“Internal Server Error” Response in CyberSource API

The cause may be passing Host header in the request incorrectly

When making API requests to CyberSource, if you receive the following response, this may be a fix

The error

{"response":{"msg":"Internal Server Error"}}

This is a generic error with no clear details, making it difficult to debug. However, one common cause is an issue with the Host header in the request.

Check Your Host Header Formatting

If your API request uses the exact CyberSource gateway URL as the Host header, check that “https://” is removed when adding the host name for the header.

It’s easy to make this mistake, especially if:

  • You’re reusing an environment variable that includes the full API URL.
  • You’re passing the full URL instead of just the domain when constructing the headers.
  • You assume the gateway URL and Host should match exactly—which is normally correct, but CyberSource requires a slight adjustment.
Accept: application/hal+json;charset=utf-8 
Content-Type: application/json;charset=utf-8
v-c-merchant-id: nabsandboxdemo0200238001 
Date: Thu, 13 Feb 2025 5:28:06 GMT 
Host: apitest.cybersource.com 
Signature: keyid="65423423-a137-40ad-80aa-8374f1499a07", algorithm="HmacSHA256", headers="host date request-target digest v-c-merchant-id", signature="..."

Don’t pass in
Host: https://apitest.cybersource.com

Why This Happens

The CyberSource API expects the Host header to be just the domain.

How to Fix It

1. Ensure Host is Set Correctly

Check where the headers are generated and remove “https://” if necessary.

If using an environment variable, it might include the full URL (https://apitest.cybersource.com). In this case, parse only the domain before adding it to the headers.

2. Extract the Domain for the Host Header

If your API code dynamically sets the Host, update it to extract only the domain.

Instead of:

$gatewayUrl = env('CYBERSOURCE_API_URL'); // Full URL from .env
$host = $gatewayUrl; // ❌ Wrong: Includes "https://"

use

$host = parse_url($gatewayUrl, PHP_URL_HOST); // ✅ Correct: Extracts only the domain

Example Fix in Signature Generation

If you’re generating headers manually, update the Host assignment:

Incorrect Header Setup

$signatureString = "host: {$gatewayUrl}\n";

Correct Header Setup

$host = parse_url($gatewayUrl, PHP_URL_HOST);
$signatureString = "host: {$host}\n";

Key Takeaway

If you’re getting “Internal Server Error”, check that your Host header only contains the domain name and does not include “https://”.

This is a small but critical nuance, especially when using dynamic variables, as the gateway URL and host are often the same—but they can’t be identical in this case.

0 0 votes
Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x