Last Updated: 23 August 2024 | Change Log

Android SDK


Take payments and still qualify for SAQ-A - the lowest PCI compliance level - with our Android SDK.

Create your own uniquely styled and branded checkout form by integrating our SDK into your native app.

Read more about the Checkout SDK and the supported payment journeys here.

Note

Make yourself familiar with our API Principles to ensure a resilient integration.

Important

Please ensure you integrate the SDK as advised in our documentation or you might be subject to additional PCI Compliance and won't meet the SAQ-A Compliance level.

How does it work?

We are securing your customer's payment details by creating a session. You can then either apply the session directly in the Payments API or create a token for use with our modular APIs.

What is a session?

A session is a unique identifier for your customer's payment details, generated by the SDK.

Get our SDK

To get our SDK, include the Gradle, Maven or Local AAR library configuration below.

implementation 'com.worldpay.access:access-checkout-android:3.0.0'

Local AAR library

If you're using the Local AAR library to get the SDK, copy the library file into your app/libs folder. Then add the flatDir repo to the project level build.gradle using the code in the Local AAR library example above.

You must also add the example below to your app-level dependency list:

implementation (name:'access-checkout-android', ext:'aar')
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.21"

And here's a link to our Access Checkout Android SDK GitHub Repo

Additional Security Measures

Obfuscate your app code

We highly recommend that you shrink and obfuscate your app code to reduce your app size and also make it more difficult for anyone to reverse-engineer your code. To enable shrinking and code obfuscation, you can follow the guidance on the official Android Developer page.

Verify integrity of the SDK using Gradle

You can verify the integrity of the SDK with the Dependency Verification feature of Gradle.

Run the command below at the root of your Gradle project to generate the verification-metadata.xml file used by Gradle to verify dependencies.

This file, generated by Gradle, contains the checksums of all the libraries defined in your project, with every checksum retrieved from the same repository where Gradle retrieves a dependency from.

This file instructs Gradle to verify the checksums of each library defined in the file. It will fail your build if any library's checksum retrieved from the remote repository is different from the checksum computed by Gradle.

gradle --write-verification-metadata sha256

What to do next