How to Integrate CyberSource Payment Gateway in Laravel 11/12 – Secure API Payment Example

💡 Introduction

If you're developing an e-commerce solution using Laravel and looking for a reliable and secure payment gateway, CyberSource is a robust option. In this guide, you'll learn how to integrate CyberSource payment gateway with Laravel using their REST API. We’ll cover secure signature generation, cURL implementation, and handling API responses.

🧰 Prerequisites

Before you begin, ensure you have the following:

• Laravel 9 or 10 installed

• CyberSource Test Account

• API Key and Secret Key

• PHP cURL enabled

🚀 Step-by-Step Laravel Integration with CyberSource

🧱 1. Set Up the Controller

Create a controller (e.g., PaymentController) to handle your CyberSource logic:

php artisan make:controller PaymentController

✅ Step 2: Prepare the Payment Request

We define an array containing paymentInformation, orderInformation, and clientReferenceInformation. This data structure is required by the CyberSource Payments API.

$requestData = [
    "clientReferenceInformation" => [
        "code" => "TC50171_3" . time(),
    ],
    "paymentInformation" => [
        "card" => [
            "number" => '4111111111111111',
            "expirationMonth" => '12',
            "expirationYear" => '2031',
        ],
    ],
    "orderInformation" => [
        "amountDetails" => [
            "totalAmount" => '100.01',
            "currency" => "USD",
        ],
        "billTo" => [
            "firstName" => 'John',
            "lastName" => "Doe",
            "address1" => "1 Market St",
            "locality" => "San Francisco",
            "administrativeArea" => "CA",
            "postalCode" => "94105",
            "country" => "US",
            "email" => time() . '@gmail.com',
            "phoneNumber" => "4158880000",
        ],
    ],
];

🔐 Step 3: Create the Security Signature

CyberSource requires a signature header to authenticate your request. We use HMAC SHA-256 to sign the request.

$vCDate = gmdate('D, d M Y H:i:s T');
$digest = 'SHA-256=' . base64_encode(hash('sha256', json_encode($requestData), true));

$signatureString = "host: apitest.cybersource.com\n" .
                   "date: $vCDate\n" .
                   "request-target: post /pts/v2/payments\n" .
                   "digest: $digest\n" .
                   "v-c-merchant-id: $merchantID";

$decodeKey = base64_decode($secretKey);
$signature = base64_encode(hash_hmac('sha256', $signatureString, $decodeKey, true));

📡 Step 4: Send the API Request with cURL

With headers and payload ready, send a POST request to CyberSource using PHP cURL.

$headers = [
    'host: apitest.cybersource.com',
    'date: ' . $vCDate,
    'digest: ' . $digest,
    'v-c-merchant-id: ' . $merchantID,
    'signature: keyid="' . $apiKey . '", algorithm="HmacSHA256", headers="host date request-target digest v-c-merchant-id", signature="' . $signature . '"',
    'Content-Type: application/json',
];

$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => 'https://apitest.cybersource.com/pts/v2/payments',
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_POSTFIELDS => json_encode($requestData),
    CURLOPT_RETURNTRANSFER => true,
]);

$response = curl_exec($ch);
curl_close($ch);

$responseData = json_decode($response, true);
dd($responseData); // Debug response

🗝️ 3. Add API Credentials to .env (optional)

Open your .env file and add the following:

CYBERSOURCE_API_KEY=*********************
CYBERSOURCE_MERCHANT_ID=******************************************
CYBERSOURCE_SECRET_KEY=***************************************************************

🔗 4. Create a Route

In routes/web.php or routes/api.php:

use App\Http\Controllers\PaymentController;

Route::post('/make-payment', [PaymentController::class, 'makePayment']);

🧪 5. Test the API

You can test the endpoint using Postman or any frontend form hitting /make-payment with a POST request. Use CyberSource's test card:

Card Number: 4111 1111 1111 1111  
Exp: 12/31  
CVV: any 3 digits

🛡 Best Practices

• Always validate input on real production usage.

• Store logs for success and failure transactions.

• Move sensitive logic into service classes for clean architecture.

• For real card data, always redirect to CyberSource’s Secure Checkout or tokenize it properly.

📌 Final Words

This setup works for Laravel 11 and Laravel 12. Laravel 12 doesn’t change much in how controllers, routes, or .env variables work, so this integration is fully compatible with both versions.

📌 Conclusion

Integrating CyberSource with Laravel is a secure and scalable way to process online payments. Whether you’re building a custom eCommerce platform or integrating with existing systems, following this guide ensures a robust and secure setup.

If you found this guide helpful, feel free to share or bookmark it for later. You can also explore more Laravel integrations for other payment gateways like Stripe, PayPal, and Square.