Last Updated: 23 August 2024 | Change Log
Android SDK
Take payments with our certified PCI-SSF compliant Android SDK, and qualify for SAQ-A - the lowest PCI compliance level.
Create your own uniquely styled and branded checkout form by integrating our SDK into your native app.
Read more about the Checkout SDK and the supported payment journeys here.
Make yourself familiar with our API Principles to ensure a resilient integration.
Please ensure you integrate the SDK as advised in our documentation or you might be subject to additional PCI Compliance and won't meet the SAQ-A Compliance level.
How does it work?
We are securing your customer's payment details by creating a session. You can then either apply the session directly in the Payments API or create a token for use with our modular APIs.
What is a session?
A session
is a unique identifier for your customer's payment details, generated by the SDK.
Get our SDK
To get our SDK, include the Gradle, Maven or Local AAR library configuration below.
implementation 'com.worldpay.access:access-checkout-android:4.0.0'
Local AAR library
If you're using the Local AAR library to get the SDK, copy the library file into your <app>/libs
folder, where <app>
is the name of the base folder containing all your app files. Then add the flatDir
repository to the top-level build.gradle
using the code in the Local AAR library sample above.
You can then add the SDK's AAR file as a Gradle dependency to your app-level dependency list using the code below:
implementation (name:'access-checkout-android-4.0.0', ext:'aar')
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.21"
And here's a link to our Access Checkout Android SDK GitHub Repo
Additional Security Measures
Obfuscate your app code
We highly recommend that you shrink and obfuscate your app code to reduce your app size and also make it more difficult for anyone to reverse-engineer your code. To enable shrinking and code obfuscation, you can follow the guidance on the official Android Developer page.
Verify integrity of the SDK using Gradle
You can verify the integrity of the SDK with the Dependency Verification feature of Gradle.
Run the command below at the root of your Gradle project to generate in the gradle
directory a verification-metadata.xml
file which is used by Gradle to verify dependencies.
./gradlew --write-verification-metadata sha256
# Alternatively you can run the same command to generate hashes using sha512
./gradlew --write-verification-metadata sha512
This file contains a checksum for every library defined in your project, with every checksum generated by Gradle by default.
It instructs Gradle to verify the integrity of all libraries using the checksums defined in the file. During the build
phase, it will calculate a new checksum for each library and if it doesn't match the checksum defined in the file, the build will fail.
For this reason, you must manually verify that the checksums populated in verification-metadata.xml
for access-checkout-android-4.0.0.aar
and access-checkout-android-4.0.0.module
match the checksums that we have published our library with:
# sha256
access-checkout-android-4.0.0.aar: db2bae2abcdbb19e461993247165bc6eaa062970944f9ed1e4603b94a0792a64
access-checkout-android-4.0.0.module: 3b4d33a79ed6fd0d3a2dd9cee5a5d9aa0e41c88494aefda22f878c52bc6ef3eb
# sha512
access-checkout-android-4.0.0.aar: 00e5b1173caf8c73b48c1f9f636c26cdd24fa0531c965fc3d42f6620c8e9b535c683bcba1b486385bfcbd1b9fbdbc017412a98a5af0c0ecf89b1ef0b76b46658
access-checkout-android-4.0.0.module: 74c7812be47e5fd0a02aa0088af208a2dacd0c714c41c8684307a12564e6e71a3a800704c68574154f779d3e16a13dff5980f15e78f1476bf0907d506f1657bb
What to do next
Create a session to pay with a card
- Submit card details to create a
session
- Apply the session in the payment request
Create a session for CVC only and pay with a stored token
- Submit the CVC to create a session
- Apply the
sessions.cvc
and stored token in the payment request