No momento, esta página não está disponível em português
Default icon

Merchant integration guidance

Guidance and recommendations on how to implement the Adyen mobile payments SDK.

To help merchants integrate our iOS mobile payments SDK in a secure manner, we inform them of our requirements and provide instructions in our external developer documentation.

SDK integration

The merchant's application must meet the following requirements:

  • The Tap to Pay solution must have a User Guidance document defining how to use the mobile acceptance client application in a secure manner, including secure installation, update, version control, and default settings.
  • The mobile acceptance client application must only be installed and updated through either the official Operating System (OS) of the mobile device, or the Original Manufacturer Equipment (OEM) stores.
  • The mobile acceptance client application must only use an SDK with a version that is approved by Visa.
  • The mobile acceptance client application must integrate an approved SDK in accordance with the SDK Integration Guidance document and not bypass, re-implement, or override exposed API and security functions.

On our external developer documentation site, we provide guidance on how to integrate the SDK in the merchant's app.

Recommendations for integrators

To ensure the security of the solution, we recommend that merchants follow the Adyen Integration security guide.

In addition, we recommend that merchants follow security best practices in their implementation of the SDK:

  • Keep their API key secret and saved securely in their server.
  • Never make requests to Adyen APIs directly from the app that is installed on the mobile device.
  • Establish a secure, mutually authenticated, connection between their app and their server for relevant network calls. This should prevent bad actors from modifying transaction requests sent from the server to the app.
  • Implement user authentication in their app, such as a login feature, to ensure only trusted users can operate the app.
  • Update the SDK to the latest version as soon as possible.
  • Keep the SDK files secure: only get SDK files directly from trusted Adyen sources; when possible, validate the integrity of the SDK files; do not share SDK files with third parties.
  • Keep the operating system on their mobile device updated to the latest version and the latest security patch.

Personalization

The SDK offers personalization options that can be passed as UI parameters in the merchant's app:

  • Logo: a merchant logo to show on the mobile device during the transaction flow.
  • Success screen delay: how long the SDK shows the screen that indicates the transaction succeeded.

Release notes

We inform merchants about important changes in the mobile payments solution through release notes. The release notes are published on our public documentation site .

The changes discussed in the release notes include breaking changes, deprecated items, new and improved features, as well as fixes and known issues.

Card reader user guide

Our public documentation site includes guidance for end users such as store staff on topics like:

  • Inspecting the card reader to verify it hasn't been tampered with
  • Pairing the reader with a smart phone or other mobile device
  • Making payments
  • Updating the firmware
  • Troubleshooting

Refer to NYC1 card reader user guide.