CyberSource - SOAP toolkit API (via X-Payments Cloud)
Written by Anna Verbichenko
Updated this week

Stores connected to X-Payments Cloud can be configured to use payment processing via CyberSource - SOAP toolkit API.

Features of CyberSource - SOAP toolkit API




Supports transactions of 'Sale' type (Authorization and capture actions are completed simultaneously at the time of payment processing)



Supports transactions of 'Auth' type (An authorization hold is placed on the amount approved by the buyer to ensure the availability of funds for capture)



Allows capturing the previously authorized amount (The authorized amount is moved from the buyer's account to the account of the merchant)


(Partial transactions supported)


Allows removing an authorization hold from the buyer's account by the merchant



Allows issuing refunds (The money is returned to the buyer's account)


(Partial and multiple transactions supported)

Get Status

Can provide information about the status of a transaction to X-Payments Cloud


Get Card

Can provide new/updated information about a saved credit card. For example, if a credit card gets re-issued, it is possible to get the renewed expiration date. If any other information changes, like the credit card number or the billing address, it is possible to access this updated credit card information as well.



Allows accepting transactions with a higher likelihood of risk



Allows rejecting transactions with a higher likelihood of risk



Can test whether the merchant account details entered in X-Payments Cloud are valid


3D-Secure via
Cardinal Commerce

Supports 3-D Secure payer authentication via Cardinal Commerce. Best for PSD 2 in the European Union.



Supports tokenization (Allows billing a customer's credit card again - without X-Payments Cloud storing cardholder data).


Account Updater

Supports Account Updater service


Apple Pay

Supports Apple Pay


Google Pay

Supports Google Pay


Other payment methods supported by X-Payments Cloud are listed in the section X-Payments Cloud: Supported Payment Methods.

Configure CyberSource - SOAP toolkit API


  • You need to have an account with CyberSource.

  • You need to have an account with X-Payments Cloud.

  • Your X-Cart store needs to be connected to your X-Payments Cloud account. The connection can be made using the X-Payments Cloud connector add-on. Detailed information on setting up the connection is available here. Getting Started info for X-Payments Cloud is available here.

To be able to use CyberSource - SOAP toolkit API with X-Payments Cloud, complete the following steps:

  1. Click Settings > Payment processing to go to the Payment processing page.

  2. From the 'New configuration' drop-down box, select "CyberSource - SOAP toolkit API" and click Add.

  3. The payment configuration page opens.

  4. Complete the fields on this page:

    • Name: Enter the name of your CyberSource configuration.

    • Merchant ID: Enter the Merchant ID you received from your CyberSource account.

    • Security key: Copy and paste your security key (The key for production can be generated in the CyberSource Business Center; for testing purposes, you will need to use Test Login. Instructions for security key generation are available here: )

    • Test/Live mode: Specify whether you are going to run transactions in Test or Live mode.

    • Initial transaction: Choose Auth or Auth and capture.

    • Payment tokenization: Specify how you want tokenization to be handled.

    • Use built-in 3-D Secure: Specify whether you want to use the built-in 3-D Secure feature by CyberSource (Make sure your CyberSource account supports this feature before enabling it in X-Payments Cloud.)

    • Order prefix: Your trading name or any other prefix that will help you to identify a payment transaction as originating from this store.

    • Accept currencies: The currencies that you want to be used for payments via this method.

    • Credit card types: Credit card types you are going to accept.

    • Cancel not captured Enable the checkbox option "Void not captured "auth only" payments in 30 days automatically" to ensure that the hold on the funds for which an authorization has been obtained is lifted automatically no later than 30 days after the payment if capture of the funds has not been performed.

  5. Click Save.

Did this answer your question?