developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Best Practice for Rotating API Keys in Sandbox and Production

Hi everyone,

I’m looking for guidance on API key rotation in CyberSource. Is there a recommended best practice for rotating keys in both sandbox and production environments, without causing service interruption?

Specifically:

  • Can multipleo active API keys be used during a transition period?

  • Is there a safe way to test new keys in sandbox before promoting changes to production?

  • Are there any timing or propagation delays to be aware of after. generating or revoking keys?

Any advice or real-world experience would be helpful. Thank you.

emmamiaaaaa
Member

‎12-18-2025 05:28 AM

2 REPLIES 2

Use multiple active API keys during transition to avoid downtime. Test new keys in sandbox before production. Allow for propagation delays after generating or revoking keys. Remove old keys once new ones work.

Elio
Contributor

‎12-19-2025 02:57 AM

0 Kudos

I’ve rotated CyberSource keys a few times without downtime. Yes, you can keep multiple API keys active during a transition. Create the new key, deploy it alongside the old one, and switch traffic once it’s confirmed working.

Always validate new keys in sandbox first using the same configuration as production. There’s no meaningful propagation delay, but I still allow a short overlap window before revoking the old key. Once production calls succeed consistently, disable the previous key.

Minato2d
New Member

‎12-21-2025 11:08 PM

0 Kudos
Copyright © 2025 Khoros, LLC