
-      #end
-
-      # verify the required parameter 'v_c_permissions' is set
-      if @api_client.config.client_side_validation && v_c_permissions.nil?
-        fail ArgumentError, "Missing the required parameter 'v_c_permissions' when calling CreateNewWebhooksApi.save_sym_egress_key"
-      end
       #if @api_client.config.client_side_validation && !opts[:'v_c_correlation_id'].nil? && opts[:'v_c_correlation_id'] !~ Regexp.new(/^[A-Za-z0-9\\.\\-_:]+$/)
         #fail ArgumentError, "invalid value for 'opts[:\"v_c_correlation_id\"]' when calling CreateNewWebhooksApi.save_sym_egress_key, must conform to the pattern /^[A-Za-z0-9\\.\\-_:]+$/."
       #end
 
+      #if @api_client.config.client_side_validation && !opts[:'v_c_sender_organization_id'].nil? && opts[:'v_c_sender_organization_id'] !~ Regexp.new(/^[A-Za-z0-9\\-_]+$/)
+        #fail ArgumentError, "invalid value for 'opts[:\"v_c_sender_organization_id\"]' when calling CreateNewWebhooksApi.save_sym_egress_key, must conform to the pattern /^[A-Za-z0-9\\-_]+$/."
+      #end
+
       # resource path
       local_var_path = 'kms/egress/v2/keys-sym'
 
@@ -240,9 +232,9 @@ module CyberSource
       header_params['Accept'] = @api_client.select_header_accept(['application/hal+json;charset=utf-8'])
       # HTTP header 'Content-Type'
       header_params['Content-Type'] = @api_client.select_header_content_type(['application/json;charset=utf-8'])
-      header_params[:'v-c-sender-organization-id'] = v_c_sender_organization_id
-      header_params[:'v-c-permissions'] = v_c_permissions
       header_params[:'v-c-correlation-id'] = opts[:'v_c_correlation_id'] if !opts[:'v_c_correlation_id'].nil?
+      header_params[:'v-c-sender-organization-id'] = opts[:'v_c_sender_organization_id'] if !opts[:'v_c_sender_organization_id'].nil?
+      header_params[:'v-c-permissions'] = opts[:'v_c_permissions'] if !opts[:'v_c_permissions'].nil?
 
       # form parameters
       form_params = {}

data/lib/cybersource_rest_client/api/credentials_api.rb

@@ -0,0 +1,104 @@
+=begin
+#CyberSource Merged Spec
+
+#All CyberSource API specs merged together. These are available at https://developer.cybersource.com/api/reference/api-reference.html
+
+OpenAPI spec version: 0.0.1
+
+Generated by: https://github.com/swagger-api/swagger-codegen.git
+Swagger Codegen version: 2.4.38
+=end
+
+require 'uri'
+require 'AuthenticationSDK/util/MLEUtility'
+module CyberSource
+  class CredentialsApi
+    attr_accessor :api_client
+
+    def initialize(api_client = ApiClient.default, config)
+      @api_client = api_client
+      @api_client.set_configuration(config)
+    end
+    # Provision MPP credentials
+    # Provisions an encrypted MPP credential for use as the credential payload in an Authorization: Payment header (MPP spec Section 8.2). The caller provides an instrument identifier (referencing a stored card in TMS) and the challenge context from the merchant's 402 response, including the merchant's RSA public encryption key. This service:   1. Calls TMS to retrieve the network token and cryptogram for the instrument.   2. Builds the token plaintext (MPP spec Section 8.3, type: network_token).   3. Encrypts the plaintext using RSA-OAEP with SHA-256 and the merchant's public key.   4. Returns the MPP credential payload fields (MPP spec Section 8.2, Table 4). 
+    #
+    # @param mpp_credentials_request 
+    # @param [Hash] opts the optional parameters
+    # @return [MppCredentialsResponse200]
+    #
+    def provision_mpp_credentials(mpp_credentials_request, opts = {})
+      data, status_code, headers = provision_mpp_credentials_with_http_info(mpp_credentials_request, opts)
+      return data, status_code, headers
+    end
+
+    # Provision MPP credentials
+    # Provisions an encrypted MPP credential for use as the credential payload in an Authorization: Payment header (MPP spec Section 8.2). The caller provides an instrument identifier (referencing a stored card in TMS) and the challenge context from the merchant's 402 response, including the merchant's RSA public encryption key. This service:   1. Calls TMS to retrieve the network token and cryptogram for the instrument.   2. Builds the token plaintext (MPP spec Section 8.3, type: network_token).   3. Encrypts the plaintext using RSA-OAEP with SHA-256 and the merchant's public key.   4. Returns the MPP credential payload fields (MPP spec Section 8.2, Table 4). 
+    # @param mpp_credentials_request 
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(MppCredentialsResponse200, Fixnum, Hash)>] MppCredentialsResponse200 data, response status code and response headers
+    def provision_mpp_credentials_with_http_info(mpp_credentials_request, opts = {})
+
+      if @api_client.config.debugging
+          begin
+            raise
+                @api_client.config.logger.debug 'Calling API: CredentialsApi.provision_mpp_credentials ...'
+            rescue
+                puts 'Cannot write to log'
+            end
+      end
+      # verify the required parameter 'mpp_credentials_request' is set
+      if @api_client.config.client_side_validation && mpp_credentials_request.nil?
+        fail ArgumentError, "Missing the required parameter 'mpp_credentials_request' when calling CredentialsApi.provision_mpp_credentials"
+      end
+      # resource path
+      local_var_path = 'acp/v1/mpp/credentials'
+
+      # query parameters
+      query_params = {}
+
+      # header parameters
+      header_params = {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/hal+json;charset=utf-8'])
+      # HTTP header 'Content-Type'
+      header_params['Content-Type'] = @api_client.select_header_content_type(['application/json;charset=utf-8'])
+
+      # form parameters
+      form_params = {}
+
+      # http body (model)
+      post_body = @api_client.object_to_http_body(mpp_credentials_request)
+      sdk_tracker = SdkTracker.new
+      post_body = sdk_tracker.insert_developer_id_tracker(post_body, 'MppCredentialsRequest', @api_client.config.host, @api_client.merchantconfig.defaultDeveloperId)
+      inbound_mle_status = "mandatory"
+      if MLEUtility.check_is_mle_for_API(@api_client.merchantconfig, inbound_mle_status, ["provision_mpp_credentials","provision_mpp_credentials_with_http_info"])
+        begin
+          post_body = MLEUtility.encrypt_request_payload(@api_client.merchantconfig, post_body)
+        rescue
+          raise
+        end
+      end
+
+      is_response_mle_for_api = MLEUtility.check_is_response_mle_for_api(@api_client.merchantconfig, ["provision_mpp_credentials","provision_mpp_credentials_with_http_info"])
+
+      auth_names = []
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path,
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => 'MppCredentialsResponse200',
+        :isResponseMLEForApi => is_response_mle_for_api)
+      if @api_client.config.debugging
+        begin
+        raise
+            @api_client.config.logger.debug "API called: CredentialsApi#provision_mpp_credentials\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+        rescue
+            puts 'Cannot write to log'
+        end
+      end
+      return data, status_code, headers
+    end
+  end
+end

data/lib/cybersource_rest_client/api/customer_payment_instrument_api.rb

@@ -210,7 +210,7 @@ module CyberSource
     # @option opts [String] :profile_id The Id of a profile containing user specific TMS configuration.
     # @option opts [Integer] :offset Starting record in zero-based dataset that should be returned as the first object in the array. Default is 0. (default to 0)
     # @option opts [Integer] :limit The maximum number that can be returned in the array starting from the offset record in zero-based dataset. Default is 20, maximum is 100. (default to 20)
-    # @return [PaymentInstrumentList]
+    # @return [PaymentInstrumentList1]
     #
     def get_customer_payment_instruments_list(customer_id, opts = {})
       data, status_code, headers = get_customer_payment_instruments_list_with_http_info(customer_id, opts)
@@ -224,7 +224,7 @@ module CyberSource
     # @option opts [String] :profile_id The Id of a profile containing user specific TMS configuration.
     # @option opts [Integer] :offset Starting record in zero-based dataset that should be returned as the first object in the array. Default is 0.
     # @option opts [Integer] :limit The maximum number that can be returned in the array starting from the offset record in zero-based dataset. Default is 20, maximum is 100.
-    # @return [Array<(PaymentInstrumentList, Fixnum, Hash)>] PaymentInstrumentList data, response status code and response headers
+    # @return [Array<(PaymentInstrumentList1, Fixnum, Hash)>] PaymentInstrumentList1 data, response status code and response headers
     def get_customer_payment_instruments_list_with_http_info(customer_id, opts = {})
 
       if @api_client.config.debugging
@@ -282,7 +282,7 @@ module CyberSource
         :form_params => form_params,
         :body => post_body,
         :auth_names => auth_names,
-        :return_type => 'PaymentInstrumentList',
+        :return_type => 'PaymentInstrumentList1',
         :isResponseMLEForApi => is_response_mle_for_api)
       if @api_client.config.debugging
         begin

data/lib/cybersource_rest_client/api/enrollment_api.rb

@@ -20,7 +20,7 @@ module CyberSource
       @api_client.set_configuration(config)
     end
     # Enroll a card
-    # Enroll a card for tokenization during the customer's account registration or when the customer starts a new purchase intent.
+    # Enroll a payment card for agentic or e-commerce transactions. This is typically the first step in the Intelligent Commerce payment lifecycle — the agent calls this endpoint to register a consumer's card, creating a tokenized reference that can be used in subsequent purchase instructions and payment credential retrieval. Requires device information, consumer identity, billing details, and payment instrument references. Returns a status of ACTIVE (HTTP 200) if enrollment completes immediately, or PENDING (HTTP 202) with pendingEvents if cardholder authentication is required. Call this endpoint when a consumer wants to add a new payment card or when setting up a card for agentic payment flows.
     #
     # @param agentic_card_enrollment_request 
     # @param [Hash] opts the optional parameters
@@ -32,7 +32,7 @@ module CyberSource
     end
 
     # Enroll a card
-    # Enroll a card for tokenization during the customer's account registration or when the customer starts a new purchase intent.
+    # Enroll a payment card for agentic or e-commerce transactions. This is typically the first step in the Intelligent Commerce payment lifecycle — the agent calls this endpoint to register a consumer's card, creating a tokenized reference that can be used in subsequent purchase instructions and payment credential retrieval. Requires device information, consumer identity, billing details, and payment instrument references. Returns a status of ACTIVE (HTTP 200) if enrollment completes immediately, or PENDING (HTTP 202) with pendingEvents if cardholder authentication is required. Call this endpoint when a consumer wants to add a new payment card or when setting up a card for agentic payment flows.
     # @param agentic_card_enrollment_request 
     # @param [Hash] opts the optional parameters
     # @return [Array<(AgenticCardEnrollmentResponse200, Fixnum, Hash)>] AgenticCardEnrollmentResponse200 data, response status code and response headers