CyberSource Toolkit for i Changelog

The current version of CyberSource Toolkit for i is 3.6.1, and was released June 17, 2021.


Upgrading to this release will require recompilation of all programs that use CTI subprocedures.
  • Increased lengths of all request and subscription ID fields to 48 to accomodate longer tokens used in some circumstances.
  • Enhanced performance for internal licensing code


  • Added support for CyberSource PayPal AltPay operations. This includes adding new database files CTIWSAHDR and CTIWSARSP.
  • Added new example programs to demonstrate CyberSource PayPal AltPay Operations:
    • T_APATH
    • T_APBAG
    • T_APCAP
    • T_APCNL
    • T_APORD
    • T_APREF
    • T_APREV
    • T_APSAL
    • T_APSSN
    • T_APSTS
  • Added new TIMEOUT field to CTICFGENV - this allows setting a configurable SSL Socket timeout value which has improved communication reliability in specific circumstances for some customers. Valid values are *DEFAULT, or a numeric value indicating the number of seconds a timeout should last. When upgrading, you should first rename your existing CTICFGENV file, and then copy data into the new CTICFGENV file restored as part of the upgrade using CPYF with the FMTOPT(*MAP *DROP) option specified.
  • Added support for Credential-On-File (COF) transactions as well as Merchant-Initiated Transactions (MIT) to accomodate new mandates from Mastercard and Discover. Fields added:
      • SSAUTH
      • SSAFST
      • SSARSN
      • SSATRNID
  • Added support for the Purchase Authorization Return (PRA) mandate from Visa, Mastercard, and Discover. Fields added:
      • CRDATHCD
  • Modifed all existing example programs to better demonstrate unique ID usage and add output to job log.
  • Corrected issue where logging output would occasionally be written to the download directory.


  • Corrected issue which prevented CTI_Run() from writing a record to CTIWSRSP when missingField or invalidField errors were returned.
  • Corrected issue where logfiles could contain data from multiple transactions with LOGALL set to *NO.


  • Updated the pDownloadReportDS and pQueryTransactionDS data structure parameters used with CTI_DownloadReport() and CTI_QueryTransaction() to no longer be Const.
  • CTI_DownloadReport() and CTI_QueryTransaction() now update the Filepath data structure subfield to reflect the full IFS filepath the report was written to.
  • Updated the included CTICBFIXED copybook to reflect the reporting API changes that were made in 3.5.0
  • Corrected issue which prevented the reporting APIs from generating error logs in some situations even with CTICFGMCH LOGALL set to *YES.
  • Corrected issue where some multi-byte characters were not being properly preserved in report files downloaded by CTI_DownloadReport().
  • Updated report parsing behavior so that child record unique IDs are reset per request instead of per report based on customer feedback.


  • This major release adds support for the new REST reporting APIs, which are replacing the legacy reporting servlets that were previously implemented in CTI. Any programs that were using the reporting subprocedures will need to be rewritten to use the new APIs outlined below.
    • Removed deprecated reporting servlet subprocedures:
      • CTI_RunPayBatchDetailReport()
      • CTI_RunPaySubmissionDetailReport()
      • CTI_RunSingleTransQuery()
      • CTI_RunTransExpDetailReport()
    • New report download subprocedures:
      • CTI_DownloadReport()
      • CTI_QueryTransaction()
    • New reporting parsing subprocedures:
      • CTI_ParseBatchDetailReport()
      • CTI_ParseExceptionDetailReport()
      • CTI_ParseTransactionQuery()
    • New command:
  • New reporting configuration file - CTICFGRPT
  • The following fields have been removed from CTICFGMCH:
    • RPTENV
  • The following fields must be updated in CTICFGENV:
  • The following legacy reporting physical files are no longer needed. These files will not be automatically cleared or removed.


  • Added support for expanded merchant-defined data fields
    • New table: CTIWSMDD


  • Increased size of Apple Pay encrypted data field, CTIWSHDR.EPDTA, to 8192
  • Updated some example programs to better demonstrate using request IDs from prior transactions
  • Corrected issue preventing reporting APIs from correctly generating log files


  • Added support for Apple Pay transactions


  • Added support for PayPal operations:
    • payPalEcOrderSetupService
    • payPalAuthorizationService
    • payPalDoRefTransactionService
    • payPalRefundService
    • payPalCreateAgreementService
    • payPalAuthReversalService
    • payPalDoCaptureService
    • payPalUpdateAgreementService
  • Added support for Visa Checkout authorization operations
    • Two fields were added to CTIWSHDR:
      • PMTSOLN


  • Added support for e-check operations:
    • ecAuthenticateService
    • ecCreditService
    • ecDebitService
  • Starting with this release, example code and copybook are provided in free format.


  • Incrementing internal CyberSource API version to 1.140


  • Fixed issue with duplicate fields being written in some requests.
  • Fixed parsing of new response fields.


  • Fields added to CTIWSHDR to allow processing for multiple captures against a single authorization.
  • Additional paySubscriptionRetrieveReply fields added to CTIWSRSP.
  • Added field to CTIWSRSP for level 3 eligibility.


  • Upgrading to this version will require recompiling.
  • Additional fields added to CTIWSHDR to accomodate upcoming MasterCard capability to specify preauthorization types.
  • CTI_RunPayBatchDetailReport(), CTI_RunPaySubmissionDetailReport(), CTI_RunSingleTransQuery(), and CTI_RunTransExpDetailReport() have been added to reimplement the ability to pull reports from the legacy CyberSource system. These APIs may stop working at a future date due to CyberSource changes.


