developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Sandbox tokenization returning 403 Forbidden using Node.js SDK

Hi, I’m working on integrating CyberSource in sandbox with the Node.js SDK and I’m consistently getting a 403 Forbidden response when attempting to create a payment token.

Basic setup:

  • Sandbox environment

  • Node.js REST SDK

  • Tokenization endpoint per docs

I’ve verified credentials, merchant ID, and environment configuration. No useful error body is returned, so debugging is difficult.

Questions:

  1. Is this a known issue with the sandbox environment?

  2. Are there additional headers or configuration steps required for tokenization?

  3. Any working Node.js example would be very helpful.

Thanks.

1 person had this problem.
samAndrew
Member

‎12-07-2025 05:31 AM

0 Kudos
3 REPLIES 3

I hit the same 403 problem a while back and it drove me nuts because the sandbox gives you zero useful error info. What finally fixed it was checking the boring setup details instead of the code.

For me the sandbox only accepts Flex keys for tokenization. I was sending requests with my normal API keys and the sandbox just kept throwing 403 with no hint why. The other thing that tripped me up was the merchant ID not matching the key file I downloaded. CyberSource will not warn you about that, it just blocks the request. Also make sure the host is exactly apitest.cybersource.com and don’t add any extra headers because the sandbox silently rejects them.

Once I regenerated the Flex key pair and cleaned my config, the token call worked instantly. If you want to confirm fast, run the curl example from their docs. If curl succeeds, the issue is somewhere in the Node setup, not the sandbox.

zackkev
New Member

‎12-08-2025 03:09 AM

0 Kudos

A 403 in the sandbox usually means a problem with credentials or setup. Double-check your API keys, merchant ID, and environment configuration. Make sure all required headers are included. Sandbox accounts sometimes block requests if they’re not fully activated. Using the Node.js examples from CyberSource can help confirm your setup.

 
 
 
aurden_amily
Member

‎12-09-2025 11:43 AM

0 Kudos

It's always a good idea to double-check the documentation for any additional configuration steps specific to tokenization. If possible, sharing a working Node.js example could really help clarify the process and ensure smoother integration.

diegolopez
Member

‎12-10-2025 02:28 AM

0 Kudos
Copyright © 2025 Khoros, LLC