Cybersource MLE/JWT Lab

Inspect, decode, and live-test Cybersource message-level encryption & JWT authentication — with every artifact shown.

Testing tool — sandbox credentials only. Never paste production keys or live card data. The live test calls Cybersource’s sandbox (apitest.cybersource.com) only. Inputs are processed in memory to answer your request and are never stored or logged.

Open a PKCS#12 (.p12) keystore and list its certificates — common name, the serialNumber that becomes the JWT kid, validity dates, and which cert is yours vs. Cybersource’s MLE cert.

Paste a compact JWT (3 segments) or JWE (5 segments). For a JWT, every Cybersource-required claim is checked. The signature is not verified — this is a decoder/validator.

Compute the SHA-256 base64 digest over the exact request body. This must equal the JWT digest claim. With request MLE on, hash the {"encryptedRequest":…} envelope (the bytes on the wire), not the plaintext.

Run a real sandbox tokenize call (POST /tms/v2/tokenize, request & response MLE on) using your sandbox keys, and see the full trace: the signed JWT, the request JWE header, the digest, request headers, and the raw vs. decrypted response. Powered by the open-source client library.

Request p12 Request p12 password Response p12 Response p12 password Merchant ID Client ID Use meta key Portfolio ID (meta key only) Language