  • Upgrading to this version will require recompiling.
  • CYBCFG configuration file has been replaced by CTICFGMCH for merchant-level configuration and CTICFGENV for environment-level configuration.
  • The reporting APIs have been deprecated and replaced with CTI_DownloadReport() and CTI_ProcessReport() to handle the CyberSource transition to the new reporting infrastructure.
  • Cyb_run() has been replaced with CTI_Run().
  • CYBHDR, CYBITM, and CYBRSP have been replaced with CTIWSHDR, CTIWSITM, and CTIWSRSP respectively.
  • Cyb_nxtUnqId() has been replaced with CTI_NextUniqueID()
  • Log files will now always be generated when errors occur.
  • It is no longer possible to disable the obfuscation of credit card numbers and other sensitive information in log files.


  • Resolved issues with log files not being properly generated in some scenarios.


  • Upgrading to this version will require recompiling.
  • This name of this product is now CyberSource Toolkit for i. As a result of this name change, the default install library name is now CTI.
  • The service program KCYBSV is now CTISV. The message file KCYBMSGF is now CTIMSGF.
  • Other objects including the physical files, data area, and binding directory have not been renamed to minimize the impact of upgrading.
  • The default value for the CYBCFG configuration option LOG_DIR is now /ktprod/cti/logs.
  • The default value for the CYBCFG configuration option TRANS_DIR is now /ktprod/cti/trans.
  • The CYBCFG configuration option FULL_LOG is no longer present by default. To remove sensitive data obfuscation, the configuration option must be manually added to CYBCFG with a value of Y. This is not recommended for production use as the unobfuscated data will include credit card numbers.
  • A new copybook member named CTICP can be found in source physical file QRPGLECPY. This is interchangeable with KCYBCP to preserve backwards compatibility. For any new development, we recommend using the CTICP copybook as we cannot guarantee the old KCYBCP copybook will not be removed in a future release.


  • Upgrading to this version will require recompiling.
  • Cyb_Error error data structure was changed to add new subfield source. This subfield attempts to provide information regarding where the source of a specific error is - whether it's internal to the product, an error returned from CyberSource, or a problem with your network.
  • To go along with the change to Cyb_Error to add subfield source, the following constants were added:
  • Many new fields were added to CYBHDR and CYBITM to allow data to be passed for Level II and Level III processing.
  • Previously, a template file resided in the path outlined by CYBCFG configuration value TPL_PATH and was used internally to generate XML. This template file is no longer required - it can be safely removed, and the configuration value TPL_PATH can be deleted from CYBCFG.


  • Fixed defect reported in 1.82 with Cyb_run() not transmitting data in all circumstances.
  • Updated example programs to properly remove CYBERR and bring them in line with current best practices for error handling.
  • Fixed defect reported in 1.82 with Cyb_run() not transmitting data in all circumstances.
  • Fixed defect with error codes not being properly reported in Cyb_Error data structure in all circumstances.


  • Removed reliance on IFS template.


  • Fixed issue with XML generation for businessRules elements.


  • Fixes to logging:
    • FULL_LOG CYBCFG value implemented. If N (or by default), sensitive data is masked in log files. If Y, it will be visible. Note that leaving this option set to Y is not recommended on PRODUCTION as it is a PCI risk.
    • Misc issues resolved with file permissions being created.
  • Changes to CYBHDR and CYBRSP per customer requests to better accomodate PayPal processing and level 2 data.


  • Fixed issue with CYBRSP not being populated in all circumstances.


  • Minimum operating system supported is now v6.1
  • Logging overhaul:
    • To enable logging, set DEBUG to Y in CYBCFG.
    • All log files are now stored in the IFS in the directory specified in CYBCFG's LOG_DIR.
    • Log files are uniquely identified by the transaction ID/PID passed into Cyb_run() or the reporting APIs.
    • If logging is left on while running Production/Live transactions, sensitive data will be hidden in the resulting log files.
    • DB2 files CYBERR and CYBLOG have been removed.
    • All APIs now return an indicator value which can be checked to determine if an error occurred during the transaction. *ON means that the API completed successfull, *OFF means it failed.
    • The error which caused an API to fail will be returned in the error data structure passed in as a parameter.
    • The TRANS_DIR value is only used for reporting APIs.
  • Cyb_log() is still included in the copybook for backwards-compatibility purposes, but it is not intended to be used and may be removed in a future release.
  • Many fields in the APIs were changed to Const from Value to reduce memory usage.
  • Additional examples added to EXAMPLE source physical file - T_ATHSWIPE and T_ATHKEYED.
  • DSPMCHINFD renamed to DSPLICD.


  • Point-of-sale (POS) added
    • Fields have been added to CYBHDR and CYBRSP to support point-of-sale transactions.
    • A new data structure has been added, Cyb_PosDS_t to store POS data in memory.
    • An additional optional parameter has been added to Cyb_run() to accept a Cyb_PosDS_t
  • QRPGLESRC renamed to EXAMPLE
  • Licensing updated
    • Additional licensing library KTLIC eliminated.
    • Objects stored in KTLIC have been moved into main KCYB library.
    • APYKTILIC renamed APYLIC.
    • DSPKTILIC renamed DSPLIC.


  • Subscriptions/tokenization added
    • Fields have been added to CYBHDR and CYBRSP to support subscriptions and tokenization.
    • Additional examples added to QRPGLESRC - T_SUBCRT, T_SUBUPD, T_SUBRTV, T_SUBDLT


  • Initial RPG-only release