This log details any breaking and non-breaking API changes we have released for our Checkout Android SDK. There is also a section included outlining upgrade notes between major versions of the SDK.
Make yourself familiar with our API Principles to ensure a resilient integration.
PCI-SSF compliance
The Checkout Android SDK has gone through a thorough assessment against the PCI-SSF standard and is now certified PCI-SSF compliant. This will help you reduce the scope of your own PCI assessments.
- The minimum Android version supported by the SDK for the purpose of providing a PCI-SSF compliant solution is Android 12
- Although the SDK supports Android 8 to 11 it is not PCI-SSF compliant for these versions. This is because Google has stopped supporting/delivering security fixes for these versions.
- Support for using
EditText.AccessCheckoutEditTextmust be used instead. This component is dedicated to capturing and encapsulating your customer's card details to minimize your exposure to PCI Data - Support for passing card details directly to create an instance of
CardDetails - Support for using
merchantId()inAccessCheckoutClientBuilderto pass your Checkout ID. This is replaced bycheckoutId().
The Access Checkout Android SDK license is now a proprietary license (previously open source). This is for the purpose of protecting you against a risk of breaking changes in case where the Worldpay APIs, consumed by the SDK, are to change in the future.
PCI and Payments API support
The SDK now returns a card session URL in the form of https://access.worldpay.com/sessions/.... Previously, the card session URL looked like this: https://access.worldpay.com/verifiedTokens/sessions/... .
The format of the new card session URL supports our new upcoming Payments API, whilst also remaining compatible with our Verified Tokens API.
- We have added a new UI Component (
AccessCheckoutEditText) dedicated to capturing and encapsulating your customer's card details to minimize your exposure to PCI Data.
At a high level, you now pass references of instances of this UI component to our SDK. The SDK ensures you don't have to manipulate card details directly. This allows your application to be assessed against the PCI SAQ-A standard.
- Support for using
EditText(planned removal in version 4) - Support for directly passing card details to create an instance of
CardDetails(planned removal in version 4) - Support for using
merchantId()inAccessCheckoutClientBuilderto pass your Checkout ID is deprecated and replaced bycheckoutId()(planned removal ofmerchantId()in version 4)
- The minimum version supported is
API Level 26
Simplified integration
Version 2 has a simplified integration and caters for CVC session creation for our Android and iOS SDK.
More details
We have added support for:
autofillHints- allowing for credit card information to be auto-filledonFocusevents - allowing the UI to benefit from dynamic customization
Additionally, we have implemented a fix to ensure the SDK provides appropriate AccessCheckoutExceptions instead of IllegalArgumentExceptions.
More details
PAN formatting allows you to format the card in your checkout form as the customer types.
More details
The card brand configuration allows you to restrict the cards that you accept on your checkout form.
More details
We have increased the lifespan of the CVC session from one minute to 15 minutes